The U.S. National Security Agency (NSA) is creating a new Cybersecurity Directorate to reinvigorate the cybersecurity element of its work.
Details were announced by NSA Director General Paul Nakasone at the International Conference on Cyber Security at Fordham University, New York on Tuesday, with a brief FAQ also published on the NSA website.
The purpose, says the NSA, is to “reinvigorate our white hat mission opening the door to partners and customers on a wide variety of cybersecurity efforts. It will also build on our past successes such as Russia Small Group to operationalize our threat intelligence, vulnerability assessments, and cyber defense expertise to defeat our adversaries in cyberspace.”
The directorate will be headed by Ms. Anne Neuberger, the Director of Cybersecurity, and current lead of the Russia Small Group. This group is tasked with countering Russian meddling in U.S. elections. It is now known internally as the ‘Elections Security Group’ following expansion of the role to include activity involving China, Iran, North Korea and terrorist groups. It is not currently known who will replace Neuberger at the Russia Small Group.
The new Cybersecurity Directorate is deemed necessary because, said Nakasone at the conference, “Over the past couple years, as we did a number of different reorganizations, one of the things I think we lost was that emphasis on cybersecurity.”
In some ways, the new directorate within the NSA is similar to the UK’s National Cyber Security Center (NCSC) within GCHQ. Both the NSA and GCHQ are their nations’ signals intelligence agencies, gathering foreign intelligence and where necessary becoming involved in cyber actions against foreign actors.
Neuberger told The Wall Street Journal that the new directorate will use signals intelligence from the NSA’s expanded foreign intelligence activities, and would use that intelligence to focus on protecting national security networks and the defense industrial base. Gen. Nakasone’s “core vision,” said Neuberger, “is operationalizing intelligence to secure the country.”
It makes sense to have subordinate departments able to make use of the cyber intelligence and information gathered through signals intelligence to help protect domestic industry. This is the purpose of both the NSA’s Cybersecurity Directorate and GCHQ’s NCSC. The biggest potential for conflict within such arrangements comes with the respective zero-day equities process, where each agency decides whether to keep or disclose a zero-day vulnerability. The potential for conflict exists if the domestic cybersecurity group believes a vulnerability should be disclosed for the national good, but the primary agency wishes to add the vulnerability to its stockpile of ‘weapons’ for possible use against foreign adversaries. Noticeably, both the head of the NCSC (Ciaran Martin) and the head of the Cybersecurity Directorate also sit on the board of their respective ‘parent’ organizations.
An NSA spokesperson told CyberScoop that one of the Directorate’s early jobs will be to update its section of the NSA website to become a one-stop-shop for new vulnerability information. It will include the NSA’s own research, such as its open source Ghidra malware reverse engineering tool, together with new threat warnings such as June’s BlueKeep warning.
“This new approach to cybersecurity,” says the NSA, “will better position NSA to collaborate with key partners across the U.S. government like U.S. Cyber Command, Department of Homeland Security, and Federal Bureau of Investigation. It will also enable us to better share information with our customers so they are equipped to defend against malicious cyber activity.”
“NSA will establish a Cybersecurity Directorate that redefines its cybersecurity mission,” says Nakasone. “What I’m trying to get to in a space like cyberspace is speed, agility, and unity of effort.”
Ms Neuberger was the NSA’s first Chief Risk Officer in a position created following the Snowden leaks on NSA domestic and international surveillance programs in 2013. She was involved with the creation of Cyber Command in 2009, which achieved operational capability in late 2010. President Trump pulled Cyber Command out of the overview of the NSA by elevating it to a Unified Combatant Command in August 2017.