IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

NSA Reorganizes, Combines Cyberdefense and Offensive Hacking

The changes at the nation's most prominent intelligence-gathering outfit reflect more than a decade spent rethinking how the United States gathers intelligence.

(TNS) -- The National Security Agency is about to launch its most ambitious reorganization in years, bringing together teams charged with gathering intelligence around the world with those tasked with defending U.S. secrets.

The plan, which the agency calls NSA21, is expected to be detailed publicly next week. A congressman who has been briefed and a former intelligence official described the outlines to The Baltimore Sun.

The new organization is to be called the Directorate of Operations. Combining the agency's offensive and defensive missions — formally called signals intelligence and information assurance — is designed to boost capabilities on both sides, pulling together information to supercharge eavesdropping efforts while helping to fend off hackers.

The plans already are drawing concern from privacy activists, who say documents leaked by former contractor Edward Snowden showed that attack routinely took priority over defense even under the old arrangement, potentially leaving Internet users vulnerable as the NSA leaves security flaws open so it can keep harvesting information.

The NSA, which is headquartered at Fort Meade, did not respond to questions about its plans. During a speech at the Atlantic Council last month, agency director Adm. Michael S. Rogers said the reorganization revamp focus on integrating the agency's two roles.

"This traditional approach where we created these two amazing cylinders of excellence and then we built walls of granite between them really is not the way to do business," he said. "Every day when we're dealing with problems it's about our ability to bring together those two missions."

Currently, Rogers said, bringing the two sides together often requires his involvement. He wants the interactions to happen at much lower levels in the sprawling agency.

The reorganization follows a similar effort at the CIA that began last year.

The changes at the nation's most prominent intelligence-gathering outfits reflect more than a decade spent rethinking how the United States gathers intelligence, driven by the failure to foil the attacks of Sept. 11, 2001, and the incorrect conclusion that Iraq's government possessed weapons of mass destruction.

But while previous changes — such as the creation of the Director of National Intelligence, an official tasked with coordinating between the nation's spying agencies — were tied to particular failures, analysts said the moves at the CIA and NSA are being driven by longterm trends in politics and technology.

Rep. C. A. Dutch Ruppersberger, a former member of the House intelligence committee who was briefed recently by NSA officials, said the plan makes sense at a time when the government's computers are under unprecedented assault from foreign governments.

"Instead of the stovepipe, they're going to learn more on both sides," the Baltimore County Democrat said. "We have to keep ahead of the game, especially when you're dealing with Russia and China."

But the reorganization will likely prove controversial. A group of experts convened by President Barack Obama recently recommended splitting the two functions, rather than bringing them closer together. They warned of conflicts of interest between the missions, because keeping computer networks safe now relies on both military and civilian systems.

"These changes create a greater tension between offense and defense," they wrote in 2013. "There is no secret way for the defenders to patch their systems. Those charged with offensive responsibilities still seek to collect SIGINT [signals intelligence] or carry out cyber attacks. By contrast, those charged with information assurance have no effective way to protect the multitude of exposed systems from the attacks."

The changes at the CIA were intended to bring together the two core workers in the intelligence community: collectors, who gather the information from human sources or electronic communications, and analysts, who make sense of the raw material and package it up in reports.

Mark Stout, the director of the intelligence program at the Johns Hopkins University, said the changes at both agencies are being driven by the revolution in communications technology over the last decade and a half and a desire by spies to provide the government with ever more finely grained information.

"With the changes in the geopolitical situation at the end of the Cold War, and within that same 25 years the exponential changes in computing and communication technology that have redistributed power around the world, these changes were bound to come," said Stout, a former analyst at the State Department and the CIA.

Those changes have been felt especially keenly at the NSA, said a former senior intelligence official. The agency has always had the job of both making codes and breaking them, but now that almost all its work involves a global computer network, the separation between those roles has essentially collapsed.

The organizational shift reflects that reality, said the former official, who requested anonymity to describe the plans before they had been publicly announced.

"Now we're just going to call it what it is," the former official said.

The NSA has experimented for several years with bringing together its offensive and defensive missions, notably in a cybersecurity unit called the National Threat Operations Center, or NTOC.

Sherri Ramsay, a former director of the center, said her team was able to use information gathered outside the United States to get a better sense of the threats facing U.S. government networks. Similarly, when an attack does take place, she said, eavesdroppers can seek out more information about the attackers.

"In the past, that couldn't happen outside NTOC," she said. Under the new structure, there will be more opportunities during an attack to say "oh my gosh, look at what's happening, we need to find more about who's doing this."

Ramsay said the experience of staff working at the center will be helpful in making the new structure work effectively, and navigating the legal, bureaucratic and cultural hurdles of bringing together two different approaches.

Stout said the CIA has shown the value of having a sort of internal pilot program. The agency has been able to draw on the experience of its Counterterrorism Center when figuring out how to get analysts to work more closely with the officers who harvest information.

"They both ran experiments and they worked out well," Stout said.

Still, he said, any major change brings big challenges. It requires bringing together workers with very different images of themselves, whether that's swashbuckling CIA officers and deskbound analysts, or NSA eavesdroppers who break into computers and defenders tasked with keeping hackers out.

"There's going to be hiccups and ruffled feathers," Stout said.

Ruppersberger and Sen. Barbara A. Mikulski said they plan to pay particular attention to the impact the reorganization has on the morale of NSA's workforce — much of which is based in Maryland and which has already been battered by the Snowden leaks.

"NSA's dedicated intelligence professionals are protecting America from terrorists and cyber-attacks over here while also supporting our war fighters over there," Mikulski said. "They are on the job and must be able to do their jobs."

The NSA's authority to spy overseas and to help protect American secrets comes from two different legal documents.

The popular image is of an agency that has little regard for the law. But former officials say the agency takes the legal sources of its powers and their limitations very seriously.

Finding a way to bring together information derived from the two different jobs without falling afoul of the law could be one of the biggest challenges of the new plan presents.

"You need to be clear like a policeman what authority am I executing now," the former official said. "You can't use one to do another's work when that wouldn't be authorized."

Privacy activists have long had concerns about the NSA's dual role on attack and defense. They warned that legislation designed to make it easier for companies to share information about cyberattacks with the government would be used to spy.

The reorganization could make those perceived problems worse, said Andrew Crocker, an attorney with the Electronic Frontier Foundation.

"The Snowden documents have really pointed to a lot of places where the [signals intelligence] mission is in conflict with the information assurance mission," he said. "You wonder about how they're going to balance that internally."

©2016 The Baltimore Sun Distributed by Tribune Content Agency, LLC.

Special Projects
Sponsored Articles
  • Sponsored
    Smart cities could transform urban living for the better. However, in order to mitigate the risks of cyber threats that can be exacerbated by inadequately secured and mobile edge computing (MEC) technologies, government officials should be aware of smart cities security concerns associated with their supporting infrastructure.
  • Sponsored
    How the convergence of security and networking is accelerating government agencies journey to the cloud.
  • Sponsored
    Microsoft Teams quickly became the business application of choice as state and local governments raced to equip remote teams and maintain business continuity during the COVID-19 lockdown. But in the rush to deploy Teams, many organizations overlook, ignore or fail to anticipate some of the administrative hurdles to successful adoption. As more organizations have matured their use of Teams, a set of lessons learned has emerged to help agencies ensure a successful Teams rollout – or correct course on existing implementations.
  • Sponsored
    Five Key Criteria for Selecting the Right Technology Solution for Communications and Notifications