The NSA recognizes it needs to share more nation-state threat data, and faster
The National Security Agency’s new Cybersecurity Directorate wants to more quickly share threat data in response to private sector criticism that the agency has been slow to provide key information that companies need to protect themselves, the head of the new foreign intelligence and digital defense outfit said Wednesday.
The NSA’s impetus for creating the Cybersecurity Directorate, set to launch Oct. 1, was to address complaints that context is lacking in U.S. intelligence community’s threat reports that are issued to private companies. By sharing data such as malicious domain names or IP addresses long after hackers have abandoned them, NSA is not providing the real-time information corporate security teams need to block attacks.
Now, the directorate will provide additional context to help sectors like the defense industrial base and election technology providers “prevent and eradicate” intruders, according to Anne Neuberger, director of the NSA’s Cybersecurity Directorate. The goal for the directorate, which was announced in July, is to try to preventing attacks before they start.
“Clearly from the government, there’s some insights and information that we should share, particularly the tradecraft of how those entities are doing that, and enable [organizations] to look for that information on their platforms,” she said during an appearance at the Billington Cybersecurity Summit.
The NSA will try to help companies understand a hacker’s overall goals, how they achieve those goals with multiple pieces of software, and what specific technical infrastructure firms can monitor for threats, Neuberger added.
Part of the urgency behind this new directorate is the broader recognition from the U.S. government that rival countries represent a larger threat to American interests than terrorists, Neuberger said. Cybersecurity vulnerabilities replaced terrorism as the top threat to the U.S. six years ago, according to James Clapper, the former director of national intelligence.
Neuberger most recently served as co-lead of the NSA’s Russia Small Group, a task force stood up to counter Russian threats to the U.S. election. That experience convinced her that stronger collaboration between government officials and private sector leaders is necessary, she told reporters.
The NSA recently named Keith Bruso as the chief of staff for the new Cybersecurity Directorate, an agency official told CyberScoop. Bruso last served as the chief of staff of the NSA’s workforce support directorate.
The directorate previously named a deputy director, Dave Frederick, and technical director in Neal Ziring, as CyberScoop first reported. Frederick previously served as the NSA’s chief of strategic counter cyber operations, while Ziring worked as the NSA’s technical director for capabilities.
Neuberger said she hopes the NSA personnel who focus on understanding the threat — including the techniques and infrastructure different adversaries rely on — can work more closely with the personnel who work on defensive technology and addressing vulnerabilities.
“[W]hen great people sit together they can work a problem in a more diverse way,” she said. “Some of those shifts will take us a couple more months to do.”
Some offices in the new Cybersecurity Directorate are starting to take shape. There will be a nuclear command-and-control office, for example, as well as a critical government networks office, dedicated to national security systems, an NSA official told CyberScoop. There also will be an office known as the futures organization, which will partner with the NSA’s Research Directorate to better align emerging research with agency’s cyber goals.