Definition

National Security Agency (NSA)

What is the National Security Agency (NSA)?

The National Security Agency (NSA) is a federal government intelligence agency that is part of the United States Department of Defense and is managed under the authority of the director of national intelligence (DNI).

The intelligence agency, led by the director of the NSA, does its global monitoring, collection and processing of information and data electronically from its headquarters in Maryland. The NSA is in the Intelligence-gathering business and -- unlike the Federal Bureau of Investigation (FBI) -- its agents don't make arrests. Instead, the NSA turns information over to the military.

In 1952, President Harry S. Truman officially formed the NSA to perform a specialized discipline known as signals intelligence (SIGINT). SIGINT is intelligence gathering by interception of signals -- either communications between people or through electronic signals not directly used in communication.

Two decades later, in 1972, a presidential directive established the Central Security Service (CSS) to provide cryptologic support, knowledge and assistance to the military cryptologic community. The NSA and CSS together form the National Security Agency Central Security Service (NSA/CSS). The job of the NSA/CSS is to create a more unified cryptologic effort with the armed forces and team with senior military and civilian leaders to address and act on critical military-related issues in support of national and tactical intelligence objectives, according to the government.

Responsibilities of the NSA

The NSA exists to protect national communications systems integrity and to collect and process information about foreign adversaries' secret communications in support of national security and foreign policy.

Its role in preserving national security is twofold:

  1. NSA analysts gather and decrypt intelligence from electronic communications found on a wide range of electronic sources, such as phone calls, email, videos, photos, stored data and social networking
  2. The NSA uses discovered intelligence to protect the nation's classified data and national security systems that are crucial to intelligence, military operations and other government activities from unauthorized access and tampering by both domestic and foreign enemies.

In October 2017, Attorney General Loretta Lynch signed new guidelines enabling the NSA to provide intercepted communications and raw SIGINT -- before applying domestic and foreign privacy protections -- to 16 government agencies, including the FBI and Central Intelligence Agency.

Although the organization's number of employees -- as well as its budget -- falls into the category of classified information, the NSA lists among its workforce analysts, engineers, physicists, linguists, computer scientists, researchers, customer relations specialists, security officers, data flow experts, managers, and administrative and clerical assistants.

It also claims to be the largest employer of mathematicians in the U.S. and possibly worldwide. NSA/CSS mathematicians perform the agency's two critical functions: They design cryptographic systems to protect U.S. communications, and they search for weaknesses in the counterpart systems of U.S. adversaries.

The NSA denies reports claiming that it has an unlimited black budget -- undisclosed even to other government agencies. Nevertheless, the agency admitted that, if it were judged as a corporation, it would rank in the top 10% of Fortune 500 companies.

NSA programs

It's been known that the NSA listens in on every international phone call made to and from the U.S., but that's just one aspect of the agency's work. Another aspect is the agency's focus on intelligence gathering.

It was believed that the NSA only focused on international intelligence gathering. However, that belief was derailed in 2013 when details about some of the NSA's other surveillance programs became public.

Edward SnowdenEdward Snowden

That's when former Booz Allen Hamilton contractor Edward Snowden leaked troves of confidential NSA information to the national and international press. The documents indicated the agency had broadened its domestic surveillance activities to bulk collection of U.S. communications.

Snowden told the press about 10 NSA surveillance programs:

  • PRISM. Perhaps the most infamous of the NSA programs, PRISM is geared toward collecting the data stored by nine major Silicon Valley technology companies: Facebook, Google, Yahoo, Microsoft, Paltalk, Skype, YouTube, Apple and AOL. It collected emails, file transfers, photos, voice and other details.
  • FAIRVIEW. With the help of AT&T, the NSA has access to massive amounts of international internet traffic passing through domestic U.S. networks. The NSA has reportedly extensively partnered with U.S. telecom operators for decades.
  • BLARNEY. This is an international version of the PRISM program and a part of FAIRVIEW. Through Blarney, the NSA forms partnerships with foreign telecom operators to gain access to their customer data.
  • STORMBREW and OAKSTAR. Like Blarney, these two operations fall under the umbrella of FAIRVIEW. Little is known about them.
  • XKEYSCORE. According to the U.K.'s The Guardian newspaper, a report on XKeyscore by the NSA listed the project as collecting "nearly everything a typical user does on the internet," including the content of emails and chats, visible in real time.
  • MARINA, TRAFFICTHIEF and PINWALE. Little is known about these three programs. However, as reported in The Daily Dot, TRAFFICTHIEF is described as containing "metadata from a subset of tasked strong-selectors." PINWALE contains "content selected from dictionary tasked terms," while MARINA stores "user activity metadata with front end full take feeds and backend selected feeds."
  • BOUNDLESSINFORMANT. This is said to be a measure of how well the other programs are doing. Slides given to The Guardian by Snowden indicated that, in one month in 2012, the NSA collected almost 100 billion pieces of intelligence worldwide. Three billion pieces of intelligence were collected in the U.S. during that same period. Presumably, an email or phone call would constitute a piece of intelligence.

History of the NSA

Early interception techniques relied on radio signals, radar and telemetry.

The first traces of SIGINT date back to July 1917 when the government created the Cipher Bureau of Military Intelligence. This was three months after the United States had declared war on Germany, in part because of the infamous Zimmerman Telegram.

Intercepted and deciphered by British intelligence, the Zimmerman Telegram revealed that the German foreign secretary attempted to entice Mexico into war against the U.S. by promising to return the states of Texas, New Mexico and Arizona to Mexico should Germany win the war.

When British codebreakers intercepted this message, it inflamed the U.S. and proved the value of SIGINT.

After the war, SIGINT work became fragmented and scattered among numerous agencies and government entities. The Army Signal Corps developed the Signal Intelligence Service (SIS) in May 1929 after taking over cryptology from military intelligence. Civilian William F. Friedman became chief cryptologist at SIS and was tasked with educating a small team of civilians on cryptanalysis so they could compile codes for the U.S. Army.

how cryptology works

After the armed forces succeeded in cracking German and Japanese codes during World War II, President Truman reorganized American SIGINT under the NSA. SIS, renamed the Signal Security Agency and then the Army Security Agency in the mid-1940s, became part of the National Security Agency.

In 1957, the NSA moved to Fort Meade in Maryland, where it is still based today.

In 2012, The New York Times reported that Stuxnet malware, discovered in June 2010 after a damaging attack on Windows machines and programmatic logic controllers in Iran's industrial plants, including its nuclear program, had been jointly developed by the U.S. and Israel. Neither country has admitted responsibility for the malicious computer worm.

A hacker organization dubbed Equation Group allegedly used two of the zero-day exploits prior to the Stuxnet attack, according to antivirus company Kaspersky Lab, which is based in Moscow and made the claims in 2015.

In addition to protecting national security through cryptography and cryptanalysis, the NSA has weathered security breaches beyond Snowden that have caused embarrassment for the agency and affected its intelligence-gathering capabilities.

An unidentified NSA contractor removed classified U.S. government information from the NSA in 2015 and stored the material, which included code and spyware used to infiltrate foreign networks, on a personal device. The files were allegedly intercepted by Russian hackers. The contractor acknowledged using antivirus software from Kaspersky Lab.

In 2017, Israel intelligence officers revealed that they detected NSA materials on Kaspersky networks in 2015. Kaspersky officials later admitted that they became aware of unusual files on an unidentified contractor's computer, and they did not immediately report their findings. In December 2017, the U.S. government banned the use of Kaspersky Lab products for all federal agencies and government employees.

A hacker group calling itself The Shadow Brokers claimed it had stolen NSA files in 2017. It released batches of files on the internet, some of which allegedly contained the Internet Protocol addresses of computer servers that were compromised by Equation Group -- hackers reported to have ties to the NSA.

The continual dumping of NSA files has exposed zero-day exploits targeting firewalls and routers, Microsoft Windows vulnerabilities and other cyberweapons. The NSA, according to the ongoing leaks, has been stockpiling vulnerabilities, most notably the Windows EternalBlue exploit used by cybercriminals in the global WannaCry ransomware attacks.

The FBI arrested Harold T. Martin III, a former NSA contractor employed by Booz Allen Hamilton, in August 2016 and accused him of violating the Espionage Act for unlawful possession of terabytes of confidential materials allegedly taken from the NSA and other intelligence agencies over a 20-year period. A grand jury indicted him in February 2018. The case is still pending as prosecutors wrestle with criminal counts and the sheer volume of materials.

In October 2020, the NSA released an advisory specifying 25 publicly known vulnerabilities actively exploited or being scanned by Chinese state-sponsored actors. Later that year, the NSA verified that SolarWinds Orion Platform version 2020.2.1 HF 2 eliminated the malicious code used in the extensive SolarWinds hack.

In January 2021, for the first time, the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), the Office of the DNI and the NSA publicly suggested Russian threat actors were responsible for the SolarWinds supply chain attack.

That April, the Biden administration formally attributed the SolarWinds attacks to the Russian government's Foreign Intelligence Service (SVR). The FBI, NSA and CISA jointly warned that state-sponsored, SVR-allied threats were actively exploiting known vulnerabilities to get access to national security and government-associated networks.

Also that April, the NSA found four new Microsoft Exchange Server vulnerabilities, of which three were critical.

Learn more about how the SolarWinds attack puts national security strategy on display.

This was last updated in May 2021

Continue Reading About National Security Agency (NSA)

Dig Deeper on Security operations and management

Networking
CIO
Enterprise Desktop
Cloud Computing
ComputerWeekly.com
Close