National Security Agency (NSA)

The National Security Agency is the official U.S. cryptologic organization of the United States Intelligence Community under the Department of Defense.

Responsible for the coordination of communications intelligence activities throughout the government, the top secret NSA was covertly formed in November 1952 under a directive from President Harry S. Truman and the National Security Council.

Secrecy around the agency's activities has suffered, however, as security breaches have exposed global surveillance programs and cyberweapons -- malware agents -- developed to target computers and networks of U.S. adversaries.

Responsibilities of the NSA

The agency exists to protect national communications systems integrity and to collect and process information about foreign adversaries' secret communications to support national security and foreign policy. The classified information is disseminated to 16 separate government agencies that make up the U.S. Intelligence Community.

In October 2017, Attorney General Loretta Lynch signed new guidelines to enable the NSA to provide intercepted communications and raw signals intelligence -- before applying domestic and foreign privacy protections -- to 16 government agencies, including the FBI and CIA.

The National Security Agency works in close conjunction with the Central Security Service, which was established by presidential executive order in 1972 to promote full partnership between the NSA and the cryptologic elements of the armed forces. The director of the NSA/CSS, in accordance with a Department of Defense directive, must be a high-ranking -- at least three stars -- commissioned officer of the military services.

Although the organization's number of employees -- as well as its budget -- falls into the category of classified information, the NSA lists among its workforce analysts, engineers, physicists, linguists, computer scientists, researchers, customer relations specialists, security officers, data flow experts, managers, and administrative and clerical assistants.

It also claims to be the largest employer of mathematicians in the U.S., and possibly worldwide. NSA/CSS mathematicians perform the agency's two critical functions: they design cryptographic systems to protect U.S. communications, and they search for weaknesses in the counterpart systems of U.S. adversaries.

The NSA denies reports claiming that it has an unlimited black budget -- undisclosed even to other government agencies. Nevertheless, the agency admits that, if it were judged as a corporation, it would rank in the top 10% of Fortune 500 companies.

NSA programs

NSA surveillance operations, which intensified after the Sept. 11, 2001, attacks on U.S. soil, have come under scrutiny. U.S. surveillance laws changed suddenly when the USA Patriot Act -- Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 -- was enacted by Congress and signed into law by President George W. Bush on October 26, 2001.

The Patriot Act expanded the government's surveillance powers beyond the Foreign Intelligence Surveillance Act, established in 1978, which provided exceptions to the Fourth Amendment when the search -- or wiretap -- was to gain foreign intelligence. For example, the Patriot Act authorized law enforcement and the Federal Bureau of Investigation to secretly search personal and business records of U.S. citizens, including telephone, email and financial information, without judicial or congressional involvement.

In 2013, details about some of the NSA's surveillance programs became public when former Booz Allen Hamilton contractor Edward Snowden leaked troves of confidential NSA information, first travelling to Hong Kong to meet with reporters and then seeking asylum from U.S. authorities in Russia. Russia extended his asylum in January 2017 until 2020. The documents indicated the agency had broadened its domestic surveillance activities to bulk collection of U.S. communications.

Questions of legal authority were raised when Snowden's NSA disclosures revealed the organization collected internet data stored by internet service providers, as well as surveillance metadata on U.S. citizens' telecommunications -- phone records. The agency's surveillance operations also targeted third parties, such as business owners required to turn over customers' records, and U.S. companies involved in any type of foreign communications.

The exposure of the details of the NSA's widespread surveillance programs also embarrassingly revealed that the agency intercepted allied government communications, allegedly tapping mobile phones of world leaders, including German Chancellor Angela Merkel.

The unauthorized leaks also provided information on the NSA's Tailored Access Operations program, an elite offensive hacking unit created in 1998 that conducts technical surveillance. According to Snowden's disclosures, in addition to computer networks, TAO infiltrated satellite and fiber optic communications systems, which are the backbones of telecommunications providers and ISPs.

The NSA and FBI also appeared to gain access to servers and stored internet communications through a top secret project code named PRISM. While Snowden's documents alluded to PRISM, U.S. technology providers claimed to provide government assistance only when the law required it, or to have no knowledge of the data collection program. The NSA revelations raised concerns worldwide that U.S. hardware and software manufacturers may have shipped compromised products with malware or backdoors installed, enabling the agency to access customers' data.

The USA Freedom Act -- Uniting and Strengthening America by Fulfilling Rights and Ending Eavesdropping, Dragnet-collection and Online Monitoring Act -- was proposed by Congress in October 2013.

Provisions of the Patriot Act, including roving wiretaps and bulk metadata collection, expired on June 1, 2015. The next day, the USA Freedom Act was signed into law by President Barack Obama. It restored the Patriot Act provisions with modifications and imposed limits on bulk collection of telecommunications metadata. However, the NSA could still access that information through telecommunications companies.

History of the NSA

Early interception techniques relied on radio signals, radar and telemetry.

The Army Signal Corps developed the Signals Intelligence Service in May 1929 after taking over cryptology from military intelligence. Civilian William F. Friedman became chief cryptologist at SIS and was tasked with educating a small team of civilians on cryptanalysis so they could compile codes for the U.S. Army.

After the armed forces saw success cracking German and Japanese codes during World War II, the National Security Agency was established by President Truman. SIS, renamed the Signal Security Agency, and then the Army Security Agency in the mid-1940s, became part of the National Security Agency, headquartered in Fort Meade, Md.

In 2012, the New York Times reported that Stuxnet malware, discovered in June 2010 after a damaging attack on Windows machines and programmatic logic controllers in Iran's industrial plants, including its nuclear program, had been jointly developed by the U.S. and Israel. Neither country has admitted responsibility for the malicious computer worm.

A hacker organization dubbed the Equation Group allegedly used two of the zero-day exploits prior to the Stuxnet attack, according to antivirus company Kaspersky Lab, which is based in Moscow and made the claims in 2015.

In addition to protecting national security through cryptography and cryptanalysis, the NSA has weathered security breaches beyond Snowden that have caused embarrassment for the agency and affected its intelligence-gathering capabilities.

An unidentified NSA contractor removed classified U.S. government information from the NSA in 2015 and stored the material, which included code and spyware used to infiltrate foreign networks, on a personal device. The files were allegedly intercepted by Russian hackers. The contractor acknowledged using antivirus software from Kaspersky Lab, a company that, according to some reports, may have ties to the Russian government.

In 2017, Israel intelligence officers revealed that they detected NSA materials on Kaspersky networks in 2015. Kaspersky officials later admitted that they became aware of unusual files on an unidentified contractor's computer, and they did not immediately report their findings.

In December 2017, the U.S. government banned the use of Kaspersky Lab products for all federal agencies and government employees.

A hacker group calling itself the Shadow Brokers claimed they had stolen NSA files in 2017. They released batches of files on the internet, some of which allegedly contained the IP addresses of computer servers that were compromised by the Equation Group -- hackers reported to have ties to the NSA.

The continual dumping of NSA files has exposed zero-day exploits targeting firewalls and routers, Microsoft Windows vulnerabilities, and other cyberweapons. The NSA, according to the ongoing leaks, has been stockpiling vulnerabilities, most notably the Windows EternalBlue exploit used by cybercriminals in the global WannaCry ransomware attacks.

Harold T. Martin III, a former NSA contractor employed by Booz Allen Hamilton, was arrested by the FBI in August 2016 and accused of violating the Espionage Act for unlawful possession of terabytes of confidential materials allegedly taken from the NSA and other intelligence agencies over a 20-year period. He was indicted by a grand jury in February 2018. The case is still pending as prosecutors wrestle with criminal counts and the sheer volume of materials.

This was last updated in March 2018

Continue Reading About National Security Agency (NSA)

Dig Deeper on Government information security management