Background:
- The new Cybersecurity Directorate is expected to unify NSA’s foreign intelligence and cyber defense missions.
- The Directorate, under the leadership of Director Anne Neuberger, is charged with “preventing and eradicating threats to National Security Systems and the Defense Industrial Base”.
- The Cybersecurity Directorate will officially begin operations on October 1.
- The NSA says that the new directorate will focus on building on past successes, pointing to the Russia Small Group, as it works “to operationalize our threat intelligence, vulnerability assessments, and cyber defense expertise to defeat our adversaries in cyberspace.”
- The new directorate will replace the Information Assurance Directorate, which was focused on protecting sensitive information regarding national security systems.
- Neal Ziring is expected to serve as the directorate’s technical director and Dave Frederick has been named as deputy director, according to an NSA spokesperson.
The new Cybersecurity Directorate is a new approach for the NSA, with the expectation being that it will allow it to better coordinate with its key partners across government, to include U.S. Cyber Command, DHS and the FBI. And perhaps most importantly for the private sector, it is hoped that the new directorate will allow the NSA to do a better job of sharing information with its ‘customers’ in order to allow them to do a better job defending themselves against “malicious cyber activity”.
The Cipher Brief tapped three experts for their perspective on the new directorate, and what the private sector might expect. All three are also members of the new Cyber Initiatives Group.
Rick Ledgett served as the Deputy Director of the National Security Agency from January 2014 until his retirement in April 2017. His nearly 40-year career focused on cryptology at NSA and in the U.S. Army. He previously led the Media Leaks Task Force, the Agency’s response to the Snowden leaks and was the first National Intelligence Manager for Cyber at the Office of the Director of National Intelligence.
Lt. Gen. James K. “Kevin” McLaughlin served as the Deputy Commander, U.S. Cyber Command and also served as Commander, 24th Air Force and Commander, Air Forces Cyber, Joint Base San Antonio – Lackland, Texas.
Major General Patricia Frost (U.S. Army, Retired) currently serves as Director of Cyber for Partners in Performance America where she manages operational risk for industry partners. Before retiring in 2018, she served as the first Director of Cyber, Electronic Warfare and Information Operations where she led the development of strategy, policy, and resourcing.
Rick Ledgett, Former Deputy Director, National Security Agency
The value of the new directorate is both in the exclusive focus on cybersecurity and the clear delineation of the “white hat” mission for assisting public and private sector entities in securing their networks, data, and communications. This focus will allow Anne Neuberger and her team to take the unique technical and operational insights that NSA has into threats and vulnerabilities and use them to keep U.S. and allied systems safe.
Major General Patricia Frost (U.S. Army, Retired), Former Director of Cyber, Electronic Warfare and Information Operations
Our adversaries have the advantage in cyberspace and one effective way to counter their capabilities is to share information (tactics, techniques and processes) in a rapid, deliberate and distributed method as possible across the public and private sector. I applaud the establishment of this new Cyber Directorate as it will assist the DHS CISA Director and the FBI to share enriched information that is of value to the industries that support the critical infrastructure of our Nation.
LT. Gen Kevin McLaughlin (Ret.), Former Deputy Commander, U.S. Cyber Command
The creation of the NSA's new Cybersecurity Directorate is an important strategic move in a world where the cyber security of U.S. sovereign interests is not assured. Our adversaries have harmed U.S. national security by mounting persistent, long-term campaigns aimed at weakening core democratic institutions, stealing unimaginably large volumes of personal information and sensitive intellectual property, and threatening our critical infrastructure.
Rick Ledgett, Former Deputy Director, National Security Agency
The private sector in particular will benefit as NSA expertise and threat information is provided to them in ways that are useful and in timeframes that matter. The new directorate is also a clear signal of the importance of the cybersecurity mission, and the commitment of the Agency to ensure private and public sector entities benefit from NSA’s experience. I expect that Anne and her team will be reaching out to relevant parties soon after the organization’s official standup in October.
Lt. Gen Kevin McLaughlin (Ret.), Former Deputy Commander, U.S. Cyber Command
The announcement is significant. Here are the top three reasons why: First, the move consolidates all NSA cybersecurity resources under one senior leader and elevates the function to a direct-reporting level to the Director of NSA.
"Second, Gen Nakasone's naming of Anne Neuberger as the first leader of the Directorate of Cybersecurity signals that he wants a leader that is not only experienced, but also known inside and outside of NSA as an innovator and a trusted collaborator.
Last and most important, this move further strengthens the combined NSA and USCYBERCOM cybersecurity team led by the dual-hatted Nakasone. Make no doubt about it, the combined cybersecurity capacity and expertise within the U.S. government resides inside the NSA and USCYBERCOM team. The fact that one individual is able to wield and integrate these two organizations is a strategic advantage for the country and one that the President and the nation will have to depend on more and more frequently.
It will be very interesting to watch how Nakasone will replicate the model exemplified by the Russia Small Group that helped defend the 2018 mid-term elections. In that model, much of the combined NSA and USCYBERCOM effort was aimed at enabling and supporting others, both in and out of the US government, but also consisted of coordinated and combined NSA and USCYBERCOM efforts to operationalize their cybersecurity mission. To be successful, he will have to continue to build trust with other US government entities like DHS and the FBI, with private sector entities, and with foreign partners," said McLaughlin.
Major General Patricia Frost (U.S. Army, Retired), Former Director of Cyber, Electronic Warfare and Information Operations
We must continue to find the best methods to share threat information and strengthen our public and private partnerships. No agency or industry can do this alone and as a Nation we are far stronger when seen as one collaborative entity (A sum greater than its parts). I look forward to seeing this directorate operationalized and contributing to the cyber public and private community.
The directorate still has a number of positions to fill and it isn’t clear just how big it will be. Nonetheless, it’s expected to be up and running October 1.
Check out the new Cyber Initiatives Group, powered by The Cipher Brief. It’s the only group with Principals like General Michael Hayden, General Keith Alexander, and a host of other cyber leaders from the private sector and academia who share insights and perspective on today’s cyber threats. Join this group today for access to private webcasts with experts as well as invitations to in-person events across the country.
