This month the National Security Agency (NSA) announced that Anne Neuberger, director of cybersecurity, has assumed responsibility as Deputy National Manager (DNM) and will replace Marianne Bailey. Ms. Neuberger was also named director of the NSA’s newly formed public-facing Cybersecurity Directorate, and this change will align the DNM role with the director of cybersecurity position in keeping with the evolution of the NSA’s cybersecurity mission.
The Cybersecurity Directorate, which is set to reach full operational capability in January, will conduct greater outreach to the U.S. tech community via the new Standards and Futures group. This new group will be less focused on cyber defense and offense that threaten national security or those that could be conducted by nation states; and instead will work to predict threats and even spot bugs and vulnerabilities in commercial products.
The Standards and Futures group will reportedly even work to help businesses and consumers engage in solid cyber safety.
Overcoming its Reputation
The NSA doesn’t exactly have what could be called a good working relationship with Silicon Valley. For one, part of the mission at the NSA – which has often been described as the “No Such Agency” – has been to break into and spy on computers, phones and networks, including those of American citizens. The agency has also been known to keep its cards close to its chest, and it hasn’t typically shared information on cyber vulnerabilities that it has discovered. However, under the Standards and Futures group, the goal would be to alert tech companies and even consumers to address cybersecurity issues.
“Our role is taking the insights we have…whether it’s 5G, whether it’s quantum system crypto, whether it’s distributed ledger, and trying to work to ensure those products are built more securely,” Neuberger explained to Defense One last week. “And we give advice to users who need different levels of security.”
To accomplish this, the NSA would even provide recommendations to help businesses with emerging technologies.
“Futures and Standards is going to look out a little ahead of today’s threats,” said Neal Ziring, the directorate’s technical director, according to Defense One.
“How can it be used most safely? When can it be used for national security purposes and when might it not be so suitable? Understanding that stuff takes time,” added Ziring. “And experimentation…And collaboration with the folks who are developing or deploying the technologies, that’s where our Futures and Standards” group will come in.”
Change of Attitude
Given that the NSA is an inherently secretive surveillance agency; can the tech industry trust it? Neuberger says yes, that the new initiative is a white-hat mission, and through it will help U.S. companies and consumers stiffen cyber defense. The argument from Neuberger is that those who break things know best how to secure them.
“I understand any suspicion the community holds for NSA, or for any federal operation,” admitted Jim Purtilo, associate professor in the computer science department at the University of Maryland.
“Suspicion is good, and usually the way we get into trouble is by not being suspicious enough of groups, technologies or standards,” Purtilo told ClearanceJobs. “Healthy skepticism is the first step to genuine trust.”
Yet, there are still many reasons why Silicon Valley should be open to working more closely with the agency.
“NSA is not a one-dimensional organization, and its research activities – in many cases entirely open – have had genuine value to the community over the years,” added Purtilo. “They bring important talent and technology to the game, and consumer security in home systems and IoT is a pretty important game. Technologies based on open source and clear standards that have been improved by the scrutiny of many talented people – including those who work with NSA – make us stronger.”