National Security Agency

(U//FOUO) NSA Hardening Network Infrastructure: Security Recommendations for System Accreditors

Many networks run by public and private organizations have experienced intrusions in recent years, and this cyber exploitation has resulted in an unprecedented transfer of wealth due to lost intellectual property. The threats to our networks and systems exist across numerous components that include end-user-devices, servers, and infrastructure devices. To address threats to routers and other network infrastructure devices, the National Security Agency’s Information Assurance Directorate (IAD) is publishing this IAA to guide U.S. Government systems accreditors’ strategic plan for network hardening.

(U//FOUO) NSA Mitigations Guidance for Distributed Denial of Service Attacks

Adversary actors in cyberspace continue to demonstrate the interest in and ability to execute Distributed Denial of Service (DDoS) attacks against the United States. The need to offer Internet services in support of mission requirements inherently exposes these services to malicious traffic and the potential for DDoS attack. Proactive preparation to ensure network resilience in the event of a DDoS event is essential. Reactive measures are feasible, but are often too slow to respond to the dynamic nature of today’s threat.

(U//FOUO) NSA Field Generation and Over-the-Air Distribution of COMSEC Key Manual

This document is intended as the standard U.S. user’s manual for planning and conducting field key generation and OTAD in support of tactical activities. It is targeted primarily at Joint and Intra-Service Operations and Exercises, particularly those involving forces that do not routinely train or operate together. It also has limited application to Combined operations and exercises involving Allied forces that hold OTAR- and OTAT-capable COMSEC equipment

(U//FOUO) NSA Technology Directorate Manual: Cable Installation at NSA Facilities

This document provides detailed instructions for the implementation and installation of premise wire infrastructure in support of unclassified and classified networks within NSAW, Build-out Facilities, domestic facilities where NSA controls the plenum, domestic facilities where NSA does not control the plenum and all OCONUS field sites. This document provides instructions for implementations and installations of premise wiring in communications facilities, office spaces and machine rooms by ITD Internal Service Providers (ISP), External Service providers (ESP), field personnel stationed at the respective facilities or authorized NSA agents.

NSA Site M Environmental Impact Survey

The Department of Defense (DOD) has published the (Final) Environmental Impact Statement (EIS) for the proposed implementation of campus development initiatives and the construction of associated facilities for the National Security Agency (NSA) complex at Fort George G. Meade (Fort Meade), Maryland, dated September, 2010. The National Security Agency/Central Security Service (NSA/CSS) is a cryptologic intelligence agency administered as part of the DOD. It is responsible for the collection and analysis of foreign communications and foreign signals intelligence. For NSA/CSS to continue to lead the Intelligence Community into the next 50 years with state-of-the-art technologies and productivity, its mission elements will require new facilities and infrastructure.

Hitachi Press Release on NSA Utah Data Center Cable Purchases

With internet traffic growing exponentially, attacks on government and commercial computers by cyber terrorists and rogue states have escalated. Those wishing harm have espionage programs targeting the data systems used by the United States and allies. Drug traffickers and weapons dealers use the internet with encrypted communications. To counter these activities, the National Security Agency, an agency of the U.S. government, is building a fortified data center deep inside a mountain in Utah. This complex will house the world’s most sophisticated supercomputers dedicated to code breaking and data traffic analysis. Another site will eventually take delivery of the latest Cray supercomputer called Cascade to support the NSA’s need to crack codes faster to protect the nation and its allies.

Sworn Declaration of Whistleblower William Binney on NSA Domestic Surveillance Capabilities

The NSA has the capability to do individualized searches, similar to Google, for particular electronic communications in real time through such criteria as target addresses, locations, countries and phone numbers, as well as watch-listed names, keywords, and phrases in email. The NSA also has the capability to seize and store most electronic communications passing through its U.S. intercept centers. The wholesale collection of data allows the NSA to identify and analyze Entities or Communities of interest later in a static database. Based on my proximity to the PSP and my years of experience at the NSA, I can draw informed conclusions from the available facts. Those facts indicate that the NSA is doing both.

NSA Possible Domestic Interception/Collection Points Map

A map and list of possible locations of NSA domestic interception points inside the United States. The list was presented by computer security researcher Jacob Appelbaum at a recent event held at the Whitney Museum in New York along with filmmaker Laura Poitras and ex-NSA employee William Binney. One of the addresses, an AT&T building on Folsom Street in San Francisco, is the location of Room 641A which was the subject of multiple lawsuits regarding warrantless surveillance of U.S. citizens. A recent article in Wired quoted Binney as estimating that there are likely ten to twenty of these locations around the country.

(U//FOUO) NSA Social Networking Sites Security Guide

A social networking site (SNS) is a web-based service that allows communities of people to share common interests and/or experiences. Rather than using direct point-to-point communication to stay in touch (e.g., face-toface, phone, text/video messages), SNSs allow users to publish information that can be read later by other users (a one-to-many form of communication) and follow their friend’s postings and provide comments. SNSs provide innovative methods for interacting with friends through third-part applications, such as simple games (tic-tac-toe, paper-rock-scissors), interactive maps to show places visited across the world, and quiz/trivia games which allow for score comparison with others. Many SNSs also allow users to logon from mobile devices that have web browser access to the Internet, allowing them to check and update their accounts from virtually any location with a Wi-Fi or cellular signal.

(U//FOUO) NSA “Site M” Expansion Planning Documents

National Security Agency “Site M” Expansion Development Plan and Anti-Terrorism Force Protection Assessment from May 31, 2011. The Site M Area Development Plan (ADP) for the National Security Agency/Central Security Service (NSA/CSS) coordinates the development of facilities on Site M at Fort George G. Meade (Ft. Meade), allowing for growth and expansion over time. Site M development is planned to consist of administrative buildings, operation buildings, High Performance Computing Centers (HPCC) and associated support facilities. The objective of the AT/FP component is to develop a plan for protection of the proposed Site M development. This plan is based on the mandatory DoD minimum antiterrorism standards as well the specific requirements of NSA/CSS Ft. Meade. The plan provides overall guidance for development of the site as well as specific design strategies for key AT/FP components. A layered approach to security has been applied to ensure probability of detection with low false and nuisance alarm rates.

Utah Data Center

The Utah Data Center (UDC) will be a highly secure 65 Mega Watt, Tier III National Security Agency datacenter facility to be located near Camp Williams, Utah. The fast-track program will consist of approximately 1 million ft2 of new facilities, of which 100,000 ft2 will be mission-critical space with raised flooring, and the other 900,000 ft2 will be devoted to technical support and administrative space. Ancillary support facilities include water treatment facilities, electrical substations, a vehicle inspection facility and visitor control center, perimeter site security measures, fuel storage, chiller plants and fire suppression systems. The UDC will incorporate green building strategies and will be required to be a LEED certified facility, with the goal of obtaining a LEED Silver rating.

Yakima Training Center

The Yakima Training Center (YTC) is a United States Army training center (Army maneuver training and live fire area) located in south central Washington state. It is bounded on the west by Interstate 82, on the south by the city of Yakima, on the north by the city of Ellensburg and Interstate 90, and on the east by the Columbia River. It comprises 327,000 acres (132,332 hectares) of land, most of which consists of shrub-steppe, making it one of the largest areas of shrub-steppe habitat remaining in Washington state. According to a 2001 report by the European Parliament, the Yakima Training Center is also an integral part of the ECHELON global communications interception system.

Naval Security Group Activity (NAVSECGRUACT) Sugar Grove

Sugar Grove is an American government communications site located in Pendleton County, West Virginia operated by the National Security Agency. According to a December 25, 2005 article in the New York Times, the site intercepts all international communications entering the Eastern United States. The site was first developed by the Naval Research Laboratory in the early 1960s as the site of a 600 ft (180 m) radio telescope that would gather intelligence on Soviet radar and radio signals reflected from the moon and would gather radioastronomical data on outer space, but the project was halted in 1962 before the telescope construction was completed.[1] The site was then developed as a radio receiving station. The site was activated as “Naval Radio Station Sugar Grove” on May 10, 1969, and two Wullenweber Circulary Disposed Antenna Arrays (CDAAs) were completed on November 8, 1969. Numerous other antennas, dishes, domes, and other facilities were constructed in the following years. Some of the more significant radio telescopes on site are a 60 ft (18 m) dish (oldest telescope on site), a 105 ft (32 m) dish featuring a special waveguide receiver and a 150 ft (46 m) dish (largest telescope on site).