Public Intelligence

This document is intended as the standard U.S. user’s manual for planning and conducting field key generation and OTAD in support of tactical activities. It is targeted primarily at Joint and Intra-Service Operations and Exercises, particularly those involving forces that do not routinely train or operate together. It also has limited application to Combined operations and exercises involving Allied forces that hold OTAR- and OTAT-capable COMSEC equipment

This document provides detailed instructions for the implementation and installation of premise wire infrastructure in support of unclassified and classified networks within NSAW, Build-out Facilities, domestic facilities where NSA controls the plenum, domestic facilities where NSA does not control the plenum and all OCONUS field sites. This document provides instructions for implementations and installations of premise wiring in communications facilities, office spaces and machine rooms by ITD Internal Service Providers (ISP), External Service providers (ESP), field personnel stationed at the respective facilities or authorized NSA agents.

The Department of Defense (DOD) has published the (Final) Environmental Impact Statement (EIS) for the proposed implementation of campus development initiatives and the construction of associated facilities for the National Security Agency (NSA) complex at Fort George G. Meade (Fort Meade), Maryland, dated September, 2010. The National Security Agency/Central Security Service (NSA/CSS) is a cryptologic intelligence agency administered as part of the DOD. It is responsible for the collection and analysis of foreign communications and foreign signals intelligence. For NSA/CSS to continue to lead the Intelligence Community into the next 50 years with state-of-the-art technologies and productivity, its mission elements will require new facilities and infrastructure.

The policy of the U.S. Government is that all classified information must be appropriately safeguarded to assure the confidentiality, integrity, and availability of that information. This document provides procedural guidance for the protection, use, management, and dissemination of Sensitive Compartmented Information (SCI), and is applicable to the Department of Defense (DoD) to include DoD components and Government contractors who process SCI.

With internet traffic growing exponentially, attacks on government and commercial computers by cyber terrorists and rogue states have escalated. Those wishing harm have espionage programs targeting the data systems used by the United States and allies. Drug traffickers and weapons dealers use the internet with encrypted communications. To counter these activities, the National Security Agency, an agency of the U.S. government, is building a fortified data center deep inside a mountain in Utah. This complex will house the world’s most sophisticated supercomputers dedicated to code breaking and data traffic analysis. Another site will eventually take delivery of the latest Cray supercomputer called Cascade to support the NSA’s need to crack codes faster to protect the nation and its allies.

The NSA has the capability to do individualized searches, similar to Google, for particular electronic communications in real time through such criteria as target addresses, locations, countries and phone numbers, as well as watch-listed names, keywords, and phrases in email. The NSA also has the capability to seize and store most electronic communications passing through its U.S. intercept centers. The wholesale collection of data allows the NSA to identify and analyze Entities or Communities of interest later in a static database. Based on my proximity to the PSP and my years of experience at the NSA, I can draw informed conclusions from the available facts. Those facts indicate that the NSA is doing both.

A letter from the Commander of U.S. Cyber Command Keith Alexander to Senator John McCain describing the role of U.S. Cyber Command and its position on current efforts to pass cybersecurity legislation.

A map and list of possible locations of NSA domestic interception points inside the United States. The list was presented by computer security researcher Jacob Appelbaum at a recent event held at the Whitney Museum in New York along with filmmaker Laura Poitras and ex-NSA employee William Binney. One of the addresses, an AT&T building on Folsom Street in San Francisco, is the location of Room 641A which was the subject of multiple lawsuits regarding warrantless surveillance of U.S. citizens. A recent article in Wired quoted Binney as estimating that there are likely ten to twenty of these locations around the country.

The Office of the Director of National Intelligence (ODNI) is building a computer system capable of automatically analyzing the massive quantities of data gathered across the entire intelligence community and extracting information on specific entities and their relationships to one another. The system which is called Catalyst is part of a larger effort by ODNI to create software and computer systems capable of knowledge management, entity extraction and semantic integration, enabling greater analysis and understanding of complex, multi-source intelligence throughout the government.

The National Security Agency/Central Security Service officially opened the new NSA/CSS Georgia Cryptologic Center at a ribbon-cutting ceremony where officials emphasized how the $286 million complex will provide cryptologic professionals with the latest state-of-the-art tools to conduct signals intelligence operations, train the cryptologic workforce, and enable global communications. NSA/CSS has had a presence in Georgia for over 16 years on Ft. Gordon, when only 50 people arrived to establish one of NSA’s Regional Security Operations Centers.

The National Security Agency, a secretive arm of the U.S. military, has begun providing Wall Street banks with intelligence on foreign hackers, a sign of growing fears of financial sabotage. The assistance from the agency that conducts electronic spying overseas is part of an effort by American banks and other financial firms to get help from the U.S. military and private defense contractors to fend off cyber attacks, according to interviews with U.S. officials, security experts and defense industry executives. The Federal Bureau of Investigation has also warned banks of particular threats amid concerns that hackers could potentially exploit security vulnerabilities to wreak havoc across global markets and cause economic mayhem. While government and private sector security sources are reluctant to discuss specific lines of investigations, they paint worst-case scenarios of hackers ensconcing themselves inside a bank’s network to disable trading systems for stocks, bonds and currencies, trigger flash crashes, initiate large transfers of funds or turn off all ATM machines.

Threats posed by cyber-attacks on computer networks and the Internet are escalating from large-scale theft of data and strikes designed to disrupt computer operations to more lethal attacks that destroy entire systems and physical equipment. “That’s our concern about what’s coming in cyberspace — a destructive element,” Gen. Alexander, who is also the director of the National Security Agency, the electronic spying agency, said in a speech at a conference on cyberwarfare. Gen. Alexander said two cases illustrate what could happen in an attack.

Google has admitted complying with requests from US intelligence agencies for data stored in its European data centers, most likely in violation of European Union data protection laws. Gordon Frazer, Microsoft UK’s managing director, made news headlines some weeks ago when he admitted that Microsoft can be compelled to share data with the US government regardless of where it is hosted in the world. At the center of this problem is the USA PATRIOT ACT, which states that companies incorporated in the United States must hand over data administered by their foreign subsidiaries if requested. Not only that, but they can be forced to keep quiet about it in order to avoid exposing active investigations and alert those targeted by the probes.

A federal judge has issued an opinion in EPIC v. NSA, and accepted the NSA’s claim that it can “neither confirm nor deny” that it had entered into a relationship with Google following the China hacking incident in January 2010. EPIC had sought documents under the FOIA because such an agreement could reveal that the NSA is developing technical standards that would enable greater surveillance of Internet users. The “Glomar response,” to neither confirm nor deny, is a controversial legal doctrine that allows agencies to conceal the existence of records that might otherwise be subject to public disclosure. EPIC plans to appeal this decision. EPIC is also litigating to obtain the National Security Presidential Directive that sets out the NSA’s cyber security authority. And EPIC is seeking from the NSA information about Internet vulnerability assessments, the Director’s classified views on how the NSA’s practices impact Internet privacy, and the NSA’s “Perfect Citizen” program.

Declassified DoD Inspector General Report on NSA Thinthread and Trailblazer Systems from December 15, 2004.

A social networking site (SNS) is a web-based service that allows communities of people to share common interests and/or experiences. Rather than using direct point-to-point communication to stay in touch (e.g., face-toface, phone, text/video messages), SNSs allow users to publish information that can be read later by other users (a one-to-many form of communication) and follow their friend’s postings and provide comments. SNSs provide innovative methods for interacting with friends through third-part applications, such as simple games (tic-tac-toe, paper-rock-scissors), interactive maps to show places visited across the world, and quiz/trivia games which allow for score comparison with others. Many SNSs also allow users to logon from mobile devices that have web browser access to the Internet, allowing them to check and update their accounts from virtually any location with a Wi-Fi or cellular signal.

Two pamphlets produced by the NSA on “Using Your BlackBerry Securely” and “Security Tips for Personally Managed Apple iPhones and iPads” from March 2011.

In July 2010, the NSA revealed that it was expanding into a 227-acre parcel of land at Fort Meade called “Site M”, constructing a series of buildings that could cost as much as $5.2 billion. This expansion would displace two golf courses currently occupying the land and provide the NSA, which already occupies 630 acres at Fort Meade, with more space to build “an operational complex and to construct and operate consolidated facilities to meet the National Security Agency’s (NSA) continually evolving requirements and for Intelligence Community use”. The project has been shrouded in secrecy throughout its existence and there are only a few references to “Site M” in DoD budget planning documents. However, a recently discovered collection of development planning documents for the Site M project provide detailed information about the proposed $3.2 billion expansion, indicating that the facility will be a centralized command center for the NSA’s evolving cyberwarfare capabilities.

National Security Agency “Site M” Expansion Development Plan and Anti-Terrorism Force Protection Assessment from May 31, 2011. The Site M Area Development Plan (ADP) for the National Security Agency/Central Security Service (NSA/CSS) coordinates the development of facilities on Site M at Fort George G. Meade (Ft. Meade), allowing for growth and expansion over time. Site M development is planned to consist of administrative buildings, operation buildings, High Performance Computing Centers (HPCC) and associated support facilities. The objective of the AT/FP component is to develop a plan for protection of the proposed Site M development. This plan is based on the mandatory DoD minimum antiterrorism standards as well the specific requirements of NSA/CSS Ft. Meade. The plan provides overall guidance for development of the site as well as specific design strategies for key AT/FP components. A layered approach to security has been applied to ensure probability of detection with low false and nuisance alarm rates.

One of the more interesting aspects of running a website like this is that you receive a lot of highly unusual email. Everything from the occasional death threat to advertisements for Kuwaiti GPS tracking systems, all mixed with the incoherent ramblings of people with advanced schizophrenic disorders. That’s okay. That’s what you expect. However, a recent trend has emerged that is basically incomprehensible to us. People send us email thinking we are all kinds of people, places, and organizations that we are not.

Binney, for his part, believes that the agency now stores copies of all e-mails transmitted in America, in case the government wants to retrieve the details later. In the past few years, the N.S.A. has built enormous electronic-storage facilities in Texas and Utah. Binney says that an N.S.A. e-mail database can be searched with “dictionary selection,” in the manner of Google. After 9/11, he says, “General Hayden reassured everyone that the N.S.A. didn’t put out dragnets, and that was true. It had no need—it was getting every fish in the sea.”

The U.S. needs a cybersecurity emergency response capability to help businesses under major attacks, a U.S. senator said Monday. “Who do you call if your CIO is overwhelmed, if you’re a local bank or utility?” Senator Sheldon Whitehouse said during a forum on cybersecurity at the University of Rhode Island (URI). “How can we preposition defenses for our critical infrastructure, since these attacks come at the speed of light?” Whitehouse, a Rhode Island Democrat, didn’t lay out details of a cybersecurity emergency response unit, but he said he hopes the U.S. Senate will pass a comprehensive cybersecurity bill this year.

Computers drawing enough electricity to power a small city will soon fill a National Security Agency data center on a 240-acre site where officials officially broke ground on Thursday. But that does not mean Utah is about to see a significant influx of NSA analysts who would not be able to tell their neighbors what they do for a living. Most of the long-term staff at the NSA’s Utah Data Center will have technical jobs, keeping the machines in the 100,000 square feet of computer space working — that within a complex that will include 1 million square feet of enclosed space. Building the mammoth computer center will bring 5,000 to 10,000 much-needed construction jobs through the time the center is finished in 2013. Long term, the staff will be comprised of 100 to 200 information technology specialists and mechanical and electrical engineers, Sen. Orrin Hatch, R-Utah, said at the groundbreaking. Specifics of the work those engineers will do is not being discussed. But Harvey Davis, the NSA’s associate director for installations and architect of the overall concept of the Utah Data Center, said the machines that will live in Utah are the essence of the NSA’s work.

FOUO NSA High Assurance Internet Protocol Encryptor (HAIPE) Briefing from December 2010.

FOUO NSA National COMSEC Security Incident Trends 2008-2009 Briefing from December 2010.