In 2010, antivirus software companies around the world were puzzled when they detected a new worm in the wild. Although the worm freely and easily infected Windows operating systems, it appeared to do nothing else. Symantec analysts dubbed it “W32.Stuxnet.”
Whoever wrote the worm went to a lot of trouble to put it together. They had uncovered and exploited four different previously unknown (“zero-day”) vulnerabilities in Windows to create it. The degree of effort made the fact that the worm didn’t seem to want to cause any problems even more mystifying.
Further analysis did reveal a payload, however: when infecting a network on which a certain type of Siemens industrial control software was also located, the worm would modify the programmable logic controllers (PLC) of those devices with its own code. But again, in almost all cases, no malicious behavior was observed.
Only on a small fraction of those PLCs, those found to be running a type of centrifuge designed for purifying uranium, did the worm finally act. Subtly adjusting the pressure on the centrifuges, it would gradually wreck them, making it appear as if they simply failed prematurely in normal use.
As it turned out, that particular model of centrifuge was predominantly used in Iran’s nuclear development program. Roughly a fifth of them were wrecked, creating a significant setback for the Iranians.
Eyes soon turned to the countries with the biggest motivation to disrupt Iran’s nuclear program– Israel and the United States. And although it has never been officially acknowledged, one U.S. intelligence agency in particular had the capabilities to engineer such a powerful but subtle attack: the National Security Agency.
Long at the Forefront of Cybersecurity Work, NSA Now Also Occupies the Limelight
The National Security Agency was among the least known and most unheralded of agencies within the national security apparatus up until the 1970s. From its formation in 1952, insiders sometimes referred to it as “No Such Agency” and routinely denied its existence.
That changed in the 1970s when the Church Committee hearings revealed that the agency was the government’s primary technical resource for monitoring the communications of overseas adversaries. Using satellites, underwater cable taps, and listening stations scattered around the globe, the NSA intercepted transmissions and put its considerable cryptological braintrust to work deciphering them for the edification of the CIA (Central Intelligence Agency) and elected leaders.
As more communication became computerized, so did the NSA. Still at the forefront of supercomputer research, the agency put code to work breaking encryption and performing advanced signals analysis.
But that also put more of the agency’s data on computers– computers that were themselves vulnerable to penetration.
So the agency simultaneously developed considerable expertise in using encryption and information security best practices to defend itself. By the early 80’s, they had become the go-to resource for information security for the government in general. Figuring out how to break into enemy systems, it turned out, also taught them quite a lot about securing their own.
With this demand for expertise, the NSA formed the National Computer Security Center in cooperation with the Department of Defense (DoD). The Center published the famous Rainbow Books series; an early set of criteria for securing and evaluating trusted computer systems.
As hacking and cybersecurity have become the hot button issues of the day, the NSA has come more and more into the public eye– and its demand for cybersecurity analysts, auditors, engineers and administrators has skyrocketed.
Cybersecurity In The Shadows
Much of the day-to-day detail of cybersecurity at the NSA remains clouded in mystery, notwithstanding prominent leaks from one-time information security specialist Edward Snowden. But the agency has stepped forward publicly to help guide encryption standards for private use and to work with the Department of Homeland Security (DHS) and DoD to help other government agencies secure their systems against the latest hacking threats.
Behind the scenes, NSA cybersecurity experts are undertaking operations that the public can only guess at. The shadowy Tailored Access Operations (TAO) unit is rumored to be at the forefront of hacking efforts aimed at foreign governments and terrorist organizations. TAO is likely the unit responsible for developing Stuxnet.
Among other revelations, the Snowden leaks revealed that the NSA had been “spying on the spies” by penetrating the computer systems of foreign intelligence agencies. Such missions provided the unwelcome news that Chinese intelligence had broken into other American systems and stolen more than 50 terabytes of defense data, including plans to the brand new F-35 Joint Strike Fighter. As awful as the report was, without the NSA uncovering evidence of the theft, the DoD might never have learned the extent of the incursion.
Even as far back as 2013, the NSA claimed responsibility for disrupting more than 50 active terrorist plots by virtue of information intercepted or generated by their surveillance programs.
Cybersecurity Careers with the NSA
The NSA’s primary missions have always relied heavily on both secrecy and powerful computer systems. Their demand for cybersecurity experts has been enormous and continues to grow. But their requirements for secrecy and talent make landing a position difficult.
- Computer Network Defense Analysts use sophisticated tools to mine information from logs and intrusion detection systems to uncover penetration attempts or potential exploits
- Computer Network Operators perform real-time monitoring of systems and are responsible for securing them and responding to incidents
- Capabilities Development Specialists research technology to uncover vulnerabilities—both to help defend American data systems, and to penetrate those of foreign enemies
Applicants for any of those roles are expected to have experience in or education with computer or software engineering, networking, computer science, or information systems.
To that end, together with the DHS, NSA has established a program to certify Centers of Academic Excellence in Cyber Defense (CAE-CD) based on the type of qualifying program the institution offers:
- Center of Academic Excellence in Cyber Defense Education (CAE-CDE) for schools offering four-year and graduate degrees
- Center of Academic Excellence in Cyber Defense Two-Year Education (CAE-2Y) for community colleges offering two-year degrees
- Center of Academic Excellence in Cyber Defense Research (CAE-R) for research institutes
In any case, earning a cybersecurity degree at one of the designated institutions will give NSA job candidates an edge.