The close-knit relationship between the National Security Agency and U.S. Cyber Command is well known in the defense community, but documents from a series of Freedom of Information Act requests offer greater detail about the organizations’ partnership.
The Department of Defense chose to co-locate Cyber Command with the NSA in 2009 as a way to leverage the infrastructure and expertise at the nation’s largest spy agency. Michael Hayden, former director of NSA, told Fifth Domain previously that Cyber Command is co-located at Fort Meade because NSA doesn’t have the legal authority to manipulate or destroy data and systems, and because the NSA “has the operational ability to do that by virtue of conducting this surveillance.” In other words, Cyber Command provides the offensive complement to NSA’s immense technical capability and access.
The documents, part a trove released May 3 by the National Security Archive at George Washington University and made available to Fifth Domain prior to publication, describe how the NSA supported the creation of the cyber mission force and the teams that lead offensive cyber operations. The cyber mission force is the 133 team cadre of cyber warriors that conduct offensive and defensive operations. The documents walk through fiscal years 2014 to 2016.
“Given the increasing threats to our nation’s critical infrastructure and DoD networks, it is imperative that we establish, train, and employ equipped cyber mission forces as expeditiously as possible,” a March 2013 task order establishing the cyber mission force, read. “We will maximize our operational relationship with the National Security Agency (NSA) to maintain the greatest level of operational capability during the FY13 force build and to set conditions for a successful build-out of the agreed to forces through FY16 force presentation model.”
This order also directs the creation of Joint Force Headquarters-Cybers. These entities, also led by each of the four service cyber component commanders, are responsible for planning, coordinating and conducting offensive cyber operations in support of the combatant commands they are assigned to. These organizations were aligned with NSA’s cryptologic centers in Hawaii, San Antonio, Georgia and Fort Meade to maximize that expertise.
The same 2013 task order also requests the intelligence agency participate in periodic reviews of “to determine optimal future alignment for providing best use of NSA limited resources.”
In addition, Defense Department leaders asked NSA to develop a detailed plan to assist Cyber Command in transitioning the cyber teams that existed at the time into newly formed so-called combat mission teams. Those teams support combatant commands in offensive cyber and intelligence gathering to ensure continued support to Central Command. As the plans matured, follow on orders provided more roles for NSA to support Cyber Command and cyber mission force personnel.
An October 2013 order said that NSA should coordinate with Cyber Command to determine viable solutions for facilities for “FY14” teams as well as interim and long term solutions for information technology shortfalls. Those teams planned to work at four cryptologic centers.
While this 2013 order clearly references the NSA cryptologic centers, both by name and location, for CMF forces to locate and operate, a 2015 task order provided in the documents appears to redact those locations. As depicted in the screenshots below, the highlighted portions on the left in the 2013 order (right) appear to be redacted in the 2015 document (left).
Similar redactions appear elsewhere in the documents, again focusing on the location of forces at NSA facilities, as well as appearing to omit “shortfalls” in IT systems.
The NSA’s support has been documented in past reporting and documents. Sources have said that NSA regularly shares personnel and infrastructure with Cyber Command. There’s even a colloquial phrase in which NSA operators “flip their hats,” from Title 50 intelligence operations to Title 10 military operations. Such actions have made some former employees uncomfortable.
The National Security Archive’s trove also includes a 2015 Department of Defense inspector general’s report outlining how certain cyber teams lacked adequate capabilities and facilities to perform their missions. The report was previously made public in a heavily redacted form. The document noted that NSA provides work space for offensive, defensive and support cyber teams “through leased facilities, new construction, or renovations to existing NSA cryptologic centers.”
Cyber Command now has its first dedicated facility in its Integrated Cyber Center and Joint Operations Center, or ICC/JOC. The center, located at Fort Meade, puts Cyber Command, NSA, other government organizations and foreign partners together under the same roof to better synchronize, coordinate and de-conflict cyber operations.