Not every leading scientist in the U.S. government can pack a conference room for a talk about securing cyberspace. But when the scientist is Dr. Deborah Frincke, who leads the National Security Agency's Research Directorate and is one of the nation's top researchers in the field, people sit up and listen.
On Thursday afternoon, August 13, 2015, Frincke addressed a roomful of academic and industry members at the 24th annual USENIX Security Symposium on Capitol Hill in Washington, D.C. Many sat on the floor or leaned against the walls to hear Frincke's talk about NSA's research efforts, "Perspectives on Securing Cyberspace." USENIX, the nonprofit Advanced Computing Systems Association, and its annual Security Symposium attract researchers, practitioners, systems programmers and engineers, and others interested in advancement of security of computer systems and networks.
"It's my job to make sure the U.S. maintains an advantage over threats and adversaries using science," Frincke said.
She explained three research areas that support NSA's missions of foreign signals intelligence and information assurance: protecting America's cyberspace, discovering information about America's adversaries, and defending the nation by putting information assurance and signals intelligence together in real, "cyber" time, Frincke said.
NSA's Research Directorate is the largest in-house research group in the U.S. Intelligence Community (IC).
Frincke's threefold career in academia, the Department of Energy National Laboratory system, and private industry gave her a unique perspective and an open mind when she came to NSA four years ago, she said.
Frincke said her broad experience comes into play on a daily basis, as the research she leads at NSA doesn't just support military operations, but keeps America safe in myriad ways. NSA thwarts terrorists, protects nuclear weapons, exploits foreign signals, develops and shares cyber security technology, and supports hostage rescue.
"We literally do save lives," Frincke said. "I work with people who are the smartest, most ethical in the country, and they care deeply about the Constitution."
NSA's research improves signals intelligence—getting it, knowing it, and using it, Frincke said. When NSA's overseers request data to inform decisions, the results of effective intelligence-gathering and analysis are handed off to those who can act on the information.
In particular, NSA research focuses on improving the capabilities of those with the most critical and time-sensitive missions, such as the NSA/CSS Threat Operations Center (NTOC). NTOC identifies, and counters threats, 24/7, to U.S. national security systems and critical infrastructure (alongside its Homeland Security and Law Enforcement counterparts), Frincke said. NSA research must focus not only on current day-to-day activities and needs of these critical groups, but how their processes and technology can transform to make them more effective in defending the nation, Frincke said.
"You hear a lot of conversation in this old vocabulary about protecting things, but what we're really doing is protecting civil liberties, and the life we've become accustomed to," Frincke said. "NSA isn't successful unless this country is free."
NSA's work and research defends social networks, hospitals, critical infrastructure, financial data, and travel from malicious groups, nation-state actors, rogue individuals, hacking groups, and insider threats, Frincke said.
NSA research also focuses on cyber resilience, a necessary part of securing the nation, Frincke said.
The goal of cyber resilience research is to create a sustainable defense against cyber threats, she said. "It's a whack-a-mole game—the more you whack the mole, the more the adversary will learn how you're doing the whacking."
NSA is researching the science of privacy, as well. While the science of cybersecurity is newly developing, the science of privacy is even more novel.
"You're technologists, so I know many of you are involved in privacy research and civil liberties, and I thank you for that," Frincke said. "The choices we have to make as a world are deeply personal, and there needs to be a broad debate. . . . As a globe, we're better off when we have more eyes on the problem."
Frincke said the overall goal of the science of privacy will be to seek out ways where scientific approaches are appropriate, for instance, to create meaningful, scalable, and manageable ways of handling new technologies and capabilities that evolve with our culture's decision about what privacy really means. In the meantime, working with the community is critical. She emphasized NSA research's open-source releases, including SIMON and SPECK, the cryptographic building blocks NSA openly released for study and use in securing RFID and other Internet of Things technology.
An attendee at her talk asked Frincke about open source releases, and NSA's relationship with the cybersecurity community. Frincke explained that public engagement—like participation in USENIX, along with pushing to publish standards and journal articles and being more open and transparent are ways NSA research is building relationships with the public, industry, and academia.
External engagements such as open source release of software and standards helps bring others into research partnerships with the agency, Frincke said, and working together sets the groundwork for trust.
In pointing out the wide-ranging scope of NSA's research initiatives, Frincke said, "The deputy director asked me to consider time travel, but I think it was a joke," prompting audience laughter.
Frincke emphasizes diversity in all areas, but especially in her research work.
"We have a large, vibrant workforce. People are surprised by how diverse NSA research is," Frincke said. "The more eyes you can get on a problem, the more you can take advantage of the passion and the knowledge others bring with their diverse perspectives. And then we can get out of the 'same-old' mindset."
For more information about NSA's Research Directorate, visit the Research section of NSA.gov.