NSA News & Highlights

Dec. 19, 2023

NSA Publishes 2023 Cybersecurity Year in Review

The National Security Agency (NSA) published its 2023 Cybersecurity Year in Review today to share its recent cybersecurity successes and how it is working with partners to deliver on cybersecurity advances that enhance national security. This year’s report highlights NSA’s work with U.S government partners, foreign partners, and the Defense Industrial Base.

Dec. 14, 2023

NSA Releases Recommendations to Mitigate Software Supply Chain Risks

In response to an increase in cyberattacks to supply chains over the past five years, including targeted attacks of software supply chains, the National Security Agency (NSA) is releasing the Cybersecurity Information Sheet (CSI), “Recommendations for Software Bill of Materials (SBOM) Management.” This CSI provides network owners and operators with guidance for incorporating SBOM use to help protect the cybersecurity supply chain, with a focus on and some additional guidance for National Security Systems (NSS).

Dec. 13, 2023

Russian Cyber Actors are Exploiting a Known Vulnerability with Worldwide Impact

The National Security Agency (NSA), Federal Bureau of Investigation (FBI), and co-authoring agencies warn that Russian Foreign Intelligence Service (SVR) cyber actors are exploiting a publicly known vulnerability to compromise victims globally, including in the United States and in allied countries. To raise awareness and help organizations identify, protect, and mitigate this malicious activity, the authoring agencies have jointly released the Cybersecurity Advisory (CSA), “Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally.”

Dec. 12, 2023

NSA Issues Recommendations to Protect Software Defined Networking Controllers

The National Security Agency (NSA) has released the Cybersecurity Information Sheet (CSI), “Managing Risk from Software Defined Networking Controllers.” The report provides recommendations to help National Security Systems (NSS), Department of Defense (DoD), and Defense Industrial Base (DIB) network administrators mitigate the risks associated with software driven network management solutions, such as Software Defined Networking Controllers (SDNC).

Dec. 11, 2023

NSA and ESF Partners Release Recommended Practices for Managing Open Source Software and Software Bill of Materials

FORT MEADE, Md. – The National Security Agency (NSA), Office of the Director of National Intelligence (ODNI), the Cybersecurity and Infrastructure Security Agency (CISA), and industry partners have released a cybersecurity technical report (CTR), “Securing the Software Supply Chain: Recommended Practices for Managing Open Source Software and Software Bill of Materials,” which builds on the “Enhancing the Security of the Software Supply Chain through Secure Software Development Practices” paper [link] released by the Office of Management and Budget (OMB).  

Dec. 7, 2023

Doing It Until We Got It Right: A Short History of the Pearl Harbor Investigations

On December 7, 1941, Japanese naval aircraft swept in on an unsuspecting US Pacific Fleet and Army in the Hawaiian Islands and destroyed many American ships and aircraft. In a little over two hours, 18 warships—including eight battleships—and over 160 aircraft were knocked out of action. With Japan’s eastern flank secured, its forces would rampage through the rest of the Pacific virtually unopposed.

Dec. 7, 2023

NSA, UK National Cyber Security Centre, and Partners Release Update About Russian ‘Star Blizzard’ Spear-phishing Campaign

he National Security Agency (NSA) has joined the UK National Cyber Security Centre (NCSC-UK) and other partners in releasing the Cybersecurity Advisory (CSA), “Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-Phishing Campaigns,” to raise awareness of the specific spear-phishing techniques used by Star Blizzard to target individuals and organizations, including the U.S. government and Defense Industrial Base, and to provide guidelines to protect against the continued threat.

Dec. 6, 2023

U.S. and International Partners Issue Recommendations to Secure Software Products Through Memory Safety

FORT MEADE, Md. - The National Security Agency (NSA) joins Cybersecurity and Infrastructure Security Agency (CISA) and U.S. and international partners in releasing ”The Case for Memory Safe Roadmaps” Cybersecurity Information Sheet (CSI). Expanding on the “Software Memory Safety” CSI published by NSA in April 2023, the report provides guidance for software manufacturers and technology providers to create roadmaps tailored to eliminate memory safety vulnerabilities from their products.

Nov. 30, 2023

NSA's Morrison Center Earns Gold LEED Certification for Sustainability

The Morrison Center, constructed on the National Security Agency (NSA)/Central Security Service (CSS) Washington East Campus, has received the U.S. Green Building Council’s Leadership in Energy and Environmental Design (LEED) Gold certification — the first project on the campus to earn the designation.

Nov. 28, 2023

NSA Volunteers Give Back at Sandalwood Elementary

BALTIMORE, MD. — Seven National Security Agency (NSA) employees took the phrase “giving back to the community” to heart during a recent visit to Sandalwood Elementary School where they shared cyber safety tips with 4th and 5th grade students and talked about their careers at NSA.