News | April 5, 2018

NSA's Cybersecurity Operations Mission in the Public Eye

By David Hogue

Portrait of David Hogue

Until four years ago, destructive cyber-attacks were rare, though very notable, resulting in national security implications and generating widespread public concern. The 2014 attack on Sony Motion Pictures, performed by the Democratic People's Republic of Korea (North Korea), was one such incident.

More recently, news headlines such as the Equifax breach and the cyber-attack during the Olympic Opening Ceremony have showcased the continued aggressive and disruptive activities in the cyber threat landscape. These two instances represent the range of disruption that such attacks can cause. While the Olympic attack only caused a momentary take-down of the Olympics website; the Equifax breach, however, resulted in the potential exposure of sensitive data on 145.5 million U.S. consumers. The rising regularity of these attacks are evidence that we are in the midst of a troublesome escalation in major, upsetting incidents.

This trend did not take NSA by surprise. For more than 65 years, the National Security Agency has worked hard to stay ahead of such threats, which are real, evolving, and growing.

NSA has two complementary missions - 1.) We provide foreign intelligence to our national leaders and combatant commanders in defense of the Nation, and 2.) We provide solutions to secure and defend National Security Systems (often referred to as NSS), which handle the most sensitive data of the federal government and military.

Those two missions come together in NSA's Cyber Threat Operations Center (NCTOC), where we leverage our unique insights to foreign threat actors to ensure the Nation's critical networks are equipped with this knowledge and defended to the best of our ability. Our Operations Center has historically focused on the top four cyber threats identified by the Director of National Intelligence: China, Iran, Russia, and North Korea. Coupled with an increase in the frequency and boldness of attacks have certainly increased, we have seen fundamental shifts in the way our adversaries operate in cyberspace, as they continuously aim to conceal their activity and evade detection.

As NCTOC, works significant cybersecurity events occurring throughout the world, we equip our partners with the intelligence necessary to ensure a robust national cyber network defense posture. Furthermore, NSA is striving to be more involved in the public discourse on cybersecurity, helping to educate and inform cybersecurity practices. Learn more about the NCTOC Top 5 Security Operations Center Principles.

Recognizing that the dynamic cybersecurity threat landscape demands an around-the-clock vigilance, NCTOC has made one of the largest cybersecurity personnel investment in 24/7/365 operations across the U.S. Government. In partnership with U.S. Cyber Command and the Defense Information Systems Agency (DISA), NCTOC is on the ‘front lines' in defending the unclassified Department of Defense (DoDIN) network, which serves over 2.9 million users in places ranging from the battlefields in Afghanistan to the nation's capital. For me, it is both an honor and a privilege to be a part of this dedicated workforce. Our mission never sleeps as we defend the nation's most critical networks.


Looking for more information on cybersecurity? Check out NSA’s cybersecurity page.