Cybersecurity

What is NSA's role in U.S. cybersecurity?

Our main role is to help protect and defend National Security Systems:

• These include networks that contain classified information, or that are otherwise critical to military and intelligence missions.
• These systems face constant, rapidly evolving cyber threats from the world's most capable adversaries.
• Military service members in harm's way and our nation's leaders are among those who rely on NSA's efforts.

Our cybersecurity contributions are unique:

• Our foreign intelligence mission enhances our cybersecurity mission with key insights.
• We have practical experience with the ways adversaries exploit networks, and what is truly effective in thwarting intruders.
• We can also inform defenses as we see hostile foreign powers develop cyber capabilities and operate.

What we do:

• We defend - NSA runs 24/7 cybersecurity operations watching for and helping counter threats to, and implementing strategic defense measures for, National Security Systems. As we handle cybersecurity events on those systems, we supply our partners with threat intelligence for network defense.
• We set the standards - NSA lives on the cutting edge of technology; through innovation and partnerships, we identify vulnerabilities, develop solutions, and set standards for National Security Systems.
• We advance the state of cybersecurity -
  • We publish advisories, guidance, and best practices for cybersecurity professionals.
  • We share technology through NSA's Technology Transfer program.
  • We promote cybersecurity knowledge through our Science of Security and Privacy Initiative.
  • We develop the next generation of cyber professionals with programs like the NSA Cyber Exercise (NCX), and the Centers of Academic Excellence in Cybersecurity.

Resources for Cybersecurity Professionals

Below are our current cybersecurity advisories and risk notices, and also tips and advice on broader cybersecurity topics.

Cybersecurity Advisories and Operational Risk Notices (ORNs)

• Advisory: Drupal Unauthenticated Remote Code Execution Vulnerability (April 2018)
• ORN: Multiple Critical Vulnerabilities Identified in CISCO Smart Install (April 2018)
• Advisory: CISCO Updates Critical Remote Code Execution Vulnerability for ASA (February 2018)
• Advisory: DotNetNuke Remote Code Execution Vulnerability (January 2018)
• Advisory: Vulnerabilities Affecting Modern Processors (January 2018)
• Advisory: RSA SecureID Token Authentication Agent Vulnerabilities (December 2017)
• Advisory: RSA Key Generation Vulnerability Affecting Trusted Platform Modules (October 2017)
• Advisory: Mitigations for Key Reinstallation Attacks Against WI-FI Protected Access II (WPA2) (October 2017)
• Advisory: CISCO Smart Install Protocol Misuse (August 2017)
• ORN: Network Security Devices Utilizing Vulnerable Weak Signature Algorithms in TLS (June 2017)

Featured Tips, Guidance, and other cybersecurity advice

• Info Sheet: 2018 Cybersecurity Highlights (October 2018)
• Info Sheet: Best Practices for Keeping Your Home Network Secure (September 2018)
• Info Sheet: Identity Theft Threat and Mitigations (September 2018)
• Tech Report: A Guide to Border Gateway Protocol (BGP) Best Practices (September 2018)
• Info Sheet: Cloud Security Basics (August 2018)
• Info Sheet: Blocking Unnecessary Advertising Web Content (July 2018)
• Tech Report: WPA3 Will Enhance Wi-Fi Security (June 2018)
• Info Sheet: Mobile Device Best Practices When Traveling OCONUS (May 2018)
• Info Sheet: Steps to Secure Web Browsing (May 2018)
• Info Sheet: Windows 10 for Enterprises Security Benefits of Timely Adoption (April 2018)
• Info Sheet: NCTOC Top 5 Security Operations Center (SOC) Principles (March 2018)
• Info Sheet: UNFETTER (March 2018)
• Info Sheet: Top 10 Mitigation Strategies (March 2018)
• Info Sheet: UEFI Advantages Over Legacy Mode (March 2018)
• Info Sheet: UEFI Lockdown Quick Guidance (March 2018)

Archive for Advisories, ORNs, Guidance, Tips, etc. (IAD.gov Library Archive)

Other Resources

Resources for Students & Educators

NSA partners with schools to develop the talent and tools we need for national security challenges like cybersecurity. Please check out our offerings for:

• Students
• Educators
• Academic Researchers
• and Centers of Academic Excellence for Cybersecurity

Information for Careers

NSA prides itself on cultivating world-class cybersecurity professionals who solve increasingly complex and dynamic challenges. We offer valuable career development programs for employees, and we offer students hands-on experience through paid internships, scholarships and co-op programs.

• Apply for a career now
• Career fields
• Development Programs
• Internship and Scholarship Opportunities

Resources for Partners & Customers

NSA partners with allies, industry and researchers to strengthen cybersecurity awareness, to advance the state of cybersecurity. See below for resources, partnership opportunities. Note: Links below include some gated content. Partners and customers can register here for access to gated content.

Cybersecurity Advisories, Risk Notices, Tips and Advice for Partners & Customers

• Advisory: WordPress Plugin "WP Symposium" Remote Code Execution CVE-2014-10021: (June 2018)
• Advisory: How to fulfill the Requirement to Upgrade Symantec Proxy CAS (June 2018)
• Other cybersecurity advisories, risk notices, tips and advice

Partnership Opportunities:

• Commercial Solutions for Classified (CSfC)
• National Information Assurance Partnership
• Office of Small Business
• Technology Transfer Program
• Science of Security and Privacy

Resources:

• Committee for National Security Systems (CNSS)
• NSA GitHub
• Trusted Systems Research Group (formally NIARL)
• UNFETTER