May 29, 2012, 3:04 PM — Approaching its 60th birthday, the National Security Agency (NSA) has a staff some 35,000 strong worldwide, and an impressive building complex in Fort Meade, Md., where the walls are lined with copper mesh to prevent electronic eavesdropping. True to its origins dating back to breaking enemy code during World War II, the agency has two primary missions: signals Intelligence (SIGINT) and information assurance (IA).
Although the NSA is typically depicted as the most super-secret of federal agencies, it does post valuable reports on security best practices on its Web site. And Neal Ziring, the NSA's technical director of the Information Assurance Directorate (IAD), recently agreed to an in-depth interview.
What is information assurance for the NSA?
"Information Assurance for us is the ability for our customers, national security customers, to know that their information is only accessible to those who need it, is accessible to those who need it when they need it, that it has integrity - it hasn't been altered - and more recently, cyber defense.
"We have certain responsibilities under National Security Directive 42 and we provide cryptography for the community, certain types of defensive services, security guidance, security analysis, security architecture and engineering services, and we perform key management on the behalf of the community."
(According to NSA's web site, the agency's customers include the White House, the CIA, the State Department, the Chairman and Joint Chiefs of Staff [JCS], military combatant commanders and component commands, military departments, multinational forces, and U.S. allies, as well as those that use national security information systems, and government contractors.)
How do you reach the vast number of people who staff your customer offices?
"This was a big thing for us when we started publishing security configuration guides. We said, how on earth can we reach all of our customers? There are so many, they are so diverse; all the government all the military, and we eventually decided that the only way we could reach all of our customers was to simply publish it to the public. It's on our web site today. You'll see all these security guides and fact sheets because that is the best way to ensure (1) that we reach all of our customers and (2) that the taxpayers get maximum value out of the work that the NSA has done." (To view and download IA Fact Sheets, go to www.nsa.gov, select Information Assurance | Mitigation Guidance | Security Configuration Guides | Fact Sheets. )
From a security standpoint, what is it like to work at the NSA?