10:57am

Wed April 30, 2014
National Security

What's The NSA Doing Now? Training More Cyberwarriors

Originally published on Wed April 30, 2014 6:18 pm

The U.S. needs more cyberwarriors, and it needs them fast, according to Defense Secretary Chuck Hagel. He plans to more than triple the size of the Pentagon's Cyber Command over the next two years.

But where will they come from? These are not the kind of skills you can teach in basic training.

Enter the embattled National Security Agency. Its new director, Adm. Michael Rogers, also directs the Cyber Command. Ten miles down the road from the NSA, at a defense contractor's office in Columbia, Md., the NSA recently held a live-fire cyberwarfare exercise aimed at developing more cyberwarriors.

In a long room at the facility, big speakers pump electro house music. Several dozen people, many in military uniforms, cluster around computer stations. Hovering above them is the image of a skull and bones — a big Jolly Roger pirate flag.

This is a roomful of break-in artists — people who are experts at hacking into other people's computers.

Marine Capt. Robert Johnston leads what he calls a reconnaissance and initial access team.

"So we're the guys kinda pounding at the front door," Johnston explains, "finding all the open holes that we can, and beatin' down the door."

A Three-Day Competition

For three days, nonstop and around the clock, Johnston and his team launch cyberattacks on networks designed and defended by teams at the nation's top military academies, including one from the Naval Academy at Annapolis and one from the Military Academy at West Point. It's all part of CDX, an annual cyberdefense exercise run by the NSA.

The red-cell team hacking the academies' networks is made up of a mix of NSA and military cyber experts like Johnston. He did this last year, too, and thinks the military academies have gotten a lot better since then.

"I've been nothing but impressed, actually, from last year to this year," says Johnston. "I've felt like there's been some exponential growth in capabilities."

But the academies are still no match for the attack team the NSA has assembled. As four men in camouflage crowd around a computer screen, up pops the grinning face of Justin Bieber. It's evidence they've managed to deface a network defended by the Naval Academy.

The trophy for the best defense of a network goes to West Point this year, but practical considerations drive this exercise.

"We want to make this clear: This is not a game," says Shawn Turskey, leader of the NSA's red-cell team. "We're training our future leaders to fight through network adversity to conduct their mission and keep our nation safe."

The Shadow Of Edward Snowden

The CDX exercise has been going on for 14 years. This year's, though, is the first since former NSA contractor Edward Snowden hacked the spy agency itself and made off with thousands of top-secret documents. The episode only underscored how much damage can be done when networks do get breached.

But the NSA has another reason for holding this exercise: the possibility that some of these students at the military academies will take jobs there.

"Some have ended up working a tour here, maybe for three years, then on to another tour; it definitely happens," says the NSA's Dan Finnerty, the coordinator of this annual cyberbattle.

The U.S. armed forces provide around half of the spy agency's 35,000-member workforce, according to Finnerty.

Industry insiders say competition for top cyber experts in both the private and public sectors has never been so fierce.

"We're all fighting for the same talent — it's tough out there," says NSA recruitment marketing manager Lori Weltmann. But she insists the NSA is holding its own, especially when prospective employees get to know the agency's operations.

"Once you try NSA, you buy NSA," Weltmann says. "The work is exciting, and you can do things here that you can't do anywhere else."

That's the selling point, but it may also be the problem. Because of public indignation over the sweeping agency activities leaked by Snowden, "the last 12 months were extremely difficult for NSA," says Victor Piotrowski.

He directs a program called CyberCorps at the National Science Foundation that's focused on attracting students to cybersecurity careers. While CyberCorps' biggest customer is the NSA, Piotrowski says it's hard to know just how much the agency was hurt by Snowden's revelations.

"From the leaked documents, the public perception is really creating a very negative image of a lot of government programs," Piotrowski notes, "and that might be working, you know, somehow against our recruitment efforts."

Training At The Service Academies

The next generation of talent is being trained now at the nation's military academies. They happen to be at the incoming end of the CDX computer hacking exercise.

At the Naval Academy in Annapolis, midshipmen in a large classroom cluster around a computer whose network is being bombarded by the NSA's red-cell team. It's this academy's network where the NSA's red-cell team posted the face of Justin Bieber.

Second-year midshipman Bill Young sits at the keyboard trying to fend off attacks and keep the network up and operating. He'll be in the academy's first graduating class of cyber operations majors. Young says for him, the CDX exercise has been time well-spent.

"I've probably learned more in four days of working CDX than I have in two-plus semesters of taking information security classes," Young says. "Simply because you're doing it, you're seeing other people work with it."

This is the only military academy where every student is required to complete at least two courses in cybersecurity.

Capt. Paul Tortora, who directs the Naval Academy's Center of Cyber Security Studies, says the academy needs to be ready for a whole new theater of warfare.

"Cybersecurity, cyber awareness, cyber operations, so that we create an officer corps that has an understanding," Tortora says. "Then they go to the fleet, or the Marine Corps, and they can take the understanding of cybersecurity, cyber awareness to all their daily operations."

The NSA sees training exercises like CDX as an investment in future returns.

"We're in this for the long haul," says the NSA's Turskey. "We'll get immediate return, but down the road is what we're looking for to have that bigger payoff."

For the spy agency, that payoff could come with the new generation of cyberwarriors being bred at the nation's service academies — those who choose not just to try NSA, but to buy NSA.

Copyright 2014 NPR. To see more, visit http://www.npr.org/.

Transcript

MELISSA BLOCK, HOST:

This is ALL THINGS CONSIDERED from NPR News. I'm Melissa Block.

ROBERT SIEGEL, HOST:

And I'm Robert Siegel. Defense Secretary Chuck Hagel recently declared the United States reliance on cyberspace was outpacing its ability to defend it. So, Hagel plans to more than triple the size of the workforce at the U.S. Cyber Command over the next two years. Meeting that goal will take a lot more cybersecurity experts, who are in short supply. And this is where the NSA comes in. The National Security Agency has been under fire for its surveillance programs but it also plays a big role in cyber defense. The agency recently held an exercise to train more cyber warriors, and NPR's David Welna was there.

DAVID WELNA, BYLINE: Ten miles down the road from the National Security Agency at a defense contractor's office, big speakers pump electro-house music into a long room. Several dozen people, many in military uniforms, cluster around computer stations. Hovering above them is the image of a skull and bones, a big Jolly Roger pirate flag. What this is, is a roomful of break-in artists, people who are experts at hacking into other people's computers. Marine Captain Robert Johnston leads what he calls a reconnaissance and initial access team.

CAPTAIN ROBERT JOHNSTON: So, we're the guys kind of pounding at the front door, finding all the open holes that we can and beating down the door.

WELNA: And they do that for three days nonstop, 'round the clock, launching cyber-attacks on networks designed and defended by teams at the nation's top military academies - Annapolis, West Point. It's all part of CDX, an annual cyber defense exercise run by the NSA. The red-cell team hacking the academies' networks is a mix of NSA and military cyber experts like Captain Johnston. He did this last year, too. The military academies, he says, have gotten a lot better since then.

JOHNSTON: I've been nothing but impressed, actually. From last year to this year, I've felt like there's been some exponential growth in capabilities.

WELNA: But the academies are still no match for the attack team that the NSA's assembled.

The evidence: four men in camouflage around a computer screen - on it the grinning face of Justin Bieber. It shows they've managed to deface a network defended by the U.S. Naval Academy.

SHAWN TURSKEY: Now, we want to make this clear, this is not a game.

WELNA: Shawn Turskey is the NSA's red-cell team leader. This hacking exercise, he says, is done for practical reasons.

TURSKEY: We're training our future leaders how to fight through network adversity to conduct their mission and keep our nation safe.

WELNA: The CDX exercise has been going on for 14 years. But this one's the first since former NSA contractor Edward Snowden hacked the spy agency itself and made off with thousands of top-secret documents. That episode only highlighted how much damage can be done when networks are breached. But there's something else in this exercise for the NSA, the possibility that some of those students at the military academies will take jobs there.

DAN FINNERTY: Some have ended up working a tour here, maybe for three years, then on to another tour. It definitely happens.

WELNA: That's the NSA's Dan Finnerty. He coordinates of this annual cyber battle. Finnerty says the armed forces are a vital part of the agency's 35,000-member workforce.

FINNERTY: One out of every two employee in NSA is a military employee, so they're important to us.

WELNA: Industry insiders say the competition for top cyber experts in both the private and public sectors has never been so fierce.

LORI WELTMANN: We're all fighting for the same talent. It's tough out there.

WELNA: Lori Weltmann is the NSA's recruitment marketing manager. The problem, she says, is the soaring demand for a very limited supply of cyber experts. Still, she insists NSA is holding its own. In her words, once you try NSA, you buy NSA.

WELTMANN: The work is exciting and you can do things here that you can't do anywhere else.

WELNA: That's the selling point, but it may also be the problem.

VICTOR PIOTROWSKI: The last 12 months were extremely difficult for NSA.

WELNA: Difficult, says Victor Piotrowski, at least in part because of the NSA activities Edward Snowden revealed. Piotrowski is with the National Science Foundation and he directs a program called CyberCorps, focused on attracting students to the cybersecurity profession. The NSA is by far CyberCorps' biggest customer. Piotrowski says it's hard to know just how much the agency was hurt by Snowden's revelations.

PIOTROWSKI: From the leaked documents, the public perception is really, you know, creating a very negative image of a lot of government programs. And that might be working, you know, somehow against our recruitment efforts.

WELNA: The next generation of talent is being trained now at the nation's military academies. It's students, like the Naval Academy's in Annapolis, who are at the incoming end of the CDX computer hacking exercise. It's on their computer screens where the face of Justin Bieber showed up.

UNIDENTIFIED MAN #1: I don't know if maybe that's something you want to look at here. They're attacking Doc 54(ph). So, they're trying to hit web.

BILL YOUNG: They're trying to hit our specific one, right?

UNIDENTIFIED MAN #1: Yeah.

YOUNG: Midshipmen in a large classroom cluster around a computer whose network is being bombarded by the NSA's red-cell team. A second-year student named Bill Young is at the keyboard. He'll be in the academy's first graduating class of cyber operations majors. Young says for him, the CDX exercise has been time well-spent.

I've probably learned more in four days of working CDX than I have in two-plus semesters of taking information security classes, simply because you're doing it, you're seeing other people work with it.

WELNA: This is the only military academy where every student is required to complete at least two courses in cybersecurity. Captain Paul Tortora directs the Naval Academy's Center of Cyber Security Studies. He says the academy is preparing for a whole new theater of warfare.

CAPTAIN PAUL TORTORA: Cybersecurity, cyber awareness, cyber operations, so that we create an officer corps that has an understanding. Then they go to the fleet, or the Marine Corps, and they can take the understanding of cybersecurity, cyber awareness in all of their daily operations.

WELNA: Some of the students at Annapolis will end up pursuing cyber operations majors. They'll then owe the Navy or Marines five years of service. Bill Young, the cyber-ops major at the keyboard, says he's thinking his tour of duty in information warfare. Beyond that, he says, a huge number of civilian jobs are out there for people like him. Asked if he'd consider working for the NSA, Young hesitates.

YOUNG: You know, you always got to keep those options open. I don't know, you know, the NSA works for everyone. But certainly if, you know, you have the skills and they need you then that's a viable option.

WELNA: In fact, there's a good chance that when he's a commissioned officer, Young would serve at least some of his tour of duty working with the NSA. Whether he'd make it a career is an open question. The NSA's Shawn Turskey says training exercises like CDX are really an investment in the future.

TURSKEY: We're in this for the long haul. And we'll get immediate return but down the road is what we're looking for to have that bigger payoff.

WELNA: For the embattled spy agency, the payoff would be if the new generation of cyberwarriors being bred at the nation's service academies choose eventually not just to try NSA but to buy NSA. David Welna, NPR News, Washington.

(SOUNDBITE OF MUSIC)

BLOCK: This is NPR News. Transcript provided by NPR, Copyright NPR.