A lot of the language sounds like the same kind of McKinsey claptrap we saw in the CIA reorganization, which makes me wonder whether McKinsey got to NSA as well.
NSA21 is the result of an effort by the NSA workforce who, together with the Agency’s leaders at all levels, collectively sought to answer a critical question ADM Rogers asked early in his tenure: “How do we ensure the same or higher level of success five to ten years into the future?” Foreign threats to our national security are complex and evolving. As it has done throughout its history, NSA regularly assesses its processes and structure to make sure the Agency is optimized to defend the nation. In other words, NSA is always dedicated to staying ahead of current and anticipated threats.
The launch of NSA21 is the beginning of a forward-leaning, decisive response. It is a two-year plan to position the Agency to meet increasingly complicated challenges stemming from the proliferation of asymmetric threats to national security, the rapid evolution of the global communications network, fast-growing demand for NSA’s products and services, and the continuing evolution of our cyber mission.
Drawing on the results of workforce surveys, focus groups, and hundreds of interviews with internal and external stakeholders, NSA21 centers on three key themes:
But I’m most struck by the bullets NSA uses to describe its job:
Protecting the warfighter.
Containing, controlling, and protecting strategic weapons.
Note every single bit of offensive action is eliminated here, even for the terrorists that NSA data contributes to drone-killing. Gone, too, is the NSA’s job to develop intelligence to make our “warfighters” more effective in killing our foes, turned into a strictly protective role. Not mentioned at all are some other missions, like learning what foreign officials and key other global players are doing or countering transnational crime.
But I’m most interested in how, in a release explaining the need to merge IAD with NSA’s spying function, NSA describes its cyber function: “enhancing cybersecurity.” It’s not so ambitious to say it will prevent cyber attacks on US networks (which is what it should aspire to, however unrealistic a goal). More importantly, it pretends that everything it does is about enhancing security, when in fact its optimal end state would be exclusive determination of who got to use certain cyber tools.
The point is, the NSA’s job is not enhancing cybersecurity for everyone: it’s about undermining cybersecurity for many many people around the globe. It shouldn’t even be about enhancing the cybersecurity of private corporations (though business entities continue to get the federal government to expand their protection without offering anything in exchange). The NSA’s job isn’t even policing global networks in search of the bad cyberbadguys, because it is a cyberbadguy to much of the world.
Only part of NSA’s job is “enhancing cybersecurity,” and only for some entities. I can understand why you’d want to pretend otherwise in a release about a move that may weaken cybersecurity. But it’s just transparent PR.