NATIONAL SECURITY CENTRAL SECURITY SERVICE 1 DECEMBER 2000 Derived From Manual 123 Dated 24 February 1998 Declass v 1 - - - u- U TABLE OF CONTENTS U Organization And Management 1 U Overview U Mission Statement 2 U Organizational Structure 3 U 3 U MANAGEMENT 7 U Regulatory Authority 8 U Management Studies and Issues 9 U EXTERNAL PROCESS 13 U BUDGET 18 U Budget Ovemiew 18 U Budget Detail 20 U Budget Trends 71 U Budget Issues 24 U PERSONNEL 26 U Work Force 26 U Summary of Statistics 26 U Personnel Management Issues 30 U POLICY ISSUES 31 U POLICY DEVELOPMENT PROCESS 31 U MAJOR POLICY ISSUES 11 em mm U ORGANIZATION AND MANAGEMENT nu as U OVERVIEW U INTRODUCTION U The National Security Agency is the nation's organization and as such is charged with two primary missions exploiting foreign communications also known as Signals Intelligence SIGINT and protecting U S information systems also called Information Assurance U A high-technology organization NSA is on the frontiers of communications and information technology and is also one of the most important centers of foreign language analysis and research within the Government U Founded in 1952 NSA is part of the Department of Defense and a member of the US Intelligence Community NSA supports military customers national policymakers and the counterterrorism and counterintelligence communities as well as key international allies Agency headquarters are located at Fort George G Meade Maryland in the Baltimore Washington corridor U RESEARCH U NSA also has one of the US Government s leading research and development programs Some of the Agency s projects have yielded state-of the-art technologies in the private sector For example early interest in research led to'the rst large-scale computer and the rst solid-state computer predecessors to the modern computer NSA also broke new ground in computer storage devices quantum computing 'and semiconductor technology Moreover NSA holds world records in quantum design and biometrics and public key and U HISTORY U SIGINT is a unique discipline with a long and storied past modern era dates to World War II when the United States broke the Japanese military code and learned of plans to invade Midway Island SIGINT is believed to have helped shorten the war by at least a year Today SIGINT plays a vital role in keeping our country s key decision-makers apprised of rapidly changing world events and in safeguarding U S personnel around the world U THE NSA WORK FORCE U The NSA work force consists of highly talented military and civilian members with a wide array of skills and expertise mathematicians physicists intelligence linguists computer scientists and engineers In fact NSA is said to be the largest employer of mathematicians in the United States and perhaps the world This work force combined with nationwide strategic 1 7 alliance with a consortium of contractors and academia has been the key to all past successes and remains our foundation for the future U EMERGING CHALLENGES continues to be challenged by an increasingly dynamic set of customer demands transnational terrorism narcotics traf cking organized crime counterintelligence alien smuggling asymmetric threats and international disputes Our military forces are more likely to be involved in coalition warfare regional con icts peacekeeping operations and nontraditional operations than in the past At the same time the rapid and unfettered growth of global information technology makes both of the Agency s missions harder and more important than ever To meet these emerging challenges NSA has embarked on an ambitious corporate strategy to transform its operations to a service based architecture that includes a re-engineered system with interoperability across the Community and common connectivity with our customers This mandate for change rmly establishes SIGINT and Information Assurance as major contributors in ensuring information superiority of U S war ghters and policymakers U A PROUD BRIGHT FUTURE Sj'The National Security Agency has a proud tradition of serving the nation NSA has been credited with preventing or signi cantly shortening military con icts thereby saving lives of US military and civilian personnel NSA gives the nation a decisive edge in policy interactions with other nations in countering terrorism and in helping stem the ow of narcotics into our country NSA has been the premier information agency of the industrial age and through ongoing modernization and cutting edge research will continue to be the premiere knowledge agency of the information age U MISSION STATEMENT U INFORMATION SUPERIORITY FOR AMERICAAND ITS ALLIES U Intelligence and information systems security complement each other Intelligence gives the nation an information advantage over its adversaries Information systems security prevents others from gaining advantage over the nation Together the two functions promote a single goal information superiority for America and its allies U ORGANIZATIONAL STRUCTURE UNCLASSIFIED National Security Agency Central Security Service Office of the Director Chief of Staff Corporate Strategy INFORMATION ASSURANCE Research Information Human National installations Technology Resources and Infrastructure School Logistics Service UNCLASSIFIED U GOALS U BREAKTHROUGH GOAL TRANSFORM THE SYSTEM U must master and operate in the global net of tomorrow To do so we must re ne requirements better understand and help inform customer expectations and selectively disinvest some current operations to free up resources to modernize In restructuring must assess risk inform customers of lost capability and quantify the growth in resources needed to sustain capability and reach a transformed state We must inform our stakeholders of our intentions strengthen our strategic alliances with our partners and together build the uni ed architecture that will enable us as a community to meet the nation s needs U In transforming the system the must shift signi cant emphasis and resources from current products services and targets to the modern and anticipated information technology environment for both SIGINT and Information Assurance The must be capable of operating with our partners seamlessly in the global network where possible sustaining our global response and when necessary succeeding through tailored access We must create secure agile and 3 interoperable capabilities to provide our customers with desired information and security products and services in the modern environment where we and our targets co-exist in the same global network Only through greater collaboration and interoperability with partners can we move through the transformation period and achieve our end state successfully U Our Information Assurance business must continue to rapidly change and grow In the space of a decade our nation and our allies have become highly dependent on information systems to conduct essential business including military operations civil government and national and international commerce We must provide our increasingly diverse customer set emerging government and commercial off-the-shelf technologies and techniques to protect their information We will also provide the highest level of protection to our SIGINT system We will develop our newest line of business Defensive Information Operations D10 so that we can assist customers in identifying verifying and responding to attack our missions progress synergy among professionals performing each mission will be of paramount importance to our overall success The lines will blur between strictly SIGINT and INFOSEC disciplines and we will only survive if we learn to share all we know about the global network across our two missions and determine jointly how we provide pertinent intelligence and information assurance products and services to our customers U strategic goals and objectives are structured to achieve this end state and its business plan will identify the speci c shifts of resources burdens and capabilities required to achieve those goals and objectives Our overarching goal is transformation U GOAL 1 U Ensure reSponsive intelligence information and information assurance for national decision makers and military commanders U Collaborate with customers continually to re ne needs and priorities and to identify the Uni ed System response within resource constraints - U Increase ability to protect networked communications U Maintain current protection posture in other environments where resources permit - U Selectively increase production of information from the global network a U Sustain production of intelligence through global response as resources permit U In close collaboration with and Intelligence Community partners establish tailored access to specialized communications when needed 49mm scenes 4x4 U Work with our customers to implement mission management systems for SIGINT and IA U GOAL 2 U Continuously modernize the system by using advanced technology to provide solutions for the production and protection of information U Deploy tools ef ciently to sort process move and store information U Deploy a modern secure web-based analysis reporting and dissemination system U Work with our partners to deploy mission management systems for SIGIN and D10 U Achieve the Uni ed Architecture objectives of a common information infrastructure by establishing interoperability among systems both internally and with those of customers and partners U Ensure the availability of leading edge technologies and advanced mathematics through community industry and academic partnerships U Deploy a robust layered and secure information technology infrastructure to support diverse communities of interest U As resources permit deploy technology to meet operational requirements in non-networked environments U GOAL 3 U Shape the work force to meet SIGINT and Information Assurance mission challenges U Build and sustain a diverse civilian military both active and reserve and contractor work force with the right skill mix to respond to mission requirements U Expand mission driven education training and career development to optimize individual and team performance to achieve our goals and objectives U Increase intra and interagency collaboration including rotational assignments training and joint analysis and problem solving U Apply personnel management techniques and reward performance and behaviors that ensure mission accomplishment and are linked to our goals and objectives dame T U Maintain a trusted work force through effective personnel security programs U Provide equal opportunity in all human resource policies and practices and safeguard employees health safety and physical security U GOAL 4 U Maximize the use of resources through effective business processes and prudent risk to achieve and sustain Information Assurance solutions and responsive Signals Intelligence U Reallocate and consolidate resources to achieve a transformed system U Strengthen partnerships within the community to more efficiently exploit the global network U Re engineer internal business processes using best practices to maximize the return on investment for both missions U Deploy a corporate management information system to enable better decision- making U Implement effective systems engineering and disciplined program management as central components of our end-to-end modernization effort U Pursue programmatic increases to accelerate the transformation of the system and to meet the increasing requirements for Information Assurance solutions U Understand and communicate resource limitations U Provide the work force with the environment systems and facilities it needs to il ll the mission U CHAIN OF COMMAND UNCLASSIFIED U MANAGEMENT NSAICSS and the Intelligence Community Dark lines in the chart below show a managerial relationship while dashed lines show a budgetary or advisory relationship The President National Security Council President's Foreign Intelligence Advisory Din Ce Hflvil Ell-lung Din-- Lu snle liugsre'h DI put 5w rt Lsry I I 2- - D-Jeclm CIA Mai-one Intelligence DPDUIY Dram Centra lr le uqerme lo C s-mm y C- zmmumlv Mar-ageinen' Stall Cernrai Imeihqenne Agency STA TE Burea cf and JUSTICE DEPARTMENT FBI Nations Sammy TREASURY DEPARTMENT Of ce sf Intelligence Sup-par ENERGY DEPARTMENT cl Er-ergy lnlellgence I I I Neil gence Gems n'ly C-zm'mnee Asestaas Secretary of Defense Agasstani Secretary of De ense Mr 331 Asslsian Secrelary of the Alf Force for Space NATIONAL HECOT INAESSAI ICE NATIONAL SECURITY AGENCY - I AND MAPPING I Chiefs cf Sta l J2 Defense inlelingeruce Agency N ne Unlined Commands 'mlell gence Depanmenl Secretaries Service Chneis anr men respective inleiligence nerds U REGULATORY AUTHORITY U AUTHORITIES AND RESPONSIBILITIES OF THE DIRECTOR SA U NSA was established pursuant to the 1952 Truman Memorandum The Truman Memorandum recognized that communications intelligence activities of the US are a national responsibility and designated the Department of Defense as the executive agent of the Government for the production of communications intelligence U missions and functions have been de ned and enhanced in a series of Executive Orders E0 and other documents principally 13 0 12333 United States Intelligence Activities and National Security Council Intelligence Directive NSCID 6 Signals Intelligence E O 12333 describes the organization of the Intelligence Community and details the responsibilities of the heads of each Agency NSCID 6 establishes NSA and spells out responsibilities and authorities of the Director including some classi ed relationships that are not found elsewhere U In accordance with the Goldwater-Nichols DOD Reorganization Act of 1986 the Secretary of Defense SecDef designated NSA as a combat support agency with respect to certain combat support functions NSA performs U relationship to other elements of the Executive Branch appears in the following authorities U 13 0 12333 which makes DIRNSA responsible to the SECDEF Paragraph 1 12 and also limits the conduct of SIGIN to NSA in accordance with guidance from the and U Directive 8-510020 The National Security Agency and the Central Security Service which generally promulgates the authorities of ED 12333 and NSCID 6 and prescribes responsibilities within DOD Through this Directive SECDEF also delegates to DIRNSA certain administrative authorities U The Director authorities with respect to three missions of Signals Intelligence SIGINT Information Assurance IA Operations Security OPSEC and the Information Operations Technology Center IOTC ow from the following U U E O 12333 which generally charges DIRNSA with establishing and operating an effective uni ed organization for SIGINT activities NSA is authorized to collect process and disseminate signals intelligence information for national foreign intelligence purposes in accordance with guidance from the and U The Foreign Intelligence Surveillance Act PISA used principally by NSA and the FBI regulates certain eIectronic surveillance activities in the United States to collect foreign intelligence but does not speci cally mention DIRNSA or the Agency 8 U NSCID 6 derived from the original Truman Memorandum which describes the appointment process for DIRNSA and provides additional detail about the SIGINT mission itself The SecDef is designated as executive agent of the Government for the conduct of SIGINT activities U INFORMATION ASSURANCE - U E O 12333 which includes communications security among many responsibilities and - U National Security Directive N SD 42 National Policy for the Security of National Security and Information Systems which establishes DIRNSA as National Manager responsible for securing the Government s national security telecommunications and information systemsz U OPSEC - U National Security Decision Directive NSDD 298 National Operations Security Program which designates DIRNSA as the Executive Agent for interagency OPSEC training and authorizes establishment of OPSEC program U INFORMATION OPERATIONS TECHNOLOGY CENTER U The Director s authority as Executive Agent for the Information Operations Technology Center IOTC stems from a Memorandum of Agreement between the Department of Defense and the Intelligence Community established the IOTC as a joint activity of the Department of Defense and the Intelligence Community DIRNSA has been designated as the Executive Agent BA for the operation of the IOTC In his capacity as EA DIRNSA after consulting with the SecDef and the DCI appoints a Director for the IOTC U MANAGEMENT STUDIES AND ISSUES U Three management studies of the National Security Agency are provided in the appendix U External Team Report NSA dated October 22 1999 - U New Enterprise Team N ETeam Recommendations NSA dated 1 October 1 9 99 2 U The Computer Security Act of 1987 gives the National Institute of Standards and Technology NIST the responsibility to develop security standards for systems that handle unclassi ed information while NSA retains reSponsibility for systems that process national security information - The National security Agency Issues for Congress CRS Report dated November 17 2000 U These reports identi ed seven areas where NSA needed improvement governance ethos vision career development resource management intergovernmental communication and strategy NSA's response to these concerns have included the overhaul of NSA's leadership structure the hiring of a Chief Financial Manager Information Technology Of cer and Senior Acquisition Executive from outside of the Agency and the development of an agency wide business plan U CHANGES IN GOVERNANCE U NSA has completely transformed its organizational plan and its leadership team This new team has fewer members but they have more signi cant decision-making authority NSA has also revitalized its NSA Advisory Board activities and is evaluating ways to reenginecr the Central Security Service U CHANGES IN ETHOS U The Director NSA has enhanced his ability to communicate with and respond to NSA employees The Director has established an e-mail address that allows employees to send messages directly to him He has also established a variety of communication venues DIRGRAMS Television Programs and Town Meetings to ensure that his message is being communicated and that he is able to engage in an ongoingudialogue with the workforce U CHANGES IN VISION MISSION AND STRATEGY U By far the most dynamic changes undertaken by the Agency have been those associated with the articulation of Mission To accomplish this task NSA has formulated and is implementing a business plan strategtc plan and organizational realignment plan These Plans are designed to help Agency leaders identify the Agency s goals set priorities and focus on the core mission U CHANGES IN WORKFORCE AND CAREER DEVELOPMENT U Government downsizing inability to hire and the reassignment process resulted in a work force with skills out of alignment with our mission needs The Director has committed to focusing NSA's hiring program to its core mission areas As a result the hiring program has been signi cantly enhanced to allow the Agency to attract experts from the private sector Additionally directed assignments tuition reimbursement programs and promotion board reforms have also been initiated to ensure that NSA remains capable of completing its mission 10 49% U CHANGES IN RESOURCES MANAGEMENT U This is an area in which the Agency is making rapid improvement A zero-based review of all of our programs and projects to search out any overlap and identify those that could be consolidated or eliminated has been completed U In FYZOO the Director created the positions of chief nancial manager C FM and senior acquisition executive SAE Both of these positions are directly accountable to the Director and centralize resources and acquisition personnel U The CFM has been charged with a far reaching portfolio of tasks- These include implementation of best most current business practices ensuring that resources decisions are aligned with mission planning and with creating a nancial management information system as well as a system of performance measures Under the direction the Agency has produced its Business Plan please see below U The SAE is working to redress speci c criticisms in the external and internal reports He is linking the requirements process with the acquisition and budget processes and is implementing acquisition policies and procedures that comply fully with public law and with Federal government guidance and regulations He is developing standard procedures for Agency make versus buy decisions and is the advocate for improved training of the acquisition workforce The Agency already is exceeding its FY01 goals of increasing the proportion of competitive contracts from 66 to 80 percent of the total and of executing with credit cards 95 percent of purchases under $2 500 U A new initiative for the Agency is a knowledge management program We have begun to develop processes relationships and supporting technology to make the best use of our own expertise and to reduce our cost of not knowing U GROUNDBREAKER the decision to outsource routine information technology functions is strong evidence of the Agency s readiness to re-think the way it does its business and its acceptance of risk U CHANGES IN RELATIONSHIP BUILDING U The Agency has gone far in transforming itself from the No Such Agenc to an agency with a policy of active engagement with the news media and the public an agency that provides timely substantive information The Director recognizes that he heads a power il and secret agency in a country with a public that mistrusts power and secrecy The Director himself frequently speaks at public fora We stress that the Agency acts responsibly and strictly complies with US laws that protect the privacy of US citizens News media representatives were invited inside NSA along with the families of employees during last September s NSA Family Day U Where consistent with security concerns the Agency has been active in declassi cation of documents and making them available to the public The Agency has recently released signi cant intelligence documents on the Korean War ll 4W U In addition to the news media and general public the Agency has placed strong emphasis on building relationships with private industry and institutions and with other governmental bodies The Agency has cooperated closely with state and local authorities in road construction and environmental affairs I U In conjunction with our emphasis on the Agency acting as a good citizen the Agency also has stressed relations with Congress The Agency recognizes that Congressional buy-in is a necessary rst step toward transforming the Agency and has been keen to keep Congress fully and currently informed Legislative oversight is a key source of public con dence in the Agency and the source of new funding that allows the Agency to meet its mission while at the same time it is Transforming U Cooperation with war ghters The Director has briefed Agency transformation plans with the Commanders-in Chief and explained our position on giving priority to modernization over current readiness and our increased reliance on both foreign partners and the military services elements U CHANGES BUSINESS PLANNING U The Agency has just issued the FY02-03 Business Plan Building on prior business and strategic plans this is a single plan for both signals intelligence and information assurance missions and serves as our guide for transformation over the next two years It addresses four strategic issues rebuilding analysis countering strong enabling defense-in-depth for the nation and implementing defense in depth at U The signals intelligence portion of the Business Plan looks at programs and projects that may be reduced or eliminated in order to redirect money and resources into indamental transformation It builds on the actions and decisions of the signals intelligence plan drafted earlier this year and initiates new ones mapping out speci c goals These decisions will not be easy but they will be crucial to the Agency s future success Similarly the information assurance portion of the business plan maps out NSA's role and contributions in the implementation of the defense in depth strategy This strategy is designed to assure the availability of security products and services required to implement information assurance solutions for each of the Defense in Depth layers to develop and support the operation of the security management and attack sensing warning and response infrastructures as well as contributing to raising the level of information assurance training and awareness l2 33% U EXTERNAL PROCESS U outreach to external customers is crucial to the continued success of the Agency Customer satisfaction is a key measure of our success We use feedback to continuously improve our products and services and to anticipate future customer needs We have expanded both the type of information we provide and the circle of customers to whom we distribute our product This is of particular signi cance to U S and Allied commanders in the eld as well as law enforcement and counterintelligence officials We continue to increase our collaboration with customers and partners to enhance the value of our products for decision makers throughout the Government U INTERAGENCY RELATIONSHIPS U NSA works closely with the following Department of Defense and Intelligence Community Agencies Director of Central Intelligence Ballistic Missile Defense Organization I Joint Staff - Community Management Staff Assistant Secretary of Defense for Command Control Communications Intelligence - Defense Intelligence Agency - Defense Security Service - Defense Logistics Agency - Department of the Army a Department of the Navy - Department of the Air Force Marine Corp a US Coast Guard - National Communication System Defense Information Systems Agency - National Reconnaissance Organization Central Intelligence Agency National Imagery and Mapping Agency U NSA also works with the following Civil Agencies and Executive Branch Of ces to provide Signals intelligence and Information Assurance products and services in the form of intelligence reports and Defensive Information Systems Support - Executive Of ce of the President - Department of State 13 - Department of Justice - Department of Treasury a Department of Energy - Department of Commerce I Department of Agriculture - Drug Enforcement Agency - Federal Bureau of Investigation Immigration and Naturalization Services a Secret Service - Judicial Branch - Federal Emergency Management Agency - Customs Bureau of Alcohol Tobacco and Firearms U KEY MILITARY RELATIONSHIPS gI Q-Mupport to Military Operations SMO is a key part of the charter As the Chief of the Central Security Service the Director NSA is the senior US SIGINT authority responsible for providing support to the following military customers Joint Chiefs of Staff 3 Commanders In Chief - Central Commands European Command Paci c Command - Joint Forces Command a Southern Command - Space Command Special Operations Command Strategic Command - Transportation Command North Atlantic Treaty Organization Tactical Commands - Service Elements use 798 b 3 86-36 North Atlantic Treaty Organization we l4 Qantas U CONGRESSIONAL U The Director of the National Security Agency is obligated by law to keep Congress fully and currently informed of intelligence activities The following are the primary oversight committees for NSA - Senate Select Committee on Intelligence Senate Appropriations Committee Defense Subcommittee - House Permanent Select Committee on Intelligence - House Appropriations Committee Defense Subcommittee U NSA also interacts with Senate Armed Services Committee 3 86-36 - House International Relations Committee - House Appropriations Committee Surveys and ingestigations Team U FY2001 CONGRESSIONAL LANGUAGE HIGHntetfir-s U SS CI Mark S Plus-up of - S NSA Business Plan in information technology backbone and SIGINT modernization efforts I U Advocates DIRNSA having greater authority over planning programming budgeting and execution of entire SIGINT budget U HPSCI Mark - U No new money I U Supports NSA business plan as one of its top priorities extensive churn within CCP re ecting Committee s endorsement of plan - U Directs DCI System Acquisition Executive to review major NSA modernization acquisitions and con rm readiness to proceed 15 1 U Conference 86 36 S Authd r-iged p ositidns for the CCP Pregram S AnthO Z Df FY00 mds aPPTOPFlated by Prior year supplemental a apPTOpriations act- U Concerned about implementation of actiuisition reforms hiring of commercial management consultants information technology backbone systems engineering and modernization efforts U Noted slow progress on de ning the Uni ed Architecture U Requested over 20 reports and brie ngs on various NSA activities and Congressionally directed actions U SAC-HAG Conference a S Appropriateo for the CCP Program 2231 - 86 36 - U Supported parts of NSA Busmess Plan CRITICAL REPORTS TO CONGRESS U Legal Standards for the Intelligence Community in Conducting Electronic SurveillanceW published and disseminated to Intelligence Committees in February 2000 U Responses to Congressionally Directed Actions approximately 30 per year U Congressional Noti cations 71 in CY00 fonrnal noti cation required to keep Congress fully and currently informed on relevant issues of signi cant intelligence achievements and failures or illegal activities U PENDING LEGISLATIVE ISSUES U Exports ny legislation affecting the controls on exports of products is of high concern to NSA NSA played an integral part in the announcement of new Administration regulations in this 16 49mm area during the 106th Congress which had the effect of stopping potentially harmful bills sponsored by Sen McCain and Rep Goodlatte Efforts by Senators Gramm and Enzi to overhaul the entire US export control system including exports by reauthorizing the Export Administration Act failed in the 106th Congress and they are likely to try again in the 107 U Electronic Surveillance U lm It is very likely the 107th Congress will continue to investigate the issues of electronic surveillance and privacy both in the areas of commerce and law enforcement and possibly foreign signals intelligence At an open hearing before the House Intelligence committee in April 2000 on electronic surveillance activities the Director NSA and the DCI testi ed that NSA operates under the rule of law and does not commit industrial espionage However the Bl s introduction of a new electronic surveillance tool called CARNIVORE led to hearings and legislation on the use of the tool in a law enforcement or national security investigation At the close of the 106th Congress no legislation that would harm collection was enacted U Information Security Issues Ummformation security topics will continue to be a primary concern in the 107th Congress Any legislation in this arena may affect information assurance mission Also legislation protecting national critical information infrastructures promulgating information assurance practices or creating a federal Chief Information Officer is eXpected U Personnel Legislation WM The FY01 Intelligence Authorization Act authorizes NSA to establish a program for early retirement and separation pay in order to encourage employees to separate from service voluntarily This program will be used in conjunction with the DOD Voluntary Early Retirement Authority in the FY01 Authorization Act NSA is seeking legislative authority to update its recruiting practices by authorizing the reimbursement of actual expenses involved in the recruitment process 17 was Npe-F-w - - - - - L l- U BUDGET nu- U BUDGET OVERVIEW EEG-HG NSA is both an Agency of the Department of Defense and a component of the National Foreign Intelligence Program NF IP Agency budget authority is derived from both sources U DEPARTMENT OF DEFENSE - U Information Systems Security Program ISSP - U Defense Program DCP - U Defense Airborne Reconnaissance Program DARP U Defense Counterdrug Intelligence Program DCIP U NATIONAL FOREIGN INTELLIGENCE PROGRAM NFIP I U Consolidated Program CCP mission of is to provide and protect the nation s vital information This mission is accomplished through the science of and incorporates two core disciplines Signals Intelligence SIGINT and Information Assurance IA SIGINT derives intelligence information by exploiting foreign communications and non communications emitters Information assurance is the protection of information systems against unauthorized access to or modi cation of information whether in storage processing or transit NSA resources to accomplish these missions including the corresponding resources of the Service Elements SCES are summarized in the Budget Detail section below These resources include the costs to sustain ongoing SIGINT and Information Assurance operations to deveIOp and deploy new capabilities to sustain continuity against targets and technology changes the cost of civilian and military manpower and new investment required to achieve transformation U The key drivers for NSA budget development are U Joint Vision 2020 for the Department of Defense - U The Director of Central Intelligence Strategic Intent for the US Intelligence Community I U The NSAJCSS National Strategy for the 21St Century and U The annual Business Plans 65 The Business Plan focuses internal development of the Agency budget The corporate NSA business planning process has focused for the last two budget cycles F YOI-OS and FY02-07 49W 18 4W on transformation of the System For the Consolidated Program CCP the strategic budget emphasis has been on accepting increased risk to current SIGINT operations in an effort to identify funding for the most urgent transformation requirements These requirements include SIGINT access countering the worldwide proliferation of strong rebuilding SIGINT analysis modernizing the information technology infrastructure and protecting NSA information and information systems The information assurance focus continues to be on development of an active cyber defense capability to protect sensitive U S information detecting and reporting intrusions into information systems and responding to these attempted intrusions the last two budget cycles NSA has internally realigned resources totaling the five year defense plan to fund the most urgent corporate transformation requirements 0 is end NSA has cut civilian personnel by an additional 7 5% beginning in FY01 and personnel in FY02 terminated SIGINT eld sites consolidated mission and support activities operations stopped legacy development prOgrams and realigned strategic funding relationships with SIGINT partners Beyond NSA the Intelligence Community and Congress have demonstrated a t onsiderable interest in transformation increasing total budget authority in the key mission areas of SIGINT access management of the mission the information technology infrastructure and intrusion detection This internal NSA realignment and the external increases notwithstanding transformation continues to be si i eantli under mded ransformation related overguidance for NSA totals semi in Y02 3 35 I across the YDP see the Budget Issues section below NSA is also effecting transformation through reengine ring internal organizations and processes Key functional managers have been hired from outside of we will begin to outsource functions previously done in-house The Agency is _i-nstimting -and strengthening business processes and modifyng its organizational structure And NSA has begun to implement a service- based architecture that will allow operations in a network of service domains The NSA budget request for FY 2002 which will be submitted as part of the President s budget request to the new Congress enables the Agency to meet the neat-tenn -goals of the FY 2002-2003 Business Plan maintains essential readiness and ontiniies System focus on transformation 7b 1 86 36 19 Q miali U BUDGET DETAIL S -The following information provides a summary of NSA resources including those of the SCEs One should be mindful that the following summary represents the SIGINT and Information Assurance resources that are directly controlled by the Director NSA There are additional SIGINT and Information Assurance resources in the NF IP and that reside in budgets external to NSA The Director NSA in uences these external resources through established Community processes The Budget Detail that follows represents the FY02-07 NSA Budget Estimate Submissions Millions Consolidated Program CCP Information Systems Security Program 185 Defense Program DCP Other Programs DCIP Total NSA Dollars of Billets Includes SCEs FY01 ieYoz FY03 FY04 FY05 FY06 FY07 Civilian 18945 516753 16390 16335 16382 1638 Military 0 Total NSA Billets lb 1 3 -P L 86-36 game 20 3% U BUDGET TRENDS U Below is a set of graphs portraying NSA funding and manpower trends over the last several years and through FY07 Figure 1 re ects the CCP in constant dollar terms buying power since FY1987 Figure 2 shows the trend in NSA civilian manpower since FY 1989 Figure 3 re ects the same for military manpower Lastly Figure 4 summarizes funding for ISSP and DCP programs U Figure 1 86-36 499% 21 NSA CIVILIAN MAN POWER 25000 23000 21000 19000 -4 nuoo 16382 h In l I I n i5000 13000 FY89 FY90 FYQI FY92 FY93 FY94 1'95 FY96 FY97 FY98 FY99 FY00 FY01 FY01 FY03 FY04 FY05 FY06 FY07 U Figure 2 22 23 1 86 36 86-36 U Figure 4 U BUDGET ISSUES NSA budget issues center on transformation In many respects U S national security makes this transformation process urgent In the end transformation translates to mding Sustaining essential current operations required to meet priority customer intelligence requirements investing in critical transformation for the future and doing both in the timeframe required to maintain target continuity J 1 Advanced capabilities that are needed today WW as currently funded jA ummary of ggisispeci c overguidance requirements follows ab 1 86-36 46% 24 Prioritized CCP 1 Trailblazer 2 Systems Engineering 3 LIA 4 Access and Collection -1 5 Facilities Infrastructure 6 Human Resources 7 CA 8 CMM 9 Weapons Space ELINT 1 0 11 Access and Collection -2 1 2 Altruism Subtotal ISSP Total moves to priority 3 in FY03-7 bumping others down o'ne position Additional Information on each of the above categories COP-1 Allows delivery of program goal to achieve 3 missions and 6 sites by FY04 COP-2 Allows execution of complete Sys Eng Plan for our transition to a Service- based Architecturef COP-3 LlA LanguageI inability Dissemination -Sr Language Authority Initiatives language tools TESTAMENT GOP-4 includes new access programs and HF COP-5 Upgrades repairs to support transformation efforts including modernizing IT Backbone COP-6 Supports leadership development web-based training In signals analysis ELINT FIEINT etc COP-7 Increases computer processing capability research eld initiatives COP-8 Mission Management- -Devel0p architectural Eng Plans In single coherent CMM arch COP-9 Rebuild Technical SIGINT Develop architecture modernize tools technology dissemination databases COP-10 lTB Information Technology Backbone extends modernization to eld upgrades JCS OPLANS to 02 61 Includes additional access programs see CCP4 COP-12 Expands partnerships fully funds an aggressive strategy - ISSP Includes Attack Sensing Warning Response and Information Assurance Solutions 1 86-36 some 25 Kb 4619499444 86-36 U PERSONNEL U SAICSS WORK FORCE We success of is wholly dependent upon its people That is as true for the future as it has-them in the past NSA and its military components must attract train develop and retain people with-the technical and analytic skills necessary to do our future missions civilian population is now as an historical peak in terms of overall skills People hired in the 1970s and 19805 new the backbone of the Agency s work force and bring to bear extraordinary skills on today s ahallenges Due to mandated downsizing and resource restraints during the 1990s NSA has been unable tp hire enough people to replace the current work force as it moves into retirement NSA plans to hire about 600 people per year beginning in FY01 in an attempt to correct the coming skills mix imbalance created by the pending retirement of linguists and technical people hired 20- 30 years agoftO tdated government compensation guidelines make it dif cult to compete for top talent tin today s highly competitive marketplace In response NSA has embarked on a compensation reform initiative that will lead to pilotng a new compensation system in FY02 Already in FY01 recruitment bonuses are being paid for certain skills and the awards and promotion system is being revised to focus current compensation more on performance than it has been in the past Simultaneously NSA is launching a new skills management architecture that will improve skills alignment with mission requirements enhance employee career development and pave the way for the new compensation 49 nilitaryi members of the service elements sons are full partners in the effort supplying jli'st over half of the workforce The services have several initiatives underway to mote manage a force that has been suffering 'om poor retention and increasing numbers of rst-term inexperienced personnel The Agency is in the initial stages of a management engineering assessment to accurately determine required personnel and skill sets U on STATISTICS 69 CIVILIAN WORKFORCE DEMOGRAEEHICS START FY2001 Wotal 17 129 C Full Time C Part Time Mivilian Location I MHeadquarters C Deployed 26 Total Reductions Since FY 1993 24% Reduction to Support Population 28% - Reduction to Mission Population 12% 1 1% of the workforce is eligible for regular retirement - 19% of the workforce will be eligible for early retirement in FY 01 - 55% of the workforce FY2001 is in the relatively portable FERS retirement compared to 32% in FY88 UHF-986 54% of the workforce has between 10 and 20 years of service CUIIFGHG 14% of the workforce has less than 10 years of service Compares to 49% of the workforce with less than 10 years service in FY88 After many years of relatively low attrition rates NSA has seen resignation rates for Computer Scientists and Engineers increase sharply since FY98 f U MILITARY POPULATION AS OF 19 DEC 00 ARMY 77% NAVY 91% MARINES 92% AIR FORCE 92% TOTAL 88% 1 86 36 stem 27 3633 3333333313 3333133333 35 3333333337313333 33331333 331333 333 333333 533353 W83 133333423335 'mwc 31% 3 $333 3331 #43 air #33 333m @5333 33 3131233333333 - 233 23333 3 33 3333 N33 3133 3 133g313y 3331333333 33013333333333 3133 3313333333 31 133333333331 33331 $333 33 33 131 dgcterate degrees 3133 333-333 5633 3333333 F3333 151513932393 31% 3371313 33333333333 13 aiigibie for regular 3331333333333 9% W311 333 3333 1313 3'33 3331 3331333333333 133 FY '33 363313 13330313383333 3333333313 has been undergming 31331133 dwmizing 3331333333g 3310313 333313 333 22 3 33 31331333133 3333333313 313 FY39 to 31333 3333 16 396 today @5433 033133 3233333333 workfome has 1331333333 3 0 33333 220 years 0f 3333303 Uniess this 33 3333333333 rmgh 3 33233333333 on 33 33333313 and managed 333333333 333 33313 333 3 333333 13333 30 3133 3333333333 33333 3313 greup retires 3033130333361 333 33 3133333331 33333 31 13 3331133333 31333 33g3 33133 3 13 1 86 36 2 3 km 86 36 mfgm an 33am Wynimmg wad we i 7% mm WM 92 Fm 9393 $93 @326 336 Mm my a Imam Hiring the 1% 33 islargaly-sustai ing fhal zgemy waxy Unf umteiy mi-a grew faw- pe opla failowiag 11181 985488 691101 to 31232213132113 mm the imam ill 3% Resigzza on rates f9 eomguiar a entisis a 311 gradas cantinue is climb The Campufer Sciantist msignation mic is 1mm than double the Ag my ammge and ve timeg that at the analytic Ski-11 gi s Rasignaiion fates fa enginears 315311 grades centime to ciimb Th Engineming resigna a jaw is 13 521515 the Agancy avamgc- sad 4 lms- that 13f the analy ia $111 mm Of 11 3th appreximat ly 1133 ijthe Jammie sgientisisg ma mmtieims and angineexs 35 11 13 resignad item the Agancy in am new We iihg fiat NBA aoaatragsiars 7 46% U PERSONNEL MANAGEMENT ISSUES U RECRUITING HIRING U The Challenge U Attract train develop and retain people with the technical and analytic skills necessary to do our future missions U The Response - We FY2001 hiring goal is 600 including a congressional plus up of 56 Targeted on technical skills in support of core Mission computer science engineering and physical science information systems security intelligence analysis math U In September 2000 created elevated and empowered the Of ce of Recruitment and Hiring to undertake the most intensive hiring program the Agency has had in many years New compensation reform initiative will lead to piloting a new compensation system in FY02 U Streamlined and consolidated applicant processing U Heavy investment in recruitment initiatives - Expanded use of hiring bonuses in FY2001 for certain skills a U Increased our recruiting budget - U Expanded the size of the recruitment of ce - Continued the use of educational reimbursement programs that include employment obligations 30 U U POLICY DEVELOPMENT PROCESS UHF-GHQ Policy deve10pment at is the responsibility of the Director of Policy who leads the NSA Of ce of Policy and reports to the NSA Chief of Staff The Chief of Staff reports to the Director of NSA - The Of ce of Policy ensures that complies with and implements national and Director of Central DCI Intelligence policy as appropriate This is done through the policy directive system the United States Signals Intelligence Directive USSID system and for human resources issues through Personnel Management Memoranda The Of ce of Policy oversees all policy development within NSA and advises the Director on policy issues affecting signals intelligence and information assurance missions The Of ce also oversees and supports NSA participation in external policymaking activities such as the Policy Advisory Group the Intelligence Community Principals and Deputies Committees and the Military Intelligence Board U MAJOR POLICY ISSUES U NATIONAL SECURITY AGENCY RELEVANCE OF EXISTING AUTHORITIES IN THE INFORMATION AGE U The National Security Agency is prepared organizationally intellectually and -- with suf cient investment -- technologically to exploit in an unprecedented way the explosion in global communications This represents an Agency very different from the one we inherited from the Cold War It also demands a policy recognition that NSA will be a legal but also a powerful and permanent presence on a global telecommunications in astructure where protected American communications and targeted adversary communications will coexist the past NSA operated in a mostly analog world of point-to point communications carried along discrete dedicated voice channels These communications were rarely and those that were used mostly indigenous that did not change frequently Before the arrival of ber optic technology most of these communications were in the air and could be accessed using conventional means the volume was growing but at a rate that could be processed and exploited 49-Hour communications are mostly digital carry billions of bits of data and contain voice data and multimedia They are dynamically routed globally networked and pass over traditional communications means such as microwave or satellite less and less Today there are ber optic and high-speed wire-line networks and most importantly an emerging Wireless environment that includes cellular phones Personal Digital Assistants and computers is commercially available growing in sophistication and packaged in off-the-shelf computer software The volumes and routing of data make nding and processing nuggets of intelligence information more dif cult To perform both its offensive and defensive missions NSA must live on the network gum u 31 gt 46W SA must respond quickly and comprehensively to the rapid deployment of new information technology into global networks The volume velocity and variety of information today demands a fresh approach to the way NSA has traditionally done its business This new approach is well under way Signi cant effort and investment are being applied to mastering the global network both to protect our nation s communications and to exploit those of our targets This new model for and for information assurance in the Information Age may require a restatement and endorsement of the policies and authorities that empowered the NSA in the Industrial Age U NSA's existing authorities were crafted for the world of the mid to late 20th Century not for the 218t Century Created by the Truman Memorandum of 1952 NSA's foreign intelligence SIGINT authorities stem from National Security Council Directive 6 of 1972 and Executive Order 12333 of 1981 Its Information Assurance authorities also derive from Executive Order 12333 which discusses Communications Security COMSEC which principally involved the building of security boxes for - point to point communications National Security Directive 42 of 1990 established the Director NSA as the national manager for national security information and information systems security INFOSEC 18f Entering the 21 t Century global networks leave the US critical information in astrucmre more vulnerable to foreign intelligence operations and to compromise by a host of non-state entities This vulnerability extends beyond classi ed and national security networks to the private sector in 'astrucmre on which all depend At the same time because of the communications environment described above availability of critical fogign intelligence information will mean gaining access in f new places and in new ways I 7 4687 SIGIN in the Industrial Age meant collecting signals often high frequency HF connecting two discrete and known target points processing the often clear text data and writing a report in the Information Age meansiseeking out information on the Global Netg usi ng all available access techniques breaking often strong again using all available means defending our nation s own use of the Global net s and assisting our war ghters in preparing the battle eld for the cyberwars of the tture The Fourth Amendment is as applicable to as it is to the SIGINT of yesterday and today The Information Age will however cause us to rethink and reapply the procedures policies and authorities bornin an earlier electronic suryeillance environment unseen Make no mistake NSA can and will perform its missions consissini with the Fourth Amendment and all applicable laws But senior leadership must today's and tomorrow's mission will demand a powerful permanent presence on a glahal network that will host the protected communications of Americans as the targeted communications of adversaries hi 1 86 36 3 50 USC 403 3 18 USC 798 4 9mm 32 i U GROUNDBREAKER U Issue U NSA intends to outsource its Information Technology IT infrastructure The nal decision will be made after contractor proposals are evaluated and a determination is made on the advantages to outsource rather than keep the work in house The acquisition would represent a multi-billion dollar investment over its 10-year contract term U Discussion - deal with unprecedented volumes of information NSA must change its approach to signals intelligence collection processing and dissemination In short NSA must build a modem information infrastructure that in many respects mirrors the technology and capabilities available on the global digital communications network The need for action was underscored in January 2000 when NSA experienced a catastrophic network outage for 3 V2 days This outage greatly reduced the signals intelligence information available to national decision makers and military commanders As one result the President s Daily Brie ng 60% of which is normally based on SIGlNmeas reduced to a small portion of its typical size I Project GROUNDBREAKER is an NSA initiative to outsource the non-mission support areas of its IT in astructure NSA intends to pursue a govemment-industry partnership in four IT areas distributed computing enterprise and security management internal networks and telephony - U After completion of a Feasibility Study in June 2000 NSA developed a draft Request for Proposal RFP that was distributed to three industry teams in October The purpose of the draft RFP was to allow the vendors an opportunity to make comments and request further information before the nal RFP is released The nal RFP will be released in January 2001 with contract award slated for July 2001 After the contract is signed IT infrastructure would be run by a combined government-contractor team beginning in January 2002 I U is engaged at the level of the Deputy Under Secretary of Defense for Installations in pursuit of an exemption for GROUNDBREAKER from OMB Circular A-76 Performance of Commercial Activities U Way Ahead - U NSA is ready to update the incoming at any time on the GROUNDBREAKER program snow 33 4 9mm U After contract award this will be a good opportunity for to underscore the value of outsourcing non-core functions even in sensitive areas like intelligence U POTENTIAL U Issue U experienced over 22 000 cyber attacks in CY1999 Most of these attacks had a negligible impact on operations A hand rl were determined to have been perpetrated by sophisticated and determined adversaries During the Presidential transition period a major cyber-attack is possible that would require the combined and coordinated resources of the entire Computer Network Defense CND community for effective identi cation diagnosis and response U Discussion - U primary point of contact for CND is the National Security Incident Response Center N SIRC NSIRC is a 24 7 activity that provides unique tailored all source time critical current and term technical and intelligence analysis reporting and operations expertise on matters addressing the threat detection reaction warning and response to intrusions into national security and critical infrastructure networks I U During an incident NSIRC will coordinate with the Joint Task Force for Computer Network Defense at US Space Command the DOD Computer Emergency Response Center The FBI s National Infrastructure Protection Center and the Federal Computer Incident Response Center and the Intelligence Community U Way Ahead U The federal government s organizational framework is in place to manage a major cyber-attack but the procedural underpinnings and detailed operational roles are just now developing If a major attack were to occur in the near future close attention to managing the ow of information will be required wi n'n the community U U The Department of Defense s DoD s vision of a secure seamless and collaborative information environment that will enable rll situational awareness during military operations and achieve 34 3 Joint Vision 2020 Fa ashram information dominance over any adversary cannot be achieved without modernizing its current information capabilities A robust Information Assurance IA posture is an integral component of modernization and is essential to achieving the vision 661 30 Years of Success - During the past 3 decades the NSA has delivered a Wide variety of COMSEC products to provide high-grade protection of critical CZ and Intel systems These products are becoming increasingly hard to maintain and - IMF-666 From Links to Networks - In the past we built point-to-point solutions for voice data and video systems Today Information Technology IT systems are moving to combine these into a common hetwork-cenn-ie environment in which solutions provide for a variety-6f Information Assurance IA services such as non-repudiation availability integrity etc - Challenges - The US military has increase interoperability requirements to support allied and coalition'parmers on a very dynamic basis In the past we built US only equipment and then made decisions on release on a case-by-case basis In today s environment Information Assurance products must be built form day one withthe goal of supporting allied coalition operations U Roadmap - A DOD-wide working group has been meeting since October with representation from across to develop the modernization roadmap which will lay out the strategy and provide-an estimate of the cost to implement lb 1 86 36 35