Cyber Security Agency
 Logo of the Cyber Security Agency | |
 CSA Headquarters, Willmington, West Monroe | |
| Agency overview | |
|---|---|
| Formed | January 4, 2020 |
| Preceding agency |
|
| Headquarters | Willmington, West Monroe. |
| Motto | "Defending Our Nation. Securing the Future." |
| Employees | Classified (est. 30,000–40,000) |
| Annual budget | Classified (estimated $10.8 billion, 2020) |
| Agency executives |
|
| Parent agency | Department of Defense |
| Website | CSA.gov |
The Cyber Security Agency (CSA) is a national-level intelligence agency of the Ibican Department of Defense, under the authority of the Director of National Intelligence. The CSA is responsible for global monitoring, collection, and processing of information and data for foreign and domestic intelligence and counterintelligence purposes, specializing in a discipline known as signals intelligence (SIGINT). The CSA is also tasked with the protection of Ibican communications networks and information systems. The CSA relies on a variety of measures to accomplish its mission, the majority of which are clandestine.
Unlike the FIS and the National Defense Intelligence Service (NDIS), both of which specialize primarily in foreign human espionage, the CSA does not publicly conduct human-source intelligence gathering. The CSA is entrusted with providing assistance to, and the coordination of, SIGINT elements for other government organizations – which are prevented by law from engaging in such activities on their own. To further ensure streamlined communication between the signals intelligence community divisions, the CSA Director simultaneously serves as the Commander of the Ibican Cyber Command. The CSA's actions have been a matter of ongoing political controversy, including the agency's participation in economic espionage.
Mission
CSA's eavesdropping mission includes radio broadcasting, both from various organizations and individuals, the Internet, telephone calls, and other intercepted forms of communication. Its secure communications mission includes military, diplomatic, and all other sensitive, confidential or secret government communications.
According to a 2020 article in The Willmington Post, "[e]very day, collection systems at the Cyber Security Agency intercept and store 1.7 billion e-mails, phone calls and other types of communications. The CSA sorts a fraction of those into 70 separate databases."
Because of its listening task, CSA has been heavily involved in cryptanalytic research, continuing the work of predecessor agencies which had broken many codes and ciphers.
As part of the National Security Presidential Directive 54/Homeland Security Presidential Directive 23 (NSPD 54), signed on January 8, 2020, by President Buckley, the CSA became the lead agency to monitor and protect all of the federal government's computer networks from cyber-terrorism.
Operations
Operations by the Cyber Security Agency can be divided in three types:
- Collection overseas, which falls under the responsibility of the Global Access Operations (GAO) division.
- Domestic collection, which falls under the responsibility of the Special Source Operations (SSO) division.
- Hacking operations, which falls under the responsibility of the Tailored Access Operations (TAO) division.
Hardware implanting
A document included in CSA files released detail how the agency's Tailored Access Operations (TAO) and other CSA units gain access to hardware. They intercept routers, servers and other network hardware being shipped to organizations targeted for surveillance and install covert implant firmware onto them before they are delivered. This was described by an CSA manager as "some of the most productive operations in TAO because they preposition access points into hard target networks around the world."
Computers seized by the CSA due to interdiction are often modified with a physical device known as Cottonmouth. Cottonmouth is a device that can be inserted in the USB port of a computer in order to establish remote access to the targeted machine. According to NSA's Tailored Access Operations (TAO) group implant catalog, after implanting Cottonmouth, the CSA can establish a network bridge "that allows the CSA to load exploit software onto modified computers as well as allowing the NSA to relay commands and data between hardware and software implants."
Domestic collection
CSA's mission, as set forth in a 2020 Executive Order, is to collect information that constitutes "foreign intelligence or counterintelligence" while not "acquiring information concerning the domestic activities of Ibican Citizens". The CSA has declared that it relies on the IIA to collect information on foreign intelligence activities within the borders of Ibica, while confining its own activities within Ibica to the embassies and missions of foreign nations.
CSA's domestic surveillance activities are limited by the requirements imposed by Article VIII of the Ibican Constitution. The Foreign Intelligence Surveillance Court for example held in October 2011, citing multiple Supreme Court precedents, that the Constitution's prohibitions against unreasonable searches and seizures applies to the contents of all communications, whatever the means, because "a person's private communications are akin to personal papers." However, these protections do not apply to non-Ibicans persons located outside of Ibican borders, so the CSA's foreign surveillance efforts are subject to far fewer limitations under Ibican law.
The PRISM program
Under the PRISM program, which started in 2007 under the Federal Intelligence Service, the CSA gathers Internet communications from foreign targets from major Ibican Internet-based communication service providers. Data gathered include email, video and voice chat, videos, photos, VoIP chats such as Skype, and file transfers.
Hacking operations
Besides the more traditional ways of eavesdropping in order to collect signals intelligence, CSA is also engaged in hacking computers, smartphones and their networks. These operations are conducted by the Tailored Access Operations (TAO) division.
Organizational structure
The CSA is led by the Director of the Cyber Security Agency (DIRCSA), who also serves as the Commander of the Ibican Cyber Command (CYBERCOM) and is the highest-ranking military official of these organizations. He is assisted by a Deputy Director, who is the highest-ranking civilian within the CSA.
CSA also has an Inspector General, head of the Office of the Inspector General (OIG), a General Counsel, head of the Office of the General Counsel (OGC) and a Director of Compliance, who is head of the Office of the Director of Compliance (ODOC).
CSANet
CSANet stands for Cyber Security Agency Network and is the official CSA intranet. It is a classified network, for information up to the level of TS/SCI to support the use and sharing of intelligence data between CSA and the signals intelligence agencies of other nations.
CSANet is a highly secured computer network consisting of fiber-optic and satellite communication channels which are almost completely separated from the public Internet. The network allows CSA personnel and civilian and military intelligence analysts anywhere in the world to have access to the agency's systems and databases. This access is tightly controlled and monitored. For example, every keystroke is logged, activities are audited at random and downloading and printing of documents from CSANet are recorded.
Watch centers
The CSA maintains at least two watch centers:
- National Security Operations Center (NSOC), which is the CSA's current operations center and focal point for time-sensitive SIGINT reporting for the Ibican SIGINT System (ISS). This center was established in 1968 as the National SIGINT Watch Center (NSWC) and renamed into National SIGINT Operations Center (NSOC) in 1973. This "nerve center of the CSA" got its current name in 2020.
- CSA Threat Operations Center (NTOC), which is the primary CSA partner for Ibican Department of Justice response to cyber incidents. The NTOC establishes real-time network awareness and threat characterization capabilities to forecast, alert, and attribute malicious activity and enable the coordination of Computer Network Operations. The NTOC was established in 2020 as a joint Information Assurance and Signals Intelligence project.