© 2024 Kansas City Public Radio
NPR in Kansas City
Play Live Radio
Next Up:
0:00 0:00
Available On Air Stations

What's The NSA Doing Now? Training More Cyberwarriors

Col. Sam Kinch, of the Delaware Air National Guard, is leader of the Linux team of the NSA's red cell. He's looking at a Web page featuring a photo of Justin Bieber — confirmation that his team has successfully hacked into a U.S. Naval Academy network.
David Welna

The U.S. needs more cyberwarriors, and it needs them fast, according to Defense Secretary Chuck Hagel. He plans to more than triple the size of the Pentagon's Cyber Command over the next two years.

But where will they come from? These are not the kind of skills you can teach in basic training.

Enter the embattled National Security Agency. Its new director, Adm. Michael Rogers, also directs the Cyber Command. Ten miles down the road from the NSA, at a defense contractor's office in Columbia, Md., the NSA recently held a live-fire cyberwarfare exercise aimed at developing more cyberwarriors.

In a long room at the facility, big speakers pump electro house music. Several dozen people, many in military uniforms, cluster around computer stations. Hovering above them is the image of a skull and bones — a big Jolly Roger pirate flag.

This is a roomful of break-in artists — people who are experts at hacking into other people's computers.

U.S. Naval Academy midshipmen taking part in the cyber exercise check to see if their computer network has been hacked by the NSA's red-cell team.
David Welna / NPR
U.S. Naval Academy midshipmen taking part in the cyber exercise check to see if their computer network has been hacked by the NSA's red-cell team.

Marine Capt. Robert Johnston leads what he calls a reconnaissance and initial access team.

"So we're the guys kinda pounding at the front door," Johnston explains, "finding all the open holes that we can, and beatin' down the door."

A Three-Day Competition

For three days, nonstop and around the clock, Johnston and his team launch cyberattacks on networks designed and defended by teams at the nation's top military academies, including one from the Naval Academy at Annapolis and one from the Military Academy at West Point. It's all part of CDX, an annual cyberdefense exercise run by the NSA.

The red-cell team hacking the academies' networks is made up of a mix of NSA and military cyber experts like Johnston. He did this last year, too, and thinks the military academies have gotten a lot better since then.

"I've been nothing but impressed, actually, from last year to this year," says Johnston. "I've felt like there's been some exponential growth in capabilities."

But the academies are still no match for the attack team the NSA has assembled. As four men in camouflage crowd around a computer screen, up pops the grinning face of Justin Bieber. It's evidence they've managed to deface a network defended by the Naval Academy.

The trophy for the best defense of a network goes to West Point this year, but practical considerations drive this exercise.

"We want to make this clear: This is not a game," says Shawn Turskey, leader of the NSA's red-cell team. "We're training our future leaders to fight through network adversity to conduct their mission and keep our nation safe."

The Shadow Of Edward Snowden

The CDX exercise has been going on for 14 years. This year's, though, is the first since former NSA contractor Edward Snowden hacked the spy agency itself and made off with thousands of top-secret documents. The episode only underscored how much damage can be done when networks do get breached.

But the NSA has another reason for holding this exercise: the possibility that some of these students at the military academies will take jobs there.

"Some have ended up working a tour here, maybe for three years, then on to another tour; it definitely happens," says the NSA's Dan Finnerty, the coordinator of this annual cyberbattle.

The U.S. armed forces provide around half of the spy agency's 35,000-member workforce, according to Finnerty.

Industry insiders say competition for top cyber experts in both the private and public sectors has never been so fierce.

"We're all fighting for the same talent — it's tough out there," says NSA recruitment marketing manager Lori Weltmann. But she insists the NSA is holding its own, especially when prospective employees get to know the agency's operations.

"Once you try NSA, you buy NSA," Weltmann says. "The work is exciting, and you can do things here that you can't do anywhere else."

That's the selling point, but it may also be the problem. Because of public indignation over the sweeping agency activities leaked by Snowden, "the last 12 months were extremely difficult for NSA," says Victor Piotrowski.

He directs a program called CyberCorps at the National Science Foundation that's focused on attracting students to cybersecurity careers. While CyberCorps' biggest customer is the NSA, Piotrowski says it's hard to know just how much the agency was hurt by Snowden's revelations.

"From the leaked documents, the public perception is really creating a very negative image of a lot of government programs," Piotrowski notes, "and that might be working, you know, somehow against our recruitment efforts."

Training At The Service Academies

The next generation of talent is being trained now at the nation's military academies. They happen to be at the incoming end of the CDX computer hacking exercise.

At the Naval Academy in Annapolis, midshipmen in a large classroom cluster around a computer whose network is being bombarded by the NSA's red-cell team. It's this academy's network where the NSA's red-cell team posted the face of Justin Bieber.

Second-year midshipman Bill Young sits at the keyboard trying to fend off attacks and keep the network up and operating. He'll be in the academy's first graduating class of cyber operations majors. Young says for him, the CDX exercise has been time well-spent.

"I've probably learned more in four days of working CDX than I have in two-plus semesters of taking information security classes," Young says. "Simply because you're doing it, you're seeing other people work with it."

This is the only military academy where every student is required to complete at least two courses in cybersecurity.

Capt. Paul Tortora, who directs the Naval Academy's Center of Cyber Security Studies, says the academy needs to be ready for a whole new theater of warfare.

"Cybersecurity, cyber awareness, cyber operations, so that we create an officer corps that has an understanding," Tortora says. "Then they go to the fleet, or the Marine Corps, and they can take the understanding of cybersecurity, cyber awareness to all their daily operations."

The NSA sees training exercises like CDX as an investment in future returns.

"We're in this for the long haul," says the NSA's Turskey. "We'll get immediate return, but down the road is what we're looking for to have that bigger payoff."

For the spy agency, that payoff could come with the new generation of cyberwarriors being bred at the nation's service academies — those who choose not just to try NSA, but to buy NSA.

Copyright 2020 NPR. To see more, visit https://www.npr.org.

David Welna is NPR's national security correspondent.
KCUR serves the Kansas City region with breaking news and award-winning podcasts.
Your donation helps keep nonprofit journalism free and available for everyone.