NSA, DHS Deepen Cyber Relationships

The Defense Department and the Department of Homeland Security have breathed the same air on cybersecurity for seven years, but it's taken until today for the two executive branch departments to make their union official.

According to a memo made public today, DHS will assign a senior officer to the National Security Agency, and a "Joint Coordination Element" will be set up to coordinate Defense Department and Homeland Security responses to domestic cyber emergencies. The NSA will in turn provided support elements to DHS, and will move a dozen personnel to DHS's main cybersecurity response campus in Fairfax County, Virginia. DHS cyber cops and managers will be permanently stationed at the headquarters of Cyber Command, at Fort Meade in Maryland. Several DHS analysts will be detailed to the NSA's National Threat Operations Center, which is the intelligence community's cybersecurity warning center.

The goal is to "better protect against threat to civilian and military systems," a senior Defense Department official told reporters on a conference call. "The threats we face cross jurisdictional boundaries, and it's important that we bring together capabilities to respond as one nation."

The new cooperation will make it easier for the NSA to lend its expertise to emergency domestic cyber threats under the auspices of the Department of Homeland Security, rather than through direct contact with the private sector entity under threat, officials said.

"The U.S. just happens to have a lot of technical expertise at NSA, and we don't have the time or the money to build these capacities twice," the Defense official said.

A Homeland security official later said that cooperation between the two entities had been "too ad hoc" to date.

After Google disclosed that several of its critical servers were hacked in December, it asked the NSA for help. Under the new cooperation agreement, companies wouldn't have to circumvent DHS to get help. "DHS, already as a part of its mission space, does this," the homeland security official said.

Anytime the NSA is mentioned in conjunction with cybersecurity, red flags fly, because though the agency has the capacity to perform deep packet inspection on all traffic flowing in and out of the U.S., it does not have the legal authority to do so.

The senior officials repeatedly referenced "civil liberties and privacy," and said that the Joint Coordination Element will include staff to focus on those issues. Additionally, the deputy secretaries of Defense and Homeland Security will hold regular meetings to review the civil liberties and privacy impact of offensive or defense cyber actions. "All oversight mechanisms will continue," the DHS official said.

Last month, DHS released its National Cyber Incident Response Plan (NCIRP), the country's first. The department continues to implement an NSA-developed technology called Einstein 3 to actively detect malicious hacking and intrusions on dot.gov domains.

Presented by

Marc Ambinder is an Atlantic contributing editor. He is also a senior contributor at Defense One, a contributing editor at GQ, and a regular contributor at The Week.

Join the Discussion

After you comment, click Post. If you’re not already logged in you will be asked to log in or register with Disqus.

Please note that The Atlantic's account system is separate from our commenting system. To log in or register with The Atlantic, use the Sign In button at the top of every page.

blog comments powered by Disqus


A Stop-Motion Tour of New York City

A filmmaker animated hundreds of still photographs to create this Big Apple flip book


The Absurd Psychology of Restaurant Menus

Would people eat healthier if celery was called "cool celery?"


This Japanese Inn Has Been Open For 1,300 Years

It's one of the oldest family businesses in the world.


What Happens Inside a Dying Mind?

Science cannot fully explain near-death experiences.

More in Politics

Just In