Since then, the organizations have updated the report on the PRC-used CVEs three times. “We’ve expanded the methods in which we communicate, and we are not only providing extensive lists of CVEs, but the tactics, techniques and procedures used, and we’re mapping everything to what you need to implement to stop it,” she clarified.
The FBI, CISA and NSA will continue to partner “to stay on top of this mission and to publicly release any active hacking campaigns that are targeting the United States,” Mammen added. “We are constantly updating what people need to be looking out for and patching. These are things we’re putting out with solutions so that you are not a victim of targeted attacks.” This partnership between the federal agencies allows the United States to have “a more comprehensive threat understanding, with comprehensive actions with one coordinated voice,” which is necessary given the constant and rising threats from China.
“The PRC is playing the long game. They are pacing [the] threat; they have become more brazen, economically, diplomatically, militarily and technologically,” Mammen warned. “They have and continue to steal staggering amounts of valuable intellectual property to build their own national infrastructure, with really global ambitions.”
Adversaries are also conducting disinformation campaigns in response to the United States’ disclosure of their attack vectors to try and discredit the CVE information. “In response, we’ve seen nation-state cyber competitors participate in ‘tit-for-tat’ type media campaigns, exposing tools that they alleged to be used by NSA and the CIA,” the director clarified. “They continue to conduct multiple interviews, attempting to disclose information that is honestly a decade old.”
A good portion of malicious cyber activity over the last year has come in the form of ransomware, which CSD has engaged in confronting. “Ransomware is a national security threat,” the director stated. “And the NSA obviously has a role to play in combating it in partnership with the U.S. Cyber Command. Specifically, we focus on ransomware that is targeting the most critical infrastructure and national security systems from the defense industrial base. We’ve joined with U.S. government and private sector partners in working to make ransomware operations more difficult for adversaries. We want these things to be less scalable and, frankly, less lucrative for malicious cyber actors. Our foreign intelligence informs policymakers and diplomats as to how they can pursue the safe havens from which ransomware actors are conducting their attacks.”
In addition, the agency released previously classified reverse engineering software into the public domain in 2019, a key step in fighting attacks. The open-source tool, called Ghidra, helps to speed up the process of identifying and understanding cyber attacks through reverse engineering. The NSA specifies that Ghidra also features a processor modeling language known as Sleigh that interprets how machine language instructions are dissembled and transformed into the tool’s so-called P-code representation. “Other significant functions are an undo/redo feature, multiuser collaboration repository and scripting,” according to NSA Public Affairs Officers Natalie Pittore and Liam Davitt.
“Ghidra, if you’re not familiar, is NSA’s open-source reverse engineering tool that we released three years ago at the RSA Conference,” Mammen explained. “If you’re not familiar with it, it is available to anyone. All of you, even people in college, people in high school. You can download it and have access to really a cutting-edge server security tool of reverse engineering. With the release of Ghidra, we set to build a community of dedicated and educated users. And by making the software free, even students can develop the technical proficiency to work on advanced cybersecurity problems.”
At the same time, the NSA is increasing its capabilities at Ft. Meade. In October, the agency opened a new center as part of its $4.6 billion East Campus expansion of seven buildings—and four parking garages for employees—that began in 2014 and will conclude in 2028. The Morrison Center—named for Maj. Gen. John E. Morrison, USAF, who served as head of the NSA’s signals intelligence organizations in the late 1960s and was the founder of the agency’s National Security Operations Center—will host the NSA’s new National Security Operations Center facilities.
“As digital threats to our nation and allies continue to rise, the Morrison Center is designed to enhance NSA’s ability to defend national security information systems and protect our nation’s critical data,” the agency stated in a release.