NSA Cybersecurity: 2020 Year in Review

22nd January 2021


Russell Haworth

Russell Haworth
CEO

The turning of the year marked the first anniversary of the National Security Agency’s (NSA) Cybersecurity Directorate – and what a year for a debut! Not only has the new Directorate taken up the complex, ceaseless challenge of boosting the resilience of national systems in the face of relentless and sophisticated cyber attacks, it’s done so in a year like no other.

Last week, the NSA released their 2020 Year in Review, an apt moment to draw breath and reflect on some of the successes of the first twelve months and what their activities can tell us about cyber security more broadly. On a granular level, a major win was enabling 100,000 users across the Department of Defense to move to remote working, as demanded by ‘shelter in place’ instructions to curb the spread of coronavirus. The NSA also rose to meet the upswing in activity from hackers due to the pandemic – as we also saw here in the UK – especially those focused on accessing vaccination development.

The election was the other dominant event demanding additional cyber security attention. The NSA’s efforts included providing almost 4,000 indicators of compromise to partner agencies, sharing almost 200 notifications of compromise to partner agencies of company or agency, and responding to nearly 250 enquiries for additional reporting. The election was deemed ‘the most secure on record’ by Chris Krebs, Cybersecurity and Infrastructure Security Agency (Cisa) Chief at the time – clearly a successful mission for the NSA.

If we zoom out from the detail, however, the general focus for the inaugural year and the wording of the report itself offers some interesting insights into the national cyber defence trends we can expect to see gaining sway worldwide.

Communication is becoming more critical; the NSA report emphasised that a key step in boosting the resilience of their departments was to build trust by sharing unclassified threat and cyber security advice more broadly to help all organisations keep themselves secure. We are seeing the same here in the UK, with threat information being shared  with those working on keeping the UK safe as well as international partners. Additionally, the National Cyber Security Centre, having built their profile over the past few years, has taken on the responsibility of arming citizens and companies with cyber security advice and information to help bolster the security of the entire nation.

There are also clear signs of direct collaboration between industry and government becoming more acceptable as leaders seek out the cutting-edge cyber security solutions they need to protect national assets amid escalating threats. The U.S. Defense Industrial Base (DIB), for example, encompasses more than 100,000 companies and the report dedicates an entire section to new ideas that can build their cyber resilience.

This was exemplified in the NSA’s use of Protective Domain Name Service (PDNS) in 2020, running as a six-month pilot for the Defense Cyber Crime Center and five of the DIB companies. Over the duration, PDNS examined more than 4 billion DNS queries, identifying requests to 3,519 malicious domains and blocking over 13 million connections. More importantly, the use and success of PDNS demonstrated the importance of gathering and sharing threat intelligence, with a focus at the network level, to mitigate threats for nation states.

At Nominet, we are experts in the Domain Name System and have long used analysis and threat intelligence data sourced from this network to protect our own registry. In more recent years, we have deployed similar tools to protect Government networks, in partnership with NCSC. It’s encouraging to see similar tactics achieving success across the Pond.

Another noticeable shift is one towards openness and transparency, with leaders beginning to call out those launching state-sponsored attacks that can prove so damaging, as the NSA does throughout the report. Historically, such openness was not common from the security services, but it’s something that is becoming more prevalent: see the UK Government’s Russia Report. Clearly battle lines are being drawn, enemies are being identified and alliances are being tacitly forged between likeminded nations against a common foe.

No one can predict what the next chapter in the book of international cyber warfare will be – this past year has warned us to take nothing for granted – but there is a growing sense that the most powerful and influential nations are bolstering their armoury to ensure they are keeping pace with the threats faced.