Lieutenant General Michael V. Hayden is director of the National Security Agency/Central Security Service (NSA/CSS), Fort George G. Meade, MD. As the director of NSA/CSS, he is responsible for a combat support agency of the Department of Defense with military and civilian personnel stationed worldwide.
Hayden entered active duty in 1969 after earning a bachelor’s degree in history in 1967 and a master’s degree in modern American history in 1969, both from Duquesne University. He is a distinguished graduate of the Reserve Officer Training Corps program. He has served as commander of the Air Intelligence Agency and director of the Joint Command and Control Warfare Center, both headquartered at Kelly Air Force Base, TX. He also has served in senior staff positions in the Pentagon; Headquarters, U.S. European Command, Stuttgart, Germany; National Security Council, Washington, DC; and the U.S. Embassy in the People’s Republic of Bulgaria. Prior to his current assignment, Hayden served as deputy chief of staff for United Nations Command and U.S. Forces Korea, Yongsan Army Garrison.
Hayden was interviewed by MIT Editor Harrison Donnelly.
Q: What do you see as the key IT issues facing NSA, and how would you describe your overall strategy for addressing them?
A: Some people are lucky enough to live in a time where a unique combination of historical forces and technological developments converge to produce revolutionary events. During these critical times, people and institutions either adapt or perish. The generation of Americans born during the first decade of the 20th century witnessed the invention of the airplane, television and radio and saw the world change literally before their eyes.
You don’t have to be an expert to know that we are living in a similar time in terms of the way we produce and use information. This massive expansion in the ways that we communicate has produced a series of sweeping changes parallel to the invention of the printing press or the onset of the Industrial Revolution.
Over the past few years global telecommunications have experienced a quantum leap in the volume, variety and velocity of traffic routinely passed around the world every day. No one in the late 1970s would have considered the technology of that day and time as “primitive.” Yet compared to the innumerable ways we communicate today, the analog world seems like the Stone Age. This explosion of information, particularly of digital communications on the global net, presents both a challenge and an opportunity. We have the difficult task of meeting the demands brought about by this revolution in information technology. But more importantly, as in the past, we also have real opportunities to “transform” our own capabilities toward this end.
Q: What is the new NSA Transformation 2.0 initiative, and what role will IT play in achieving its goal of more effective sharing of information for analysis?
A: To ensure that NSA continues to effectively serve America’s national security needs in a changing global communications environment, we have outlined the next phase of our transformation, built upon the foundations of the transformation begun in 1999, called “Transformation 2.0—Cryptology as a Team Sport.” Several past NSA directors and I have sometimes used the analogy of a football team to describe the NSA mission, in that we have both offensive and defensive roles. Recently, however, due to the nature of the challenges we face today, and the ways that we collect and disseminate intelligence, a better and perhaps more relevant example would be that of a soccer team. We still have offensive and defensive roles, but the situation is far more fluid and fast paced.
In an effort to deal with this brave new asymmetrical world, we have designed “T2.0” with four strategic thrusts in mind:
• Mission Blending—teaming between the Signals Intelligence Directorate and the Information Assurance Directorate.
• Extending the Enterprise—teaming across the entire Signals Intelligence enterprise.
• Community—teaming with our intelligence and information assurance partners.
• Cooperating—teaming with our clients.
As you can see, all aspects of T2.0 focus on teaming—within NSA, within the Signals Intelligence community, within the intelligence community, and with our customers and clients. These four thrusts are the basis for ongoing additions and modifications to the goals and objectives in the NSA Strategic Plan. Much of what we’ve done so far is not yet complete, self-sustaining or irreversible. We still have a great deal to do. But it is heartening to see that in some areas we have reached something of a tipping point—a point where a pound of effort results in more than a pound of results.
Our future will be affected by the confluence of three realities. First is the realization that much of our internal success is dependent on external realities. Second, we need to ensure that we consistently strive to transcend the “business as usual” culture for one that emphasizes the need to take action. Finally, it is imperative that we develop a different approach to the ways that we share information with our customers.
These are the things we must address. The right way ahead seems clear. We now need to work to make the journey efficient, effective and fast.
Q: Why is NSA making heavy use of outsourcing, through the Groundbreaker and Trailblazer programs, to obtain IT and signals processing services?
A: In line with T2.0, we are aggressively implementing the TRAILBLAZER acquisition program as a foundational component of its transformation strategy. TRAILBLAZER is a major (ACAT-1AC) DoD acquisition program to acquire an architectured and integrated system, comprised largely of commercial technology, to provide much-needed mission capabilities in telecommunications through a series of related developments. The TRAILBLAZER program will attain these capabilities by using U.S. commercial industry to the greatest extent possible. Recognizing that some key mission applications and tools must be government furnished, TRAILBLAZER is working with industry to integrate that equipment onto the platform. This approach will provide integrated technologies that are scalable, agile, robust, securable and interoperable, enabling NSA to produce and deploy state-of-the-art solutions to the intelligence challenges facing our nation today and in the future.
Q: How have NSA’s IT needs changed as a result of the long-term shift in its mission from the Cold War to the global war on terrorism?
A: The change in NSA’s intelligence needs from the “Industrial Age”—state-sponsored, Cold War era—to the present “Information Age”—transnational, often non-state sponsored—tracks with the advancements that have revolutionized communications in the last decade, producing a dramatic increase in the volume, velocity and variety of communications NSA must exploit. During the Cold War, NSA focused on a few very high-priority targets. Today, NSA’s targets are dispersed worldwide. Most Cold War targets were large government organizations with fixed modes of communications. Today’s targets can be anywhere, and will use cheap, readily available communications modes whenever possible. Cold War communications were primarily voice and text; today, targets worldwide communicate through any combination of voice, text, video and still images. Cold War targets were bureaucracies and military units; today’s targets are governments as well as small, non-state actors, cells with members who float from one group to another, or who work autonomously.
As I have noted in the past, NSA is an organization that found great success in an earlier time and must continue to succeed in a totally different environment than we grew up in. Throughout this challenging period, NSA has worked hard to “transform” and to build solutions—like TRAILBLAZER, that will provide the answers to the new and unique intelligence challenges our nation faces in the present day and time.
Q: What is the NSA Domestic Technology Transfer Program, and what do you hope to achieve with it?
A: The NSA Domestic Technology Transfer Program is part of our larger strategy to partner with industry to provide solutions to NSA’s needs. NSA’s Signals Intelligence and Information Assurance missions are intertwined with the technology of the Global Information Infrastructure. The technology of the Global Information Infrastructure is literally all commercial technology, and it evolves at a very rapid rate. In this scenario, it makes no sense for NSA to build what it can buy. In implementing policy that requires a “make versus buy” decision for each program we undertake, our clear bias is “buy” over “make.” An 80 percent solution that we can buy commercially and put quickly into use is far superior to the 99 percent solution that would require greater funding, manpower and time to develop.
Q: You have been unusually open in discussing the IT problems of your agency, including revealing on national television that the NSA network had been out of service for several days. Why have you adopted this strategy for an agency that traditionally has provided little information about its operations?
A: The public image of the agency shifts between being omnipotent or incompetent. The American people need an accurate picture of this agency so there is not a vacuum that will be filled by bad press and unrealistic movies. We live in a culture that distrusts power and secrecy. Due to the nature of our business, NSA is both very powerful and very secret. After all, one of our missions is to protect the nation’s secrets. We have made some clear decisions over the past few years to reach out with core messages that provide a clear understanding of NSA’s mission and its importance to the American public. We believe we can continue to do that despite raising our profile so that the American people will have a better understanding of who we are and what we do.
Q: NSA’s advanced signals collection and analysis capabilities have stirred privacy fears. How can IT policies contribute to answering critics and allaying Americans’ legitimate concerns?
A: NSA makes its living by utilizing two important entities that have traditionally been looked upon with suspicion by our nation’s citizens, namely power and secrecy. Our mission is essential, but we cannot be successful in our efforts without the trust of the American people. With this in mind, we must ensure that when we conduct our activities, we do so in strict accordance to the rule of law and with the understanding that the protection of civil liberties is paramount. Along these lines, we have a responsibility to work with both the public and private sectors to find the critical balance point between the demands of intelligence and those of liberty. In this regard, technology can most certainly play a crucial role.
IT applications and policies are critical to NSA’s collection, processing, retention and dissemination of foreign intelligence information while at the same time minimizing U.S. person information. Existing NSA IT policies require computer filtering at the collection front end to minimize the possibility of collection of U.S. person information. Additionally, NSA IT security policies require strict access-control mechanisms be applied in databases which may contain information on U.S. persons, as well as strict audit mechanisms be employed to monitor access to such data.
Q: Why is your agency working to bring in outside managers from the IT industry?
A: Like most large organizations, NSA is always looking to find and attract dynamic, innovative, highly skilled individuals with managerial and leadership expertise. In the past two years, we have hired 32 technical leaders and division level and higher managers from outside NSA. These individuals have come to the agency with a wealth of experience in private industry, the military and other government agencies. They have joined managers and leaders across the agency to further our transformation and better prepare the agency to meet the challenges of the future.
Given the highly technical nature of our work, the IT industry has been a logical place for us to look for experienced managers and leaders. Further, since a large portion of our IT infrastructure is managed in partnership with industry, it is a tremendous benefit for us to find leaders with experience in the private sector.
In the past, we were able to accomplish our goals by ensuring that we had the best people and the best technology. For most of our existence, we were able to develop much of our talent, strategy and resources in-house. Today, however, we have a need as well as an obligation to ensure that we draw our talent and technology not only from the NSA workforce, but also, when appropriate, from the private sector as well.
Q: Information Assurance is also part of your agency’s mission. What are your key current initiatives for protecting the security of military communications?
A: Most key NSA Information Assurance (IA) initiatives are currently focused on enabling a robust, secure and interoperable Global Information Grid (GIG) for military operations and national homeland security efforts. NSA is developing next-generation security architectures, technologies and integration guidance in support of DoD’s GIG initiative. Our cryptographic modernization program provides a structured roadmap for selectively replacing more than 500,000 encryption devices across the military and national security community. The Joint Tactical Radio System provides the bridge to seamlessly connect legacy radio waveforms and cryptography to current and future combat systems. These programs rely on a global key management infrastructure (KMI). The KMI provides the security “glue” to ensure that every system, node and person on the GIG is precisely identified, credentialed and authenticated.
Q: What steps are needed to ensure the security of information in wireless communications and networks?
A: Securing wireless communications networks is one of the most exciting security challenges NSA faces. Wireless technologies present many of the IA challenges of any other information technology, but the solutions must be crafted to meet the tremendous challenges of size and power demands. The other significant challenge in securing wireless networks is the mobility of wireless devices themselves. Security can only be guaranteed if you can authenticate that the user is who they say they are, that the device itself has not been altered, and that the user environment is appropriate for the communication. A secure personal mobile communications device is only useful if the underlying system makes these security considerations as transparent as possible to the user. NSA continues to work innovative solutions to support wireless military communications.
Q: Could technology have prevented September 11? If you had had all the computer resources you could wish for, would the agency have had the capability to provide the information needed to act in time?
A: During an interview with CBS News that aired on “60 Minutes II” in February 2001, reporter David Martin pressed me about the technological challenge to NSA, using al-Qa’ida and Usama bin Laden as his examples. He asked for an assessment, specifically about al-Qa’ida. I responded, “David, it’s a dangerous world out there. I can’t guarantee you—in fact, I would refuse to guarantee you—that even if we were at the top of our game, ill things won’t happen to Americans. These are very dedicated, very dangerous adversaries. And we work very hard against them, and they obviously work very hard to protect themselves against us.”
The primary lesson is that NSA has been on the right path—a path of transformation. By the end of the 1990s—after a decade of budgetary and personnel downsizing—it became clear that we needed to transform to keep up with emerging technology and the volume, variety and velocity of our targets’ communications. With a budget that was fixed or falling and with demands from our customers growing, we recognized that we needed to invest dollars in future capabilities and emerging technology, and we began doing that with our transformation.
Shortly after September 11, I had a meeting of my senior leaders. I asked them the following question: “Is there any part of our transformation roadmap that we should change as a result of the attacks?” Unanimously, they responded, “No, but we need to accelerate these changes.” With the money the President has requested and Congress has provided, we have done just that. I know in my heart that the gains we have made would not have been possible without the business process, organizational, personnel and operational changes we have set in place.
NSA has made much progress since September 11, but the pursuit of elusive terrorist targets remains a challenge. We are committed to meeting this challenge and the intelligence needs of our customers through the development, purchase and use of the best IT available.