The National Security Archive Launches the “Cyber Vault”

New Cyber Vault Will Acquire and Publish Primary Documents on All Aspects of Cyber Activity 

“Trusted insiders” were a large point of concern in 2008’s The United States Government-Wide Cyber Counterintelligence [CI] Plan, a heavily-redacted Top Secret/SI/NOFORN document authored by the National Counterintelligence Executive, the Office of the Director of National Intelligence, and the Justice Department. Two years before Chelsea Manning and WikiLeaks made headlines, the Cyber CI Plan — which was obtained through a Freedom of Information Act (FOIA) request — notes that, “Trusted insiders can steal information electronically or facilitate remote access to unprecedented amounts of data and they may be ideally positioned to inflict devastating damage to U.S. Government networks through espionage and/or sabotage.”

Privacy protections were also a stated priority; the document makes clear that to protect US citizens’ privacy and civil liberties, “each participating organization…will consult with offices of general counsel and privacy and civil liberties officers, as appropriate, to ensure compliance with law and with Attorney General approved guidelines safeguarding U.S. persons.”

The core of the prescient document discusses the six objectives of the government’s Cyber CI program. Two of the objectives are redacted from the document; the four objectives that are disclosed include: detecting, deterring, disrupting and mitigating internal and external cyber threats through defensive counterintelligence; strengthening collaboration on cyber issues by, among other things, sharing CI information at the lowest classification level possible; conducting all-source counterintelligence analysis; and establishing and expanding cyber counterintelligence education awareness programs.

The 2008 Cyber CI plan is just one of the newly-published documents researchers can find in the National Security Archive’s Cyber Vault – an online resource documenting various aspects of US government cyber activity, including hacking and defenses against hacking, cyber intelligence, and cyberwar. The Vault also includes documentation on foreign government and international organizations’ cyber activities. Currently numbering more than 150 curated items, the list will grow with new additions on a weekly basis.

The documents in the Vault’s holdings include US government documents that have been pried loose and made publicly available thanks to systematic use of the FOIA and Mandatory Declassification Review process by Archive staff  – led by Dr. Jeffrey Richelson, who directs this new project. Additional primary sources come from industry, academia and other cyber actors – all materials are searchable in this robust online publication in permanent open access formats.

Other documents found in the Vault include a set of Top Secret/COMINT/NOFORN April 12, 2013, talking points, entitled, “Topic: Iran – Current Topics, Interaction with GCHQ,” prepared for National Security Agency (NSA) head Keith Alexander. The talking points, which note that “our posture on Iran will serve us well going into any crisis or Event,” were created before Alexander’s meeting with the head of the United Kingdom’s Government Communications Headquarters, and includes a section devoted to Iranian cyber-attacks on US financial institutions and Saudi Arabian oil company, Aramco. Regarding the Iranian attack on Aramco, the document says that while it was the first such attack Iran carried out, that Iran “demonstrated a clear ability to learn from the capabilities and actions of others.”

An earlier unclassified memorandum, dated March 23, 2012, and authored by Alexander, is his strategic assessment for operating in cyberspace and “Preventing a Pearl Harbor Environment.” In the memo Alexander provides his perspective concerning the prospects of a cyber “Pearl Harbor” and discusses the risks of failure in the cyber domain, his assessment of why the US could not prevent a major cyber-attack, what an adversary would need to conduct such an attack, and what would be required to prevent a major attack. Alexander argues that the US is not currently prepared to prevent a major cyber-attack, noting later “Adversaries are only 12-18 months away from having the capability to conduct a cyber Pearl Harbor against the U.S.”

Another secret document, an article entitled “Thinking Out Loud About Cyberspace” written by senior NSA official William Black and published in Cryptolog, XXIII, 1 (Spring 1997), notes that the NSA was assigned the mission of computer network attack in March 1997, and argues that the world was on the verge of a new age — “the information age” — and that the future of war would be warfare in cyberspace. The article also expresses confusion that the public could see the government as a threat; “Specifically, the focus is on the potential abuse of the Government’s application of this new information technology that will result in an invasion of personal privacy. For us, this is difficult to understand. We are the ‘government,’ and we have no interest in invading the personal privacy of U.S. citizens. Regardless, the public’s concerns are real and have an impact upon us.”

Read more about the Vault – which is generously funded by the William and Flora Hewlett Foundation  – here, and search the growing Cyber Vault Library here.