The National Security Agency — Operates more than 500 separate signals intelligence platforms Employs roughly 30,000 civilians and military Budget: $10 billion

by David Somerville

1. F6: Special Collection Service HQ (Beltsville, MD) — Joint CIA/NSA field collection agency operating from embassies and other denied locations. Director reports to DIRNSA

2. SCI COMPARTMENTS

2.1. SI or COMINT -- denotes sensitive SiGINT, DNI and cyber sources and methods

2.2. ECI -- protects NSA relationships with other government agencies and private companies.

2.2.1. ECI-FGT --> SCS Product

2.2.2. ECI-AMB Ambulate

2.2.3. ECI-PIQ Picaresque

2.2.4. ECI compartments include PIEDMONT, PENDLETON, PITCHFORK, PAWLEYS, AUNTIE, PAINTEDEAGLE

2.3. VRK -- exceptionally sensitive sources of national and strategic importance

2.4. RAGTIME -- protects "product " gathered from FISA intercepts

3. Large domestic operating field sites

3.1. Columbia, MD

3.2. Friendship Annex, Linthicum, MD

3.3. Finksberg, MD

3.4. Bowie, MD

3.5. College Park, MD

3.6. Ft. Belvoir, VA

3.7. Fairfax, VA

3.8. Washington, DC

3.9. Ft. Detrick (Site R)

3.10. Camp Williams, UT

3.11. NSA Georgia (Ft. Gordon)

3.12. NSA Texas (Lackland AFB, San Antonio)

3.13. Greenville, TX

3.14. NSA Hawaii (Kunia)

3.15. NSA Denver (Aurora), co-located with CIA's National Resources Division

3.16. NSA Oak Ridge (Tennessee)

3.17. Yakima, WA JACKNIFE

3.18. Winter Harbor, ME

3.19. Formerly: Sugar Grove, WV, Rosman, NC TIMBERLINE

3.20. NSA Continuity of Government site

3.21. NSA CMOC -- Cheyenne Mounfain

4. Main Databases and SIGINT architecture

4.1. Aquador — Merchant ship tracking tool

4.2. NUCLEON — Global telephone content database

4.3. AIRGAP — Priority missions tool used to determine SIGINT gaps

4.4. HOMEBASE — A tactical tasking tool for digital network identification

4.5. SNORT — Repository of computer network attack techniques/coding

4.5.1. SHARKFIN tool

4.6. WIRESHARK — Repository of malicious network signatures

4.7. TRAFFICTHIEF — Raw SIGINT viewer for data analysis

4.8. TWISTEDPATH

4.9. BANYAN — NSA tactical geospatial correlation database

4.10. MESSIAH/WHAMI — ELINT processing and analytical database

4.11. MAINWAY — Telephony metadata collection database

4.12. ONEROOF — Main tactical SIGINT database (Afghanistan), consisting of raw and unfiltered intercepts, associated with Coastline tool

4.13. AGILITY

4.14. MARINA — Internet metadata collection database

4.15. ASSOCIATION — Tactical SIGINT social network database

4.16. CREEK

4.17. SPITGLASS

4.18. FASCIA

4.19. PROTON — SIGINT database for database for time-sensitive targets/counterintelligence

4.19.1. Criss-Cross tool

4.20. PINWALE — SIGINT content database

4.21. TOYGRIPPE

4.22. SURREY

4.23. OCTAVE/CONTRAOCTIVE — Collection mission tasking tool -- where "selectors" live

4.24. CONVEYENCE DNI content database

4.25. ANCHORY — Main repository of finished NSA SIGINT reports (associated with MAUI)

4.26. WRANGLER — Electronic Intelligence intercept raw database

4.27. JOLLYROGER

4.28. CADENCE

4.29. GLOBALREACH

4.30. Analytical Systems

4.30.1. Unified Targeting Tool

4.30.2. CHALKFUN

4.30.3. SPYDER

4.30.4. TRANSx

4.31. TRACFIN

4.32. TUNINGFORK

4.33. CYBER / TAO Tools

4.33.1. EMBRACEFLINT

4.33.2. BROKENTIGO

4.34. FASTSCOPE

4.35. CASPORT -- main NSA corporate / access identification tool used to control product dissemination

4.36. DISHFIRE -- Associational and relational database for political and strategic intelligence by key selectors

4.37. YELLOWSTONE

4.38. CULTWEAVE Priority SIGINT Database

4.39. Broom Stick

4.40. MASTERSHAPE

4.41. AGILITY - Database of foreign intelligence selectors

4.42. TURMOIL -- fiber switch collection database

4.43. Transit Switch / Hub Collection and Processing Tools

4.43.1. WINDSTOP

4.43.2. MYSTIC

4.43.3. RAM-A,IX,T,M

4.43.4. DGO

4.44. Reporting tools

4.44.1. CPE

4.44.2. Voice master

4.44.3. Center mass

4.44.4. Gist Queue

4.44.5. Taperlay

5. NSA Field Stations — Remote collection and analytical facilities

5.1. F7: Meade Operations Center — 24/7 SIGINT support to deployed military units

5.2. SORC/FP: Special Operations Readiness Cells (Focal Point) — Support to special operations forces as part of the Focal Point Special Access Program

6. Foreign Affairs Directorate — Liaison with foreign intelligence services, counter-intelligence centers, UK/USA and FIVE EYES exchanges

6.1. Office of Export Control Policy

7. NSA Acquisitions and Procurement Directorate

7.1. Program Executive Office — Oversees acquisition of major NSA backbone projects like TRAILBLAZER, CMM, REBA, JOURNEYMAN, and ICEBERG

7.1.1. VOXGLO -- major cyber and enterprising computing project

7.2. Advanced Analytical Laboratory

7.3. Corporate Assessments Offices

7.4. Rebuilding Analysis Program Office

7.5. Knowledge System Prototype Program Office

7.6. Maryland Procurement Office

7.6.1. Acquisitions Program Manager for Signals Intelligence

7.6.2. Acquisitions Program Manager for Research

7.7. Acquisition Logistics Integrated Product Team

8. Information Assurance Directorate

8.1. IC: Cyber Integration Division

8.2. IE: Engagement Division

8.2.1. Client Engagement and Community Outreach Group

8.2.2. Interagency Operations Security Support Staff (OPSEC)

8.3. I2: Trusted Engineering Solutions

8.3.1. I2N: Office of National and Nuclear Command Capabilities — Provides the launch codes for nuclear weapons

8.3.1.1. Electronic Key Support Central Management Facility — Provides over-the-air code keying for the entire national security establishment

8.4. I3: Information Operations

8.4.1. Mission Integration Office

8.4.2. Technical Security Evaluations

8.4.3. Red Cell — Conducts surprise penetrations of U.S. government networks

8.4.4. Blue Cell — Conducts audits of U.S. government networks

8.4.5. HUNT: Advanced adversary network penetration cell — Monitors NSA networks 24/7 to detect advanced cyber penetrations

8.4.6. Joint Communications Security Monitoring Agency

8.5. I4: Fusion, Analysis, Mitigation

9. Research Directorate

9.1. R1: Math

9.2. R2: Trusted Systems

9.3. R3: LPS — Physical science lab

9.4. R4: LTS — Telecom science lab ( high-speed networks, wireless communications, and quantum key distribution)

9.5. R05: Center for the Advanced Study of Language

9.6. R6: Computer and Information Science

9.7. RX: Special Access Programs/Compartmented Research

10. Signals Intelligence Directorate

10.1. S1: Customer Relations

10.1.1. A&R Watch (K Watch Ops) 199

10.1.2. S11: Customer Gateway

10.1.3. S12: Information Sharing and Services Branch

10.1.4. S124: Staff Services Division

10.2. S2: Analysis and Production

10.2.1. FISA Special Adjudication Office — Provides 24/7 support to each product line shift to facilitate rapid FISA processing

10.2.2. NSA Product Lines

10.2.2.1. S2A: South Asia

10.2.2.1.1. S25A51 -- South Asian Language Analysis Branch

10.2.2.1.2. S25A52 -- South Asian Reporting Branch

10.2.2.2. S2B: China and Korea

10.2.2.3. S2C: International Security

10.2.2.3.1. S2C42 -- Western Europe and Strategic Partnership Division

10.2.2.3.2. S2C41 Mexico Team

10.2.2.4. S2D: Counter-foreign intelligence

10.2.2.5. S2E: Middle East/Asian

10.2.2.6. S2F: International Crime

10.2.2.7. S2G: Counterproliferation

10.2.2.8. S2H: Russia

10.2.2.9. S2I: Counterterrorism

10.2.2.9.1. S2IX: Special Counterterrorism Operations

10.2.2.9.2. S2I42 -- Hezbollah Team

10.2.2.9.3. S2I43 -- NOM Team

10.2.2.9.4. S2I5 -- AAP (PSP analytical unit)

10.2.2.10. S2J: Weapons and Space

10.2.2.11. S2T: Current Threats

10.2.2.12. S2T3: NSA/CSS Threat Operations Center

10.2.2.13. S2X: ??

10.2.2.14. Each production line has a language analysis branch, a reporting branch, a compliance branch, a technical branch, and a customer services branch

10.3. S3: Data Acquisition

10.3.1. S31: Cryptologic Exploitation Services

10.3.1.1. Signals and Surveys Analysis Division

10.3.1.1.1. Technical Exploitation Center

10.3.1.1.2. Project BULLRUN

10.3.1.2. S3132: Protocol, Exploitation, and Dissemination Cell — Shunts SIGINT by type to databases

10.3.1.3. Target Office of Primary Interest

10.3.1.4. S31174 Office of Target Pursuit

10.3.2. S32: Tailored Access Operations

10.3.2.1. Network Warfare Team — Liaison with military

10.3.2.2. S321: Remote Operations Center

10.3.2.2.1. Network Ops Center

10.3.2.2.2. Operational Readiness

10.3.2.2.3. Interactive Operations Division

10.3.2.2.4. Production Operations Division

10.3.2.2.5. Access Operations Division — Works with CIA's Technology Management Office to break into hard-to-reach networks

10.3.2.3. S323: Data Network Technologies (researches how to penetrate secure networks)

10.3.2.4. FG3223: Media Exploitation and Analysis

10.3.2.5. S324: Telecommunications Network Technologies — Develops technologies to penetrate telecom networks

10.3.2.6. S325: Mission Infrastructure Technologies — Operational computer network exploitation and enemy infrastructure vulnerability mapping

10.3.2.7. S327: Targeting and Requirements

10.3.2.8. S328: Access Technologies Operations (computer network attack) — Works with CIA's TMO

10.3.2.9. S32P. TAO Program Planning Integration

10.3.3. S33: Link Access // Global Access Operations

10.3.3.1. S332: Terrestrial SIGINT

10.3.3.2. S333: Overhead SIGINT

10.3.3.2.1. Overhead Collection Management Center

10.3.3.2.2. SSPO

10.3.3.3. S33P ISR Portfolio Management Office

10.3.3.3.1. S33P2 Technology Integration Division

10.3.3.3.2. S33P3 Tactical SIGINT Technology Office

10.3.3.3.3. AIRSTEED Program Office — Cell phone tracking

10.3.3.4. Community ELINT Management Office

10.3.3.5. OCEANSURF Program Office — $450m systems engineering hub

10.3.4. S34: Collection Strategies and Requirements Center

10.3.4.1. S342: Collection Coordination and Strategies

10.3.4.2. S343: Targeting and Mission Management — Approves targets for analysts/makes sure that SIGINT targeting matches intelligence requirements

10.3.4.3. S344: Partnership and Enterprise Management

10.3.5. S35 Special Source Operations

10.3.5.1. Program Offices

10.3.5.1.1. 35333: PRISM Program Office

10.3.5.1.2. CHASEFALCON — Unknown major program office

10.3.5.1.3. S352: PRINTAURA — NSA unit involved in data filtering; program office for TRAFFICTHIEF tool

10.3.5.1.4. OCELOT (FORNSAT)

10.3.5.1.5. Crosshair Net Management Center/Crosshair Support Center — Directing finding

10.3.5.1.6. Radio Frequency Targeted Operations Office

10.3.5.1.7. VOXGLO — Unknown major program office

10.3.5.1.8. V34 -- Next Generation Wireless (NGW) exploitation program

10.3.5.1.9. Corporate Partner Access PMO

10.4. SV -- Signals Intelligence Directorate Oversight and Compliance

10.4.1. SV4 FISA Compliance and Processing

10.5. SSG -- SIGDEV Strategy and Governance

11. T: Technical Directorate

11.1. TE: Enterprise Systems Engineering and Architecture

11.2. TS: Information Systems and Security

11.2.1. Public Key Infrastructure (PKI) Program Management Office (PMO)

11.3. TT: Independent Test and Evaluation

11.4. T1: Mission Capabilities

11.4.1. T132 — The "scissors" team: division that physically separates traffic by type once it's been ingested

11.4.2. Strategic SATCOM Security Engineering Office

11.5. T2: Business Capabilities

11.6. T3: Enterprise IT Services

11.6.1. T3221: Transport Field Services

11.6.2. T334: National Signals Processing Center

11.6.3. T335: Deployable Communications Operations

11.7. T5: CARILLION — High performance computing center

11.8. T6: Technical SIGINT and Ground Capabilities

11.9. OTRS -- Office of Target Reconnaissance and Survey -- provides rapid technological solutions for tactical SIGINT problems

12. Information Technology Infrastructure Services (ITIS) System Office

13. L: Installation and Logistics

14. M: Human Resources — Q: Security and Counterintelligence

14.1. Q2: Office of Military Personnel

14.2. Q3: Office of Civilian Personnel

14.3. QJ1: HR operations/global personnel SA

14.4. Q43: Information Policy Division

14.5. Q5: Office of Security

14.6. Q509: Security Policy Staff

14.7. Q51: Physical Security Division

14.8. Q52: Field Security Division

14.9. Q55: NSA CCAO

14.10. Q56: Security Awareness

14.11. Q57: Polygraph

14.12. Q7: Counterintelligence

15. Cross-functional units // co-located with SID S2 Production Lines

15.1. National Security Operations Center — Main NSA intelligence watch facility

15.1.1. DECKPIN — NSA crisis cell activated during emergencies

15.1.2. CMM — Cryptologic Management Mission program office

15.2. Integrated Broadcast Support Services Office — Provides SIGINT "RSS" feeds to customers

15.3. DEFSMAC: Defense Special Missile and Aerospace Center

15.4. NSA/CSS Commercial Solutions Center

15.5. NSA/CSS Threat Operations Center — Main cyber watch center

15.5.1. Office of Analysis

15.6. Unified Cryptologic Architecture Office

15.6.1. Integration

15.6.2. Systems Engineering/Architecture Analyses and Issues

15.6.3. Architecture

15.6.4. Process

15.6.5. Planning and Financial Management

15.7. Plans and Exercise Office

15.7.1. NSA Continuity Programs Office

15.7.2. Military Exercise Office

15.7.3. Continuity Engineering Office

15.8. J2 Cryptologic Intelligence Unit (collects intelligence on worldwide cryptologic efforts).

16. Directorate for Education and Training

17. Directorate for Corporate Leadership