Mediaboss Marketing

Special to The Washington Post.

Yul Williams is the technical director for the National Security Agency/Central Security Service, working with computer scientists, mathematicians and engineers to develop new technologies in the cybersecurity field that will assist the agency in its intelligence operations. In a conversation with Tom Fox, Williams described an NSA idea incubation technique that has led to many innovations. The conversation has been edited for length and clarity.

Q: What is your main area of focus at the National Security Agency?

A: My work is centered on cybersecurity, and its mostly of a defensive nature. We are trying to gather ideas from the workforce that we can develop and implement to enhance our overall mission. Our CYBERx incubation model provides a venue where anyone in the workforce can present concepts to an audience of senior leaders that may have the potential to affect the manner in which we conduct business.

Q: If I am an NSA employee and I have an idea, how do I get it to you?

A: We developed a crowdsourcing tool that is available to the NSA workforce. The workforce can look at the idea submitted and vote for or against it. They can leave comments saying why an idea is great or that it has been tried before. Afterward, a group known as the Innovators In Residence reviews the idea and decides how we can bring it into the incubation stage.

Q: What happens next?

A: We guarantee the idea champion will have an audience within four weeks with the Innovators in Residence, which will make the determination whether the idea should move to the next stage. The group makes a list of all the good and bad things about the idea. The focus is mostly on the negative comments because they surface the institutional fears as to why the idea hasnt been implemented before. Our emphasis is on proving why those fears are unfounded. If the idea champion cannot overcome those concerns, the idea dies on the spot. We refer to this concept as a fast failure, and it limits the energy expanded on ideas with low mission potential. If the idea has merit, the group helps the idea champion develop a pitch that can be used to convince the organization of the value of the idea to the bottom line.

Q: What happens if an idea passes that phase?

A: The idea champion is given an audience with the RIP or the Resource Investment Panel that is made up of NSA senior leaders who run organizations and have staff. Instead of giving funding for the first round of development, we ask the RIP to loan a resource to the project. For example, a resource may be an analyst who might have skill in microelectronics or optoelectronics. Once the RIP concurs, it provides resources to the idea champion who then has up to five months to conduct experiments. During that phase, the idea champion must periodically meet with the RIP and explain the experiments status. If all of the requirements are satisfied, the idea champion meets with the same panel, now called the Strategic Investment Panel or SIP. The SIP must come to a consensus about turning the idea into a product and deploying it.

Q: How many ideas on average go through this process?

A: There are around 117 ideas percolating in the crowdsourcing process.

Q: Can your approach be adopted by other agencies?

A: I would strongly encourage other federal agencies to adopt an incubation model. I am shocked at the amount of interest employees have in lending their ideas to make us a better agency. You should see the passion that people bring to the table and the pride they have when their idea makes it to the end of the incubation model or is even considered. We dont attribute failure of an idea as a personal failure. We celebrate that the person was willing to step away from what they do on a daily basis and take an idea through the process.

Q: Tell me about your management philosophy or management style.

A: My leadership style is to respect the professionalism of the people I work with. I learned long ago that if youre working with low-skilled people, it is more direction-oriented. In this environment, we have very professional people, so you want to leverage what they have to offer and challenge them to do things that they did not believe were possible. I find that people always exceed their own expectations.

Q: Have you learned any important leadership lessons during your time as a manager?

A: One of the lessons I learned is to always seek out others who have more experience in areas where you may be lacking so you can consider a wider range of ideas. It is important to confer with a diverse set of people who you can bounce ideas off of and those that help you to grow as a professional and as a person.

- - -

Fox is a guest writer for The Posts On Leadership blog and the vice president for leadership and innovation at the nonprofit, nonpartisan Partnership for Public Service.

nsa-innovate-qanda

Keywords: Yul Williams, NSA, cybersecurity, innovation, fast failure

Excerpt from:
Yul Williams on fostering innovation at the NSA - Standard-Examiner

This report first appeared on CyberScoop.

The man responsible for leading the National Security Agencys defensive mission says his team is fielding more calls than ever from agencies across the government.

Dangerous, highly capable hackers and a desire by agencies to adopt cloud technology have increased the workload forInformation Assurance chief Paul Pitelli and his office, which he says is sort of like the Geek Squad for defense in government.

Pitelli is acareer professionalwho has served in the NSA for more than 20 years as the secretive spy agency transformed into what it is today a highly sophisticated technology behemoth with an array of federal responsibilities, including both signals intelligence and protecting sensitive government systems. With the recent retirement of former Information Assurance Directorate head Curtis Dukes, a renown computer scientist and intelligence community icon, Pitelli took on an increased role in an ever important effort to ensure that the Defense Department and broader government arent hacked.

Well get a wide range of calls from Hey were trying to set up a whole new [information technology] environment and that could be the White House calling, Pitelli said.

A big focus in recents years for Information Assurance, according to Pitelli, has been helping a variety of different federal agencies establish secure cloud data storage processes.

I have never been more busy, Pitelli told CyberScoop in an interview Thursday after he spoke at the McAfee Security Through Innovation Summit.We are getting calls because they all need help. Everyone wants to take advantage of cloud services, thats sort of one thing were getting called for, but its also traditional issues because our nation is being constantly attacked. Were one of the few agencies that get to see when and how the adversary starts operating.

Federal lawmakers have increasingly encouraged agencies in recent years to adopt cloud data storage technologies as a way to both save costs and phase out old on-premise servers.

Because of the economics of cloud services theres so much incentive [for agencies] to migrate many of their capabilities, Pitelli said. A lot of people in government want the NSAs help.

Nobody in government wants to be the next to suffer a hack like the2015 data breach that exposed federal employee information held by theOffice of Personnel Management, he said.

So were getting a lot of calls where its basically, Hey we want to make this move, but how do we do it well? Pitelli said.

Turnoverat the White House also adds to the Information Assurance divisions current workload.

With a change of administration, you know, they typically take a fresh look. And for us thats an opportunity because it allows us to sometimes make an [IT] environment better, Pitelli said. The cyber dimension is adding, on one hand, what you can call issues or events, but I think can be opportunities.

Historically, Fort Meades defensive efforts in cyberspace have been overshadowed by the spy agencys more offensive-centric, intelligence gathering mission set. This is evident from a labor perspective, given that the NSAs Signals Intelligence workforce remains much larger than the Information Assurance unit.

An overwhelming majority of budget dollars are allocated to offense rather than defense, former intelligence officials say, and thats resulted in an agency that is known almost exclusively for digital espionage rather than cyber-defense.

Dukes, former IAD head Debora Plunkett and departing NSA Deputy Director Rick Ledgett recently voiced their concerns that the NSA should be focusing on defense more than it has in the past.

Roughly 90 percent of the U.S. government cybersecurity spending is used to fuel offensive operations, Ledgett told Reuters.

I absolutely think we should be placing significantly more effort on the defense, particularly in light of where we are with exponential growth in threats and capabilities and intentions, Plunkett, who oversaw the NSAs defensive mission from 2010 to 2014, recently told Reuters.

Defense under NSA21

The trios comments come amid an expansive reorganization effort by the NSA, instituted by agency Director Michael Rogers, that works to combine what was once called the Information Assurance Directorate and Signals Intelligence Directorate into a single, joint entity.

Although Rogers plan, known as NSA21, is intended to streamline operations, it has also spurred new concerns that the spy agencys defensive mission will receive even less resources in the future.

When the NSA goes through a change a lot of that discussion goes on because theres a big difference between offense and defense as far as the budget and so that was one of the big concerns that some folks vocalized, said Pitelli, I see a need, a bigger need for cybersecurity not just at NSA but for everybody.

The dual impact of NSA21s rollout and Dukes recent retirement has caused some confusion in government.

I know Curt voiced concerns that as we make this move [towards NSA21] there can be this perception that Oh well who do I call? And if they dont know who to call the question is, Well where did it go? Curt was really one of the great, visible icons of Information Assurance and he retired and so there is that time right now where we are waiting to find out whose going to be given the mantle next, Pitelli said.

Pitelli declined to specifically discuss the NSAs budget but said he would like to see Congress broadly allocate greater resources for cybersecurity writ large, across the entire government.

I will go so far as to say I would hope that the government not just at NSA, but the government really tries to allocate additional funds for the cybersecurity information assurance mission, Pitelli said. Alot of times people have lumped in their information assurance budgets with their IT budgets and the challenge I think youre seeing now is that we havent kept up with the budgets of cybersecurity.

Original post:
NSA cyber-defense chief: 'I have never been more busy' - FedScoop

TechCrunch

Alleged NSA hack group Shadow Brokers releases new trove of exploits TechCrunch Shadow Brokers, the group behind last year's release of hacking exploits allegedly used by the National Security Agency, has dropped another trove of files. In a Medium post today, the hacker group offered up a password giving free access to files it ...

See the article here:
Alleged NSA hack group Shadow Brokers releases new trove of exploits - TechCrunch

For many, many years, Senator Ron Wyden has been directly asking the US intelligence community a fairly straightforward question (in his role as a member of the Senate Intelligence Committee): just how many Americans are having their communications swept up in surveillance activities supposedly being conducted on foreigners under the FISA Amendments Act (FISA being Foreign Intelligence Surveillance Act). Wyden started asking way back in 2011 and got no answers. His continued questioning in 2013 resulted in Director of National Intelligence James Clapper lying to Congress in a public hearing, which Ed Snowden later claimed was a big part of the inspiration to make him leak documents to the press.

Just last month, we noted that Wyden had renewed his request for an accurate depiction of how many Americans have had their communications swept up, this time asked to new Director of National Intelligence, Dan Coats. Unfortunately, for all these years, it's basically felt like Senator Wyden tilting at a seeming windmill, with many others in Congress basically rolling their eyes every time the issue is raised. I've never understood why people in Congress think that these kinds of things can be ignored. There have been a few attempts by others -- notably on the House Judiciary Committee -- to ask similar questions. Almost exactly a year ago, there was a letter from many members of the HJC, and there was a followup in December. But, notably, while there were a number of members from both parties on that letter, the chair of the House Judiciary Committee, Bob Goodlatte, did not sign the letter, meaning that it was unlikely to be taken as seriously.

Suddenly, though, it seems that the ins-and-outs of Section 702, and how the "incidental" information it collects on Americans is used has taken on a much wider interest, following President Trump's misleading suggestion that President Obama tapped his phone lines, and some Trump supporters trying to twist typical 702 surveillance to justify those remarks. Either way, if that leads people to actually look at 702, that may be a good result out of a stupid situation. And, thus, we get to this surprising moment, in which Goodlatte has actually sent a similar letter to Coats (along with ranking member John Conyers) asking about the impact of 702 surveillance on Americans. And since (for reasons that are beyond me) Reuters refuses to link to the actual source materials, you can read the full letter here or embedded below.

The letter demands an answer by April 24th. And, yes, it's notable that Goodlatte has signed on, because Section 702 is up for reauthorization at the end of the year, and if Goodlatte is not on board with reauthorization, then the NSA is going to have some difficulty in getting it through.

You have described reauthorization of Section 702 as your "top legislative priority." Although Congress designed this authority to target non-U.S. persons located outside of the United States, it is clear that Section 702 surveillance programs can and do collect information about U.S. persons, on subjects unrelated to counterterrorism. It is imperative that we understand the size of this impact on U.S. persons as our Committee proceeds with the debate on reauthorization.

The letter then even points to Coats' response to Wyden during Coats' confirmation hearing that he was "going to do everything I can to work with Admiral Rogers in NSA to get you that number." Of course, back in December, it was said that the intelligence community might finally deliver that number... in January. And it's now April. Still, with Goodlatte finally taking an interest in this, it's a sign that the NSA can't just coast by and continue to completely ignore this.

Read the rest here:
Oh, Sure, Now Congress Is Serious About Asking NSA About Surveillance On Americans - Techdirt

Observer

Trump Has a Problem With NSABut So Does Obama Observer More rarely, the NSA intercepts phone calls in which one of the interlocutors is an American. As long as this operation has been approved per the Foreign Intelligence Surveillance Actmeaning a top-secret Federal court has issued a warrant for this ... Former CIA Analyst: Susan Rice's NSA demasking denials don't add upFox News Susan Rice's White House Unmasking: A Watergate-style ScandalNational Review Oh My: Former Obama NSA Susan Rice Reportedly Directed Dubious 'Unmasking' of Trump AlliesTownhall The New Yorker -American Free Press -Slate Magazine -Bloomberg all 1,368 news articles »

Read more from the original source:
Trump Has a Problem With NSABut So Does Obama - Observer