1. SIGINT. Collect intelligence anywhere from anyone overseas using electronic communications. This includes offensive hacking and black bag jobs they do via other groups.
2. Information Assurance. The only real requirement I've seen is that they protect COMSEC of DOD and defense contractors. There's less requirements saying they protect computer security. I'm not sure they're even required to protect government as a whole. They have no mandate that I've seen to protect Americans. They even make it illegal for Americans to obtain Type 1, TEMPEST-certified, etc products that they recommend to Defense organizations.
So, those are the jobs. I'm with Schneier and others on splitting them into two. I'd also expand IAD's mission to cover recommendations for mass market and overall government. For now, NSA has no requirement to protect our computer systems. Hard to say if they even have to protect Defense systems vs COMSEC since other laws paid for by lobbyists say DOD must try to buy COTS stuff that's almost all insecure. Can't mandate buying insecure stuff from nefarious companies plus expect strong security simultaneously. I think it's a legal, grey area they're exploiting for maximal SIGINT.
That's a military command with lots of military units that reports to Strategic Command. NSA sort of administers it even though it's not really theirs. Even if we count them as NSA, that would fall under SIGINT in my division of their activities. It would still be SIGINT rather than IAD doing that stuff. So, splitting off IAD wouldn't affect the analysis whether it's NSA's teams doing SIGINT or NSA + STRATCOM's sub-commands doing it with NSA SIGINT personnel.
The premise of this sub thread is that cybercom and NSA proper have fundamentally different missions, in part because they are governed by fundamentally different legal frameworks, and it should therefore also be split from NSA proper. It was not an argument that IAD should not also be split off.
1. SIGINT. Collect intelligence anywhere from anyone overseas using electronic communications. This includes offensive hacking and black bag jobs they do via other groups.
2. Information Assurance. The only real requirement I've seen is that they protect COMSEC of DOD and defense contractors. There's less requirements saying they protect computer security. I'm not sure they're even required to protect government as a whole. They have no mandate that I've seen to protect Americans. They even make it illegal for Americans to obtain Type 1, TEMPEST-certified, etc products that they recommend to Defense organizations.
So, those are the jobs. I'm with Schneier and others on splitting them into two. I'd also expand IAD's mission to cover recommendations for mass market and overall government. For now, NSA has no requirement to protect our computer systems. Hard to say if they even have to protect Defense systems vs COMSEC since other laws paid for by lobbyists say DOD must try to buy COTS stuff that's almost all insecure. Can't mandate buying insecure stuff from nefarious companies plus expect strong security simultaneously. I think it's a legal, grey area they're exploiting for maximal SIGINT.