The NSA Cybersecurity Directorate (CSD) was established in October 2019 under then-NSA Director Gen. Paul Nakasone, with Anne Neuberger as its first director. It consolidated the agency's information assurance and cyber-defense missions into a single organization, replacing the older Information Assurance Directorate (IAD).
The Directorate's stated mission is to prevent and eradicate threats to U.S. national security systems and the Defense Industrial Base (DIB), with particular focus on nation-state adversaries. Its work spans several functions:
- Threat intelligence sharing with private sector partners, other U.S. government agencies, and allies, often through unclassified Cybersecurity Advisories co-signed with CISA, the FBI, and foreign partners such as the UK's NCSC.
- Publication of technical guidance, including hardening guides for cloud environments, Kubernetes, 5G, and zero-trust architectures.
- Vulnerability disclosure, most visibly the January 2020 advisory on CVE-2020-0601 (the "CurveBall" flaw in Windows CryptoAPI), which marked an unusual public attribution of a vulnerability report to NSA.
- Operation of the Cybersecurity Collaboration Center (CCC), an unclassified facility opened in 2020 to engage directly with cleared defense contractors and critical infrastructure operators.
CSD also runs the Enduring Security Framework alongside CISA and ODNI, a public-private working group addressing systemic risks to national security systems and critical infrastructure.
For IR and policy researchers, the Directorate is significant for several reasons. It represents a deliberate pivot by NSA toward greater transparency and defensive engagement after the reputational damage of the 2013 Snowden disclosures. It also embodies the U.S. doctrine of "defend forward" and persistent engagement articulated in the 2018 DoD Cyber Strategy, by pairing offensive U.S. Cyber Command operations (which Nakasone also led under the dual-hat arrangement) with a more visible defensive counterpart. The Directorate's joint advisories with Five Eyes partners are frequently cited in attribution debates involving Russian, Chinese, North Korean, and Iranian state-linked actors.
Example
In January 2020, the NSA Cybersecurity Directorate publicly disclosed CVE-2020-0601, a critical cryptographic flaw in Microsoft Windows, marking a notable shift toward transparent vulnerability reporting.
Frequently asked questions
CSD is a defensive element inside NSA focused on protecting national security systems and the defense industrial base, while U.S. Cyber Command is a unified combatant command that conducts offensive and defensive military cyber operations. The two have historically shared a dual-hatted director.
Keep learning