MELISSA BLOCK, HOST:

This is ALL THINGS CONSIDERED from NPR News. I'm Melissa Block.

ROBERT SIEGEL, HOST:

And I'm Robert Siegel. Defense Secretary Chuck Hagel recently declared the United States reliance on cyberspace was outpacing its ability to defend it. So, Hagel plans to more than triple the size of the workforce at the U.S. Cyber Command over the next two years. Meeting that goal will take a lot more cybersecurity experts, who are in short supply. And this is where the NSA comes in. The National Security Agency has been under fire for its surveillance programs but it also plays a big role in cyber defense. The agency recently held an exercise to train more cyber warriors, and NPR's David Welna was there.

DAVID WELNA, BYLINE: Ten miles down the road from the National Security Agency at a defense contractor's office, big speakers pump electro-house music into a long room. Several dozen people, many in military uniforms, cluster around computer stations. Hovering above them is the image of a skull and bones, a big Jolly Roger pirate flag. What this is, is a roomful of break-in artists, people who are experts at hacking into other people's computers. Marine Captain Robert Johnston leads what he calls a reconnaissance and initial access team.

CAPTAIN ROBERT JOHNSTON: So, we're the guys kind of pounding at the front door, finding all the open holes that we can and beating down the door.

WELNA: And they do that for three days nonstop, 'round the clock, launching cyber-attacks on networks designed and defended by teams at the nation's top military academies - Annapolis, West Point. It's all part of CDX, an annual cyber defense exercise run by the NSA. The red-cell team hacking the academies' networks is a mix of NSA and military cyber experts like Captain Johnston. He did this last year, too. The military academies, he says, have gotten a lot better since then.

JOHNSTON: I've been nothing but impressed, actually. From last year to this year, I've felt like there's been some exponential growth in capabilities.

WELNA: But the academies are still no match for the attack team that the NSA's assembled.

The evidence: four men in camouflage around a computer screen - on it the grinning face of Justin Bieber. It shows they've managed to deface a network defended by the U.S. Naval Academy.

SHAWN TURSKEY: Now, we want to make this clear, this is not a game.

WELNA: Shawn Turskey is the NSA's red-cell team leader. This hacking exercise, he says, is done for practical reasons.

TURSKEY: We're training our future leaders how to fight through network adversity to conduct their mission and keep our nation safe.

WELNA: The CDX exercise has been going on for 14 years. But this one's the first since former NSA contractor Edward Snowden hacked the spy agency itself and made off with thousands of top-secret documents. That episode only highlighted how much damage can be done when networks are breached. But there's something else in this exercise for the NSA, the possibility that some of those students at the military academies will take jobs there.

DAN FINNERTY: Some have ended up working a tour here, maybe for three years, then on to another tour. It definitely happens.

WELNA: That's the NSA's Dan Finnerty. He coordinates of this annual cyber battle. Finnerty says the armed forces are a vital part of the agency's 35,000-member workforce.

FINNERTY: One out of every two employee in NSA is a military employee, so they're important to us.

WELNA: Industry insiders say the competition for top cyber experts in both the private and public sectors has never been so fierce.

LORI WELTMANN: We're all fighting for the same talent. It's tough out there.

WELNA: Lori Weltmann is the NSA's recruitment marketing manager. The problem, she says, is the soaring demand for a very limited supply of cyber experts. Still, she insists NSA is holding its own. In her words, once you try NSA, you buy NSA.

WELTMANN: The work is exciting and you can do things here that you can't do anywhere else.

WELNA: That's the selling point, but it may also be the problem.

VICTOR PIOTROWSKI: The last 12 months were extremely difficult for NSA.

WELNA: Difficult, says Victor Piotrowski, at least in part because of the NSA activities Edward Snowden revealed. Piotrowski is with the National Science Foundation and he directs a program called CyberCorps, focused on attracting students to the cybersecurity profession. The NSA is by far CyberCorps' biggest customer. Piotrowski says it's hard to know just how much the agency was hurt by Snowden's revelations.

PIOTROWSKI: From the leaked documents, the public perception is really, you know, creating a very negative image of a lot of government programs. And that might be working, you know, somehow against our recruitment efforts.

WELNA: The next generation of talent is being trained now at the nation's military academies. It's students, like the Naval Academy's in Annapolis, who are at the incoming end of the CDX computer hacking exercise. It's on their computer screens where the face of Justin Bieber showed up.

UNIDENTIFIED MAN #1: I don't know if maybe that's something you want to look at here. They're attacking Doc 54(ph). So, they're trying to hit web.

BILL YOUNG: They're trying to hit our specific one, right?

UNIDENTIFIED MAN #1: Yeah.

YOUNG: Midshipmen in a large classroom cluster around a computer whose network is being bombarded by the NSA's red-cell team. A second-year student named Bill Young is at the keyboard. He'll be in the academy's first graduating class of cyber operations majors. Young says for him, the CDX exercise has been time well-spent.

I've probably learned more in four days of working CDX than I have in two-plus semesters of taking information security classes, simply because you're doing it, you're seeing other people work with it.

WELNA: This is the only military academy where every student is required to complete at least two courses in cybersecurity. Captain Paul Tortora directs the Naval Academy's Center of Cyber Security Studies. He says the academy is preparing for a whole new theater of warfare.

CAPTAIN PAUL TORTORA: Cybersecurity, cyber awareness, cyber operations, so that we create an officer corps that has an understanding. Then they go to the fleet, or the Marine Corps, and they can take the understanding of cybersecurity, cyber awareness in all of their daily operations.

WELNA: Some of the students at Annapolis will end up pursuing cyber operations majors. They'll then owe the Navy or Marines five years of service. Bill Young, the cyber-ops major at the keyboard, says he's thinking his tour of duty in information warfare. Beyond that, he says, a huge number of civilian jobs are out there for people like him. Asked if he'd consider working for the NSA, Young hesitates.

YOUNG: You know, you always got to keep those options open. I don't know, you know, the NSA works for everyone. But certainly if, you know, you have the skills and they need you then that's a viable option.

WELNA: In fact, there's a good chance that when he's a commissioned officer, Young would serve at least some of his tour of duty working with the NSA. Whether he'd make it a career is an open question. The NSA's Shawn Turskey says training exercises like CDX are really an investment in the future.

TURSKEY: We're in this for the long haul. And we'll get immediate return but down the road is what we're looking for to have that bigger payoff.

WELNA: For the embattled spy agency, the payoff would be if the new generation of cyberwarriors being bred at the nation's service academies choose eventually not just to try NSA but to buy NSA. David Welna, NPR News, Washington.

(SOUNDBITE OF MUSIC)

BLOCK: This is NPR News.

Copyright © 2014 NPR. All rights reserved. Visit our website terms of use and permissions pages at www.npr.org for further information.

NPR transcripts are created on a rush deadline by a contractor for NPR, and accuracy and availability may vary. This text may not be in its final form and may be updated or revised in the future. Please be aware that the authoritative record of NPR’s programming is the audio.

Comments

 

Please keep your community civil. All comments must follow the NPR.org Community rules and terms of use, and will be moderated prior to posting. NPR reserves the right to use the comments we receive, in whole or in part, and to use the commenter's name and location, in any medium. See also the Terms of Use, Privacy Policy and Community FAQ.