WELCOME The National Security Agency (NSA) and its predecessors have been protecting the United States’ most sensitive information since World War II. As communication technology and information technology have advanced — creating a more interconnected world with an increasing number of threats — NSA’s mission has expanded and it has embraced new responsibilities and operational authorities to ensure our networks remain secure. Today, NSA’s cybersecurity mission integrates its cryptographic expertise, signals intelligence, vulnerability analysis, defensive operations, and more to prevent and eradicate cyber threats to: NATIONAL SECURITY SYSTEMS (NSS) Networks that contain classified information or are otherwise critical to United States military and intelligence activities. It is vital that these networks remain secure to ensure mission readiness of U.S. warfighting capabilities as well as protect the nation’s most sensitive information. THE DEPARTMENT OF DEFENSE (DOD) U.S. military services and combatant commands as well as U.S. government agencies and departments related to national security. THE DEFENSE INDUSTRIAL BASE (DIB) Companies that design, develop, operate, and maintain the Department of Defense’s critical systems, platforms, and technologies required to defend the nation. If these networks are at risk, so is the U.S. While much of the critical work NSA does to secure th e nation cannot be publicly disclosed, this year in review shares a wealth of information on cybersecurity efforts that have better equipped the U.S. to defend against the highest priority cyber threats. Visit NSA. gov/cybersecurity to access the report digitally . Provide NSA Cybersecurity with feedback or ask questions by emailing cybersecurity@nsa.gov .TABLE OF CONTENTS LETTER FROM THE NSA CYBERSECURITY DIRECTOR 02 RESPONDING TO NATIONAL THREATS AND PRIORITIES 04 PARTNERING WITH INDUSTRY 08 ARMING NET DEFENDERS WITH GUIDANCE 16 DEFENDING OUR MOST CRITICAL NETWORKS 19 CREATING CRYPTOGRAPHY TO PROTECT DATA, COMMUNICATIONS 22 PROTECTING THE WARFIGHTER AND SUPPORTING THE COMBATANT COMMANDS26 RESEARCHING CYBERSECURITY SOLUTIONS 31 DEVELOPING THE CURRENT AND NEXT GENERATION OF CYBER EXPERTS34LETTER FROM THE NSA CYBERSECURITY DIRECTOR CYBERSPACE IS DANGEROUS More than a month before Russian troops invaded Ukraine in February, a cyberattack took down several of Ukraine’s government websites. An ominous message greeted visitors: “… be afraid and expect the worst. This is your past, present and future.” While Europe hasn’t seen this level of kinetic activity since World War II, this hybrid war started in cyberspace. It’s an environment where actors can increase their power, degrade others, and gain a strategic advantage — often at a very low cost. In the weeks leading up to and following Russia’s invasion in Ukraine, at least seven new families of destructive data wipers were used. One even attacked satellite broadband service to disrupt Ukraine’s military communications on the day of the invasion but spilled beyond the conflict, impacting critical infrastructure remote monitoring of wind turbines in Germany, emergency services in France, and internet access of select users in Europe. Industry observed and reported on many of these destructive wipers, demonstrating their unique insights into the conflict. The Russian threats did not stop with Ukraine. Hacktivists targeted our Defense Industrial Base and the communications and weapons systems of EUCOM and NATO were in the crosshairs of our adversaries. The keys, codes, and cryptography we provide are vital: Encryption is the last line of defense. Our focus extends beyond the Russia-Ukraine conflict, but this example demonstrates the complex environment. Our approaches must scale for China, Iran, North Korea, cybercrime, and other threats. In addition to the insights we receive from industry, we are committed to