Expanding Endpoint Operations

DYNAMIC PAGE -- HIGHEST POSSIBLE CLASSIFICATION IS TOP SECRET // SI / TK // REL TO USA AUS CAN GBR NZL (U//FOUO) Expanding Endpoint Operations FROM: COL USA Deputy Chief, Remote Operations Center (S321) Run Date: 09/17/2004 (S//SI) Endpoint operations activey subvert systems that create, store, or manage information - computers, peripherals, and telephone switches -- in order to directly retrieve data of intelligence value or achieve other operational ends. Tailored Access Operations (TAO) develops and employs technologies and techniques for endpoint operations. (S) Endpoint operations have resulted in reporting from all SID Product Lines and regularly assists SIGINT development, midpoint collection, and cryptanalysis and exploitation efforts. Endpoint collection also directly supports CIA and JSOC* counter-terrorism operations. (U//FOUO) TAO is expanding endpoint operations: increasing the number and diversity of targets and building a more scalable and robust endpoint operations infrastructure. A part of this expansion is the acquisition of a new endpoint access remote operations center (ROC) that is capable of managing and conducting endpoint operations on a scale that will dramatically expand collection available to our internal and external customers. (S//SI) This new ROC facility is scheduled to begin coming on line in the summer of 2005. It will be located on the 3rd floor of the R&E Building. As well as the growth reflected in the table below, this expansion will provide a main operations floor, a Technology Demonstration Center, and a training facility. The main operations floor and operations break-out rooms are used to conduct initial exploitation operations and sustained collection that involves human command and control of the operation. Current ROC - ROC 2005 5 Operations Break-out Rooms 13 2 Operations Teaming Areas 5 51 Server Racks 170 120 Personnel 215 17,000 Usable Square Feet 40,000+ (S//SI) Building the operations floor and increasing the number of break-out rooms will enable us to grow from the current average of 20-25 of these operations per day to over 100 per day and will facilitate the integration of NSA/CSS computer network operations and real-time customer support. Sustained collection involving automated implants pushing collected data from targets to the ROC as well as voice and geolocation collection are managed from the Operations Teaming Areas. The increased capacity in this area will support a growth from managing an average of 100-150 active implants today to simultaneously managing thousands of implanted targets. The increased personnel capacity will support this net growth in operations tempo and will allow the integration of TAO's Requirements & Targeting Division alongside the ROC's operators in order to better synchronize target development and efficiently plan and execute endpoint operations. (S//SI) The new ROC is but one facet of a much broader endpoint access expansion program. Other elements include exporting endpoint access operations to the RSOCs, dramatic improvements in automation, entirely new classes of hardware and software implants, more modular and standardized tool designs, and robust technology sharing and coordinated development with our First and Second Party partners. Overall growth of endpoint operations depends on the synergy of all these elements to balance endpoint target development capabilities, mission management processes, and efficient flow of collected data to production

organizations. *(U) Notes: JSOC = Joint Special Operations Command "(U//FOUO) SIDtoday articles may not be republished or reposted outside NSANet without the consent of S0121 (DL sid_comms)." DYNAMIC PAGE -- HIGHEST POSSIBLE CLASSIFICATION IS TOP SECRET // SI / TK // REL TO USA AUS CAN GBR NZL DERIVED FROM: NSA/CSSM 1-52, DATED 08 JAN 2007 DECLASSIFY ON: 20320108