February 27, 2014

NSA director Alexander's phones

(Updated: September 29, 2014)

After a range of articles about how NSA intercepts foreign communications, we now take a look at the equipment that NSA uses to secure their own telecommunications, more specific those of its director.

We can do this because last December, the CBS program 60 Minutes offered some unprecedented insights into the NSA headquarters. Of course very limited, but still interesting for those with a sharp eye. Perhaps the most revealing was that for the first time ever it was shown how the office of the director of NSA looks like:



The office of NSA director Alexander, December 2013
(click to enlarge)


The office of the director is at a corner on the eighth floor of the OPS 2B building, which is the wider and lower one of the two black mirrored glass structures of the NSA headquarters at Fort George G. Meade. Contrary to what many people would probably expect, the director's office is far from high tech.

We see a rather traditional interior with a classic wooden desk, shelfs with books, picture frames and lots of memorabilia, a conference table and a group of old-fashioned seatings with a large plant in a shiny copper pot.

Most interesting for us is the telecommunications equipment used by the current director, Keith B. Alexander, which can be seen in the following screenshot:



NSA director Alexander working at his desk, December 2013
Behind him we see his secure telephone equipment
(click to enlarge)


VTC Screen

In the corner at the left we see a video teleconferencing screen with a high-definition camera, made by the Norwegian manufacturer Tandberg. In 2010 this company was bought by Cisco Systems, so their equipment can be safely used for US Top Secret/SCI videoconferencing. From within secured locations (SCI enclaves), the video feed goes over the JWICS IP network for the intelligence community, which is secured by stream-based Type 1 bulk encryption devices.


STE Phone

At the left of general Alexander there's a large black telephone called Secure Terminal Equipment (STE), which is made by L3 Communications. The STE is a highly secure phone, which means that this device is capable of encrypting calls up to the level of Top Secret/SCI. This phone can be used to make secure calls to anyone with a similar or compatible device. STE is the successor of the almost legendary STU-III secure phone system from the late 1980s.

With an estimated 400.000 users, STE is used for secure communications with everyone working for the US government, the military or its contractors, who can not be reached through a more select secure phone network for the US military (IST/DRSN) or the SIGINT community (NSTS).


IST Phone

At the far right we see a big white Integrated Services Telephone (IST), which was designed by Electrospace Systems Inc. and manufactured by Raytheon. This is a so called "red phone", which means that it's connected to the Defense Red Switch Network (DRSN). This is the main secure telephone network for military command and control communications and connects all mayor US command centers and many other military facilities.

Although this IST phone looks very futuristic, it was gradually replaced by the newer IST-2 since 2003. Remarkable to see that notably the highest NSA official still uses the old model. The new IST-2 was also on the President's desk in the Oval Office, before it was replaced by a Cisco IP phone for the new Executive Voice over Secure IP-network in 2011, to provide a dedicated link between the President and his senior cabinet members.

It's revealing to see that there's no such new IP telephone in the office of the director of NSA, which means that he has no direct line to the President. Which is according to the fact that NSA actually falls under the Department of Defense and its intelligence gathering is coordinated by the Director of National Intelligence.
&nsbp;


NSTS Phone

A third, white phone set is hidden right behind general Alexander's back, but we can see a glimpse of it in this screenshot:



NSA director Alexander working at his desk, December 2013
Behind him we see his secure telephone equipment


This telephone is part of NSTS, which stands for National (or NSA/CSS) Secure Telephone System and is the NSA's internal telephone network for calls up to the level of Top Secret/SCI. Newer NSTS phones are connected by fiber optic modems to a fiber backplane that interfaces with an NSANet access point router. The voice traffic is then encrypted together with data traffic utilizing a Type 1 bulk encryption device.

As can be seen in other pictures from inside NSA, the devices used on the NSTS network are white Nortel M3904 executive phones - a very reliable high-end model which is also used at the offices of both the Israeli and the British prime minister. Nortel was a big Canadian telephone equipment manufacturer, but was dissolved in 2009. Thereafter, the Enterprise Voice and Data division of Nortel was bought by the US telecommications company Avaya (formerly Lucent)



A Nortel M3904 phone from the NSTS network as seen
elsewhere in the NSA headquarters building


From declassified NSA documents, we can learn that the NSTS phones have numbers like 963-5247s (with s for secure) and that the numbers of the STE phones are written like STE 6325 (no real examples).* The IST phones of the DRSN have four or five digit numbers.*


Predecessors of these three types of telephones (STE, IST and NSTS) were also present in the office of then NSA director Michael V. Hayden, when James Bamford described a meeting with him in his 2001 book Body of Secrets:
"There are also several telephones on the table. One for secure internal calls; another is a secure STU-III for secret external calls; and a "red line" with buttons that can put him through instantly to the secretary of defense, the Chairman of the Chiefs of Staff and other senior officials.
No phones, however, connect the director to the White House; indeed, during Hayden's first year in office, he never, once spoke directly to president Clinton".*

In a declassified interview (pdf) with NSA director Hayden from January 5th, 2000, he says:
"Behind my credenza, I have a gray phone, a STU-III, an STE, and a red phone. NSA has a gray phone because it was ahead of everybody else. But everyone else has caught up. So I actually made the note today to go back and see how much it costs us to sustain these systems."
Compared to the situation in 2001 as described above, we see that the (outdated) STU-III was removed shortly afterwards, and the term "gray phone" apparently refers to the telephone device connected to the NSTS.


Computers

In a separate program, called 60 Minutes Overtime, CBS showed 'The Making Of' their previous 60 Minutes report about NSA. It included some new video fragments, like one in which we get a better look at the computer equipment on the desk behind director Alexander's chair:



NSA director Alexander being interviewed by John Miller, December 2013
At the left side we see the director's computer equipment
(click to enlarge)


We see a common HP office keyboard, two computer screens and in between them there's a so-called KVM-switch with some colorful stickers on it.

The latter device is used to work on multiple computers or networks operating at different classification levels, all with one Keyboard, Video screen and Mouse, hence the abbreviation KVM. By pushing a button, the device can switch between four different connections, which is done by the hardware in order to keep them physically separated. The KVM Switch in this picture is the SwitchView SC4 from Avocent (formerly Cybex) with four secure channels.

From the stickers with the color codes, we learn that this device enables the director to switch between three separate computer networks at the following classification levels:
- Green: UNCLASSIFIED, which is the military NIPRNet
- Red: SECRET, which is the military SIPRNet
- Orange: TOP SECRET and Yellow: TOP SECRET/SCI

The latter connection is most often used for access to JWICS, the highly secure network used by the American intelligence community, but here it may also be used for NSANet. It's not clear whether the second compter screen is for one of these networks, or for a separate access to the common internet. Both screens have a blue label which might denote that the screens can be used for multiple classification levels.



60 Minutes

The CBS program Inside the NSA was broadcasted on December 15, 2013, but was immediatly heavily critized as being too less critical in approach to the NSA, some people even said it was NSA propaganda. This seems not quite fair, as Snowden reporter Glenn Greenwald had numourous occasions in media from all over the world to present his interpretation of what NSA is doing - which went almost unquestioned.

CBS reporter John Miller asked NSA director Alexander about all the major things that came up from the Snowden-leaks and he also got answers. NSA even showed an actual example of how the metadata contact chaining method works. Whether one is satisfied by these anwers is another thing, but we should keep in mind that Greenwald's version is not always the right one and NSA is not always lying.



CBS 60 Minutes: Inside the NSA (December 15, 2013)



NSA director Keith Alexander, who's a four-star general and a career Army intelligence officer, will retire on March 28. He was head of the National Security Agency and the Central Security Service since August 2005 and the US Cyber Command since May 2010. It's expected that he will be replaced by US Navy Vice Admiral Michael S. Rogers.



Links and Sources
- Premium.chosun.com: 미국 국방부 산하 정보기관 NSA(국가안보국) 국장, 극비통신장비 노출에 비상 [출처] 본 기사는 프리미엄조선에서 작성된 기사 입니다
- HuffingtonPost.com: '60 Minutes' Trashed For NSA Piece
- CBSNews.com: Inside the NSA - How did 60 Minutes get cameras into a spy agency
- Wired.com: NSA Snooping Was Only the Beginning. Meet the Spy Chief Leading Us Into Cyberwar

9 comments:

franz said...

There is a second - SCIF room

Anonymous said...

Joe Tag writes:

Regarding the IST phone, you have a good insight about the model, and it's use. Also, I agree, in this office, he does not have the Cisco-IP "TSG Qualified" phone-set, which is curious, interesting.

I believe that many INTEL organizations are still following the phone-set color codes: White (not needing a label ); Grey is Secure, Black phones (if STE ) need a "SECURE" or "STE" label; otherwise the phone is "clear";
Green is "sterile/clean" .
The white Nortel (old name: Northern Telecom) 3904/3903 phones may have a inside shielded paint-job; maybe not. They are probably on a special Secure/Encrypted network; calls off of the net may be protected by STE-R or a rack of L3-Omni's or a rack General Dynamics Sectera's.

There are at least 2 computers under the desk; perhaps that the "Blue" label denotes that the systems have been set at the CONFIDENTIAL level when the photo was taken? ( Green is Unclassified) . You mention "Both screens have a blue label which might denote that the screens can be used for multiple classification levels."

Excellent site; and I will visit again.




Anonymous said...

Good observation about the phones. The Nortel M3904 (white) is probably on an "always secure/encrypted network"; calls "off-net" protected by STE-R, rack of L3 Communications Omnis' or rack of General Dynamics Sectera units.

Excellent site, and I will visit again. Joe Tag.

Anonymous said...

Bitch got a lot of phones. No balls or backbone though. I bet she does nothing but gossip all day.

Informative post.

Anonymous said...

I've seen that the Nortel phones are "Platinum" White.

Anonymous said...

I know this blog is slightly dated (over a year old). However, there is some inaccuracies concerning the IST phone and the DRSN network.

In all reality, an IST is the only phone that is needed for his desk. With a few programmed digits, it can connect to NSTS; JWICS; VOSIP, VOIP, SCAMPI, SME-PED, UK-DFTS function.

I am not 100% about ExecVOIP, but I fell confident in saying that theoretically it's doable with a single routing table line addition and physical connectivity.

However where it currently corners the market in technology is it's ability SAL level match phone connections while live ie. TS down to Secret.

P/K said...

Thank you for these additional insights! I am aware of the various connectivity and gateway options, but here I described the primary function of each of the phones. And given the fact that there are three separate phones in his office, it seems that the people responsible for the phone network didn't choose to enable such gateway connections, for some reasons or another.

Anonymous said...

Wow... Brings back memories.. I was on the design engineering team that developed these phones.. The ISTs were also used at NASA on the Electrospace MDS PBXs. But I mostly working on the DRSN side of the house. There is truly more than meets the eye under the hood of these sets and I doubt Cisco and other match them in the layered security capabilities.

Jr. Williams said...

What is the difference between PSTN and PBX? what exactly is a PBX?
tampa voip service

In Dutch: Meer over het wetsvoorstel voor de Tijdelijke wet cyberoperaties