The NSA's new organizational designators

For decades, the organizational structure of the NSA was classified, but since 2013 the Snowden documents provided hundreds of designators of internal divisions, branches and units, which allowed me to reconstruct the agency's internal structure.

From 2016 to 2017, the NSA was reorganized so that many of those designators may have changed. Some recent documents, however, provide designators from the current situation, which allows to start a reconstruction of the new structure as well.





The reorganization of 2016

The organizational structure of the NSA as it emerged from the Snowden documents was established in the year 2000 under director Michael Hayden. In 2016, director Michael Rogers initiated a full reorganization under the name NSA21, in order to prepare the agency for the cyber challenges of the 21st century.

One of the most important (and controversial) changes was fusing the operational elements of the Signals Intelligence (SID) and Information Assurance (IAD) directorates into the new Directorate of Operations. The remaining information assurance activities were merged with the old Technology Directorate into the new Capabilities Directorate.

The hacking group Tailored Access Operations (TAO) was renamed into Computer Network Operations (CNO). The new structure as envisioned by NSA21 reached full operational capability in December 2017.




On October 1, 2019, an additional Cybersecurity Directorate (CSD) was established to unify the NSA's foreign intelligence and cyber defense missions and to prevent and eradicate threats to National Security Systems (NSS) and the Defense Industrial Base (DIB). The CSD pulled its workforce from several directorates, including the Operations Directorate and the hacking group Computer Network Operations.



The new organizational structure

A number of internal designators of the NSA's current structure can be found in the extensive NSA/CSS Policy 12-3 Annex C, which was issued by director Paul Nakasone on June 29, 2023. The divisions and offices and their designators found in this policy document are:

---

Some additional remarks

If we compare these current designators with the structure before 2016, we see that:

- The Office of the Director is still designated as "D" and may not have changed much, except for the Inspector General and the Chief Information Officer who were previously part of the Director's Office, but now have their own top-level designator (I and Y, respectively).

- For the Inspector General (IG) this reflects that since the FY2014 Intelligence Authorization Act this official is appointed by the President and confirmed by the Senate. Previously, the IG was appointed by the Director of the NSA, who could also remove him. The first presidentially appointed NSA IG was Rob Storch, who served from 2018 to 2022.

- The new position of the Chief Information Officer (CIO) seems to be very recent, as in 2020, the IG criticised that the CIO also served as head of the NSA's Capabilities Directorate and wasn't included in the organization charts of the agency.

- At least two other parts of the Director's Office seem to have been transferred to a newly created P division. This might be the Engagement & Policy Directorate mentioned in the diagram shown above.

- The new Cybersecurity Directorate was also assigned a top-level designator that wasn't used before: C.

- The new Operations Directorate is designated by the letter X, which was already used under the old structure, although we don't know for what kind of activity. Maybe the previous X division was just temporary as the only source that mentions it is a document from 2007.


> See also: The NSA's regional Cryptologic Centers