Leaked US spying budget reveals investments in 'groundbreaking' cryptanalysis

The 'cryptology' program was set to receive $11 billion from the $52.6 billion budget asked by the intelligence community for 2013

The U.S. intelligence community is reportedly using a fifth of its US$52.6 billion annual budget to fund cryptography-related programs and operations.

Some of those funds are invested in finding weaknesses in cryptographic systems that would allow breaking encrypted communications collected from the Internet and elsewhere, according to a portion of a top-secret document published Thursday by The Washington Post and obtained from former National Security Agency contractor Edward Snowden.

The document is the fiscal year 2013 budget proposal summary for the National Intelligence Program, which spans 16 agencies with over 107,000 employees. The entire report called "FY 2013 Congressional Budget Justification" has 178 pages, according to the Post, but the newspaper only published 17, including a 5-page statement signed by U.S. Director of National Intelligence James Clapper.

In his statement, Clapper listed the primary areas of investment for the intelligence community which included Signals Intelligence (SIGINT). In respect to SIGINT he wrote: "We are bolstering our support for clandestine SIGINT capabilities to collect against high priority targets, including foreign leadership targets. Also, we are investing in groundbreaking cryptanalytic capabilities to defeat adversarial cryptography and exploit internet traffic."

Cryptanalysis is the science of analyzing cryptographic systems in order to find weaknesses that would allow obtaining the contents of encrypted messages without advance knowledge of the encryption key.

Previous documents leaked by Snowden revealed that the NSA is collecting Internet communications en-masse with the help of telecommunication and technology companies. U.S. companies that operate the backbone telecommunications and Internet infrastructure are paid millions of dollars every year by the government to allow the NSA to collect data as it moves through their fiber-optic cables and networks, the Post reported Thursday.

The newly leaked budget reveals that this money is paid through a project called the "Corporate Partner Access" that was expected to cost $278 million during fiscal year 2013, the newspaper said. There are some other payments for "Foreign Partner Access" totalling $56.6 million, although it's not clear if these are for foreign companies, foreign governments or other entities.

The NSA's mass upstream interception of Internet traffic has prompted many people in the security community to wonder what the agency's crypto-cracking capabilities might be in relation to encryption schemes and protocols that are in widespread use on the Internet today. Some crypto experts believe that there is not reason to believe the NSA can crack strong encryption algorithms vetted by scientists, but others said that the feasibility of breaking widely used encryption protocols like SSL/TLS depends on various factors, like key size and other configurations.

While the leaked budget document does not provide details about the NSA's ability to crack encrypted communication, it does confirm that cryptography and cryptanalysis are one of the U.S. intelligence community's key areas of interest.

Twenty-one percent, or roughly $11 billion, of the 2013 budget was intended for the Consolidated Cryptologic Program (CCP), which includes NSA programs and is staffed by around 35,000 employees. This makes it the second most expensive program of the intelligence community after the Central Intelligence Agency program, which was supposed to receive 28 percent of the funds.

Of the $11 billion used to fund the CPP, around $2.5 billion, or 23 percent, were intended for "collection and operations" and $1.6 billion, or 15 percent, for "processing and exploitation." The program's biggest expenses were estimated in the "enterprise management and support" category which was set to receive 26 percent of the funds.

Join the CSO newsletter!

Error: Please check your email address.

Tags Government use of ITsecurityU.S. National Security Agencyencryptiongovernment

More about CryptologicNational Security AgencyNSA

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Lucian Constantin

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts