Ground Zero in the nation’s fight against cybercrime hides in plain sight, in a nondescript suburban office building with no government seals or signs.
Only after passing a low-key receptionist stationed on the seventh floor does one see the metal detectors, personal cellphone lockers and a series of heavy doors marked “classified” – all leading to the auditorium-sized National Cybersecurity and Communications Integration Center.
Inside, around the clock, close to 100 specialists monitor floor-to-ceiling maps of the U.S. and world, along with streams of data and breaking news. States are color-coded from green to red, for a low threat of attack to severe.
“This is where we put out the fires,” says Phyllis Schneck, chief cybersecurity official for the Department of Homeland Security, nodding at an image of a rotating globe on a huge screen.
This fall, The Associated Press paid rare visits to two key civilian and military cybersecurity centers, a secret lab and a 24/7 incident-response venue where the government’s computer scientists work to combat an increasing bombardment by thieves, hostile states and hacktivists.
Cyberattack now eclipses terrorism as the biggest threat to national security, according to U.S. intelligence chiefs. And an AP report published this week found the $10-billion-a-year federal effort to protect the nation online is failing to keep up with attackers who tap into .gov and .mil networks from coffee shops down the street or military bases on the other side of the world.
The hubs for the nation’s online defense are tucked away in office parks mostly in Washington’s sprawling suburbs. There are no external signs these are classified facilities. The AP was granted access only after agreeing to not disclose street addresses, or record equipment serial numbers or employee badges. Some images on desktop monitors were also off-limits. Cellphones were barred, and background checks were required.
Inside the DHS cybersecurity center in Arlington, Virginia, rows of industry, military and intelligence analysts watch three large monitors on each of their desks; they’re detecting, preventing, responding to and mitigating cyberattacks.
Some scan through columns of numbers, monitoring live data fed through the federal “Einstein” program, a software system that searches government networks for malware, viruses and hacks. Others spot defaced websites and data leaks. Frequently, teams travel directly to infected computers to get them off the network.
Department of Homeland Security spokesman Sy Lee declined to comment on whether the center was involved in stopping a recently reported cyberattack on White House networks, but he said DHS generally leads such response efforts.
Infected military computers are taken to a similarly discreet building in Linthicum, Maryland.
The Defense Cyber Crime Center has an ordinary entrance where a receptionist checks in visitors before they pass through locked doors. Then there’s a second entrance, a wood-paneled wall with military seals and potted plants. Down a maze of hallways, cybercrime soldiers and defense contractors extract information from devices seized from battlefields, military crime scenes and federal employees whose computers may have been hacked.
They crack encryption on devices, unlock cellphones and disassemble laptops. Tables are stacked with hard drives, including at least one that looks like it has a bullet hole in it. Another was seized during the Gulf War.
“Warning: Contains contraband and potentially disturbing content” reads a sticker on one computer.
Tool kits include screwdrivers, pliers, scissors, tweezers and wrenches. The specialists don’t hit an “on” switch until the equipment is placed inside a sealed box, to prevent wi-fi signals from reaching or being sent from the devices. A technician with a buzz cut and magnifying glasses leans over a digital tablet’s colorful circuit board, soldering small wires that could eventually allow him to peek into the user’s emails, documents and web-browsing habits.
Specialists like him are in high demand, as private-sector cybersecurity jobs can pay double federal salaries, which average around $80,000 a year. The Defense Department this year announced plans to triple its cyberwarrior force to 6,000 by the end of 2016, and the Justice Department is also recruiting hundreds of cyber-savvy contractors and civil servants.
In addition to these two centers, the federal government maintains others scattered around the country, including Maryland, Georgia, Texas and Hawaii.
Assistant Secretary of Defense Eric Rosenbach, the DOD’S principal cybersecurity adviser, said such centers focus on keeping hackers out, but also on mitigating the damage they can do.
“It’s not inconceivable another country would try to take down our network,” he said, “but if they do, we’re resilient and it pops back up.”