The CyberWire Daily Podcast 12.30.16
Ep 256 | 12.30.16

Interview with Daniel Ennis, former director of the NSA Threat Operations Center.


Dave Bittner: [00:00:03:16] I'm Dave Bittner in Baltimore. Our podcast team is taking a break this week for the holidays, but don't fret, we'll be back next week with all new episodes of our show. In the meantime, this week we're revisiting some of our favorite interviews from 2016. Stay with us!

Daniel Ennis: [00:00:24:20] Time to tell you about our sponsor, Recorded Future. Recorded Future is the real time threat intelligence company, whose patented technology continuously analyzes the entire web, developing cyber intelligence that gives analysts unmatched insight into emerging threats. At the CyberWire, we subscribe to and profit from Recorded Future's Cyber Daily. As anyone in the industry will tell you, when analytical talent is as scarce as it is today, every enterprise owes it to itself to look into any technology that makes your security teams more productive and your intelligence more comprehensive and timely, because that's what you want: actionable intelligence. Sign up for the Cyber Daily email and every day you'll receive the top trending indicators Recorded Future captures crossing the web: cyber news, targeted industries, threat actors, exploited vulnerabilities, malware and suspicious IP addresses. Subscribe today and stay a step or two ahead of the threat. Go to and subscribe for free threat intelligence updates. That's, and we thank Recorded Future for sponsoring our show.

Dave Bittner: [00:01:37:03] Daniel Ennis is former Director of the NSA Threat Operations Center, or NTOC, and is currently Executive Director of the University of Maryland Global Initiative on Cyber. We spoke with Daniel Ennis back in July.

Dave Bittner: [00:01:50:06] Take me through your career. What were you studying in college and where did you go from there?

Daniel Ennis: [00:01:53:16] Well, I went to the University of Maryland and studied law enforcement with a heavy dose of history as an aside. Ultimately, first job in the government was with DEA, Drug Enforcement Administration. I was a DEA agent, spent some time in New York in that space. I transferred to NSA into their security element there, as an agent, but ultimately moved over into traditional operations at NSA, SIGINT operations, which commissions at NSA effectively information assurance and signals intelligence, and in that space ultimately became the Director of the NSA Threat Operations Center.

Dave Bittner: [00:02:35:04] So, take us through the Threat Operations Center. What is the mission of the center? What are they there to do?

Daniel Ennis: [00:02:40:14] Well, the primary mission is to understand what is in the foreign intelligence space relative to cyber, and actually help the protection of US national security systems by translating that and working with elements across the NSA and across the US government in providing information assurance and defensive insights that might help protect those systems.

Dave Bittner: [00:03:04:22] And who are you partnering with? What are your relationships with industry?

Daniel Ennis: [00:03:08:19] Well, that's the cyber space that we all live in, the cyber context that we all live in. Principally working with the FBI and DHS, because they have authorities to help in the United States context, but more importantly, across a broader spectrum than that working with the private sector, working with industry groups ultimately, working with entities that have been penetrated and, for whatever reason, the US government believes that we ought to help them. I mean, at the end of the day, when you start talking about cyber, our principal role was to help protect the national security systems. Ultimately, when you have threats against the financial sector or other sectors, and NSA has relevance in that space, it's incumbent upon us to figure out how to help. And again, most of the was through DHS and FBI.

Daniel Ennis: [00:04:02:21] NSA's got a foreign intelligence mission, but in that foreign intelligence space you become aware of information that can help others, and obviously NSA's got a role in that space.

Dave Bittner: [00:04:14:15] And so, take us through the day to day for a person in your position. What kinds of things were you handling, were you dealing with on a day to day basis?

Daniel Ennis: [00:04:22:24] Well, in many instances, when you lead a large workforce, your day to day issues are leadership issues and how you engage in strategy, and that's actually where you want to be. So my day to day was, hopefully, for the most part, in the strategic layer, developing strategies to help the agency, NTOC, the government, proffer good expertise in the cyber arena.

Daniel Ennis: [00:04:47:00] Ultimately, though, you do become aware of instances or issues that then you engage tactically because it's a threat, either to one of those national security systems or because it represents some issue that I ought to coordinate with the FBI DHS on. So, I would characterize mine at the strategic layer, but ultimately you have to keep your finger on the pulse of the workforce. Not only are there HR issues, but what are the issues affecting cyber, so that you can speak with some sense of the context and provide leadership at NSA or leadership at FBI, DHS or other places what you're seeing in foreign intelligence.

Dave Bittner: [00:05:27:17] When you look at the various threats that affect both the United States and on a global level, in your opinion, where does cyber rank? Where does it fit in?

Daniel Ennis: [00:05:37:19] Well, so I mean first of all you have to look at the context, that we're in the United States or the world, right, we live on a digital platform. I mean, the commerce and everything we do in the United States is on the internet, right? I mean, you look at everything that's going on and all the innovation that we would anticipate, it's all connected and we're all connected. And so, if you take that as a given, ultimately, it is one of the highest priority issues, that being cyber defense.

Daniel Ennis: [00:06:09:02] We, as a nation, are one of the most vulnerable to cyber attacks, to cyber intrusions, because we are so tied to the internet. I think that, if I had to create a construct, certainly counter-terrorism and issues associated with terrorism take top priority because of the concern about physical threats to US persons and our allies. Certainly, counter-proliferation, given the problems in that space, could create issues that we all would want to avoid.

Daniel Ennis: [00:06:38:11] But I would put it right up there, because of the cyber piece. I would put it right up there in parallel with those mission sets, because we are so vulnerable, as a country, and it is such a part of our future.

Dave Bittner: [00:06:51:02] When you looked at our capabilities as a nation, in terms of defending ourselves, in terms of being able to handle these cyber threats, what were some of the areas where - I guess I'm looking for you to contrast - what were some of the areas where you thought, "This is an area where we've got it under control versus this is an area might keep me up at night,"?

Daniel Ennis: [00:07:15:02] Well, I mean again, everything's relative. So I thought we had relative strength in the space at NSA in its primary role of protecting US Department of Defense systems and ultimately helping others in protection of the national security systems. That said, given the wide open nature of the internet, and given essentially how both the nation states and criminal elements have proffered and prospered in this space, I think we're massively vulnerable across all the spectrum. And so I think that we have strength in our knowledge, we have strength in our capability, we even have strength in our knowledge as to how we apply defensive measures to protect systems, but there's such a huge vulnerability and such huge gaps. And we talk about zero days being created every day that make whatever element that you might refer to vulnerable, I think that in space, you know, we just have a huge way ahead, a huge mountain to climb if we're actually going to secure systems.

Daniel Ennis: [00:08:22:17] I mean, it doesn't go unnoticed that our information assurance organization at NSA had come out with, in many instances, you know, "Hey, these are the top ten things you should do to protect yourself," but even in that space most entities aren't even taking the most basic steps to do that. So it's not just that the vulnerability's there, it's that, even when you represent that you understand how you could make yourself less vulnerable, how you can close off the possible vectors of attack that you might face, most people aren't doing it.

Dave Bittner: [00:08:55:02] From a business point of view, from a leadership point of view, as you made your way up to a leadership position at NSA, throughout your career, what kinds of advice do you have for people who are coming up just from a purely leadership point of view, from an organizational, operational point of view? To be a good leader, what are some of the things you learned along the way?

Daniel Ennis: [00:09:14:22] Well, first of all, it always helps to have a good mission. I mean, so, people want to achieve, they want to have success, but they also want to have an interesting job. I think that the idea that I would sit there every day and turn a screw and that's my job, I mean that's problematic. So, if you have good mission, I think that's a great piece, and certainly at NSA we do and they do have great mission. But, I think that great mission exists in the cyber world as well. I mean, you actually, if you're involved in cyber defense you're doing great work. You're doing great work for the country, you're doing great work for the economy, and it can be an incredibly interesting job. So that idea of great mission and an interesting job.

Daniel Ennis: [00:09:55:19] But what they also look to leadership to do is to stay in their lane and, in certain levels, leadership has to stay in the strategic lane and empower them to be successful in their own right. I think the idea that you don't have to be the technical expert as a leader, you have to empower those that are the technical experts to do their job, I think that is a leadership lesson. People have a difficult time when they've grown up as a technical person ultimately making that transition, but the successful leaders actually make that translation. They understand the context by which, and you have to know enough of the technical parameters of whatever the mission is that you're doing, to understand it, but you have to make that transition that says, "Okay, I'm moving to a leadership level, and I need to empower those folks that understand the day to day activities in whatever mission space that they are in to be successful. Let them do their job while I provide the strategic infrastructure, the mechanisms that allow them to do that efficiently and effectively."

Daniel Ennis: [00:11:01:18] I think the other issue is you have to provide feedback to employees. I mean, the tried truism is that you counsel in private and you praise in public. I mean, I think that's huge. I've heard that people don't leave organizations, they leave people. I do think that there's a lot of truth in that. If you can empower your people, you've got good mission and ultimately you'd provide them the type of feedback that they need to improve. So, you know, you counsel them and say, "Hey, John, Sally, here's where you need to improve in this space," but that's done privately in a constructive manner; and then you praise in public when they've done a good job, because people want their peers, they want their family, they want others to understand that they're doing a good job, not just doing good mission but doing a good job.

Daniel Ennis: [00:11:55:15] I think the other issue, frankly, and one that's overlooked at times, is people want to have a little bit of fun. I think that, you know, you have to make the workplace a little bit of fun. You know, slide across the conference room table and wake people up occasionally if it's gotten too staid, people aren't having fun. But, I mean, I joke about that, but the fact is is that, you know, you have to loosen up a little bit at times. You have to allow people to joke around - appropriately, of course - but at times you just can't be it's all about mission every day. It is about mission every day, but you also can laugh; you also can have some fun in that space.

Dave Bittner: [00:12:41:15] So when people think of the NSA, I think there's this popular, almost sort of Hollywood version, of what the NSA is and what the NSA does. How do you think the public's perception of the NSA aligns with the reality of what the NSA actually does on a day by day basis?

Daniel Ennis: [00:12:56:14] I think you hit it. There's probably a Hollywood version. You know, if I go to see a James Bond movie, I want to see bells and whistles, right? And I think that, in some instances, people kind of want to see that. But, obviously, the reality is much different. I think there's also a part of this context is some of the Snowden insights that were provided which, by the way, clearly I think he got that a lot wrong.

Daniel Ennis: [00:13:23:18] NSA's an incredibly technically proficient agency. And I'm retired, but I still love the place, what I would want people to know is that they actually follow the rule of law, that, in fact, they, at great pains, strive to follow the rule of law. We have incredibly robust process, incredibly robust leadership, whose job it is every day to make sure that we are following that rule of law. I think if you checked with some of the civil libertarians that were a part of the review process after some of the Snowden information came out, they will tell you that if they had a surprise it was just how much emphasis and how much just true pure process the NSA places on ensuring that they follow that.

Dave Bittner: [00:14:13:04] That's Daniel Ennis, former Director of the NSA Threat Operations Center.

Dave Bittner: [00:14:19:15] And that's the CyberWire. We'll be back next week with our regular edition of the CyberWire Podcast. Thanks to our sponsor, Recorded Future, for making today's podcast possible. The CyberWire Podcast is produced by Pratt Street Media. Our Editor is John Petrik; our Social Media Editor is Jennifer Eiben; our Technical Editor is Chris Russell; our Executive Editor is Peter Kilpe and I'm Dave Bittner. Thanks for listening.