18 October 2000: Add Appendixes A and B.
17 October 2000
Source:
http://www.nsa.gov/releases/nsa_new_enterprise_team_recommendations.pdf
(6.4MB)
This is one of two reports released 17 October 2000 by the National Security Agency on October 1999 recommendations for its reorganization (after releasing them to Inside Defense under FOIA request):
http://www.nsa.gov/releases/reports.html
The other report is, "EXTERNAL TEAM REPORT: A Management Review for the Director, NSA," October 22, 1999:
http://cryptome.org/nsa-reorg-et.htm
[22 pages for principal text here; full report with appendices is 76 pages.
The 1999 date on the report is correct but some of the appendices have 2000
dates, probably for printout.]
1 October 1999
__________________________________________________________
It is not the strongest of the species that survives, nor the most intelligent; it is the one that is most adaptable to change. - Darwin
Absent profound change at NSA, the nation will lose a powerful weapon in its arsenal. Stakeholders and customers are resigned to accepting diminished NSA capability, not because of insurmountable technological challenges, but because NSA has proven to be a poor steward of the nation's SIGINT and INFOSEC capabilities. They have already begun to separate NSA products and services, which they view as a national treasure, from NSA the institution, which they view as a threat to the continued availability of those products and services. NSA is an organization ripe for divestiture: its individual capabilities are of greater value than is the organization as a whole. The legacy of exceptional service to the nation that is NSA is in great peril. We have run out of time.
NSA is an organization ripe for divestiture: its individual capabilities are of greater value than the organization as a whole.
Although our study concentrated less on how we got into this condition than on how to get out, we believe it is important to note that the answer to both questions lies in the same issue: leadership. NSA has been in a leadership crisis for the better part of a decade. It is the lack of leadership that is responsible for both NSA's failure to create and implement a single corporate strategy, and for the complete breakdown of the NSA governance process. Lack of leadership is also at the heart of unfortunate organizational behaviors that have created a perception among customers and stakeholders that NSA places higher value on its tradecraft than it does on outcomes for the nation. As a result, NSA has lost credibility with its stakeholders and customers and has failed to begin the organizational transformation necessary for success in the information age.
Immediate steps must be taken to reverse this situation and leadership again holds the key. Change is a leadership function. Leaders chart a course for the future and establish the standards and discipline to get there. Major change at NSA carries some risk, but risk is the normal regime of the leader. The leadership factor will be the key to successful change. It is the leadership factor that will bring us out of our insular, sometimes arrogant culture and position us for true collaboration and learning. It is the leadership factor that will put us at the forefront of national success against 21st Century threats and opportunities. It is the leadership factor that will make the difference between mediocrity and excellence.
(Note: Chart including names and signatures of Internal team members was included here in original report and has been removed due to anonymity concerns of Agency employees.)
What we recommend is ... a transformation that will match the bold vision and extraordinary accomplishment of those who established and nurtured NSA into bonfide national treasure almost 50 years ago...
If we display courage, leadership, and discipline there is no doubt that we can succeed. We have the raw materials -- talent, creativity, energy and enthusiasm. Indeed, the workforce has carried the NSA institution on its backs for the better part of a decade. No workforce, no matter how talented and dedicated, can lead us toward the future without a road map to show the way. Senior leadership must provide that road map. And be held accountable for movement forward as a matter of urgency.
The magnitude of the change we are proposing is tantamount to rebuilding an aircraft while it is in flight and loaded with passengers. What we recommend is nothing short of a transformation that will match the bold vision and extraordinary accomplishment of those who established and nurtured NSA into a bonafide national treasure almost 50 years ago: to define the next two generations of the National Security Agency. First, we need to address the challenges of technological change and how to meet them effectively and efficiently. That's NSA II. It will be a new and improved version of today's NSA, but still just the sequel. Beyond NSA II we need to design and begin building "the NSA After Next" -- a fully integrated enterprise which mobilizes intellectual capital against "wicked problems" and operates and thrives in the net. We caution that this effort is a marathon, not a sprint. We believe it is our solemn duty to begin immediately. The nation deserves nothing less from us.
In light of the aggressive timeline of this study and the complexity of the issues examined, this report is not an exhaustive examination of all issues facing NSA today and in the future. Our recommendations focus instead on actions that we believe must be taken as a matter of urgency for the very survival of the institution. The recommendations center on six core issues: decision-making; leadership; strategic alignment; customer, partner, stakeholder relationships; resource management; and the workforce. As our recommendations crystallized, we did identify some omissions and scope limitations that we believe should be highlighted. They are listed below.
After 60 days of study, it boils down to this: get back to basics, put NSA on a solid business footing., and do it now.
We've identified six issues that demand your attention:
None of this will be possible without the workforce; therefore, we urge you to take immediate steps to ensure you have the necessary skill mix -- and the flexibility to modify it as needed. Accomplishing this will require a major overhaul of the current HR system, to include aligning our hiring with the corporate strategy, reforming our pay system, and increasing our use of outside expertise. It's a long-term task, but it must begin soon. Key to success will be expanding the definition of stakeholder to include the workforce as a full-fledged member -- make your workforce a full partner in developing HR solutions.
Long-term (2 years): Complete the transformation to NSA II
What's left for the long-terrn is to complete the transformation of NSA into NSA II. Restructuring is probably inevitable, and we offer several options. But our unanimous conclusion is that restructuring the Agency is secondary to fixing the fundamental problems: lack of leadership, lack of governance, and lack of strategic alignment. Fix those, and you'll be well on your way to turning the Agency around and leading us into the 21st Century.
On the next page is an illustration [not provided in original]
of our key recommendations in timeline
format. The body and appendix contain additional
recommendations.
Our decision-making process is ineffective.
"The current SALT does not have enough substantive discussions on substantive topics, and if members are there to defend their Key Components we won't get corporate decisions."
Decisions are an organization's heartbeat, collectively defining its commitments and charting a course that determines corporate outcomes -- good or bad. While decisionmaking is a key responsibility of leaders, it is also an important skill for every employee. Unfortunately, NSA has no foundation to support sound decision-making. Specifically:
Near-term (30 days): Tackle leadership and decision-making
To tackle the issues, you must start at the top, with leadership and governance. First, fix the SALT -- it's ineffective. Streamline it into a powerful executive leadership team (ELT) with fewer members, tighter procedures, and a mission focus. Hire a financial management officer (FMO) with the business savvy to put our house in order and give him or her the authority to manage our finances.
To tackle the issues, you must start at the top, with leadership and governance. First, fix the SALT-- it's ineffective.
And provide the ELT with a clear understanding of the rules of the road -- a well-defined governance process. The DDCM should define the process; it will be up to you to enforce it. You must also immediately establish standards against which the executive leadership team, and indeed all Agency leaders, will be judged. These are the basic tools -- you must have them in your tool-kit before you can do anything else.
Now the real work begins. You and your new ELT must develop a strategic plan and a business plan. The plans must begin and end with the customer -- not our "tradecraft"and they must be clear enough and specific enough to chart our course. Please do not delegate this to a staff; we strongly believe it's a leadership responsibility.
Mid-term (6 months): Align ourselves to the corporate strategy; move toward NSA II
As soon as the plans are completed, you and the ELT must ruthlessly and relentlessly drive their implementation at all levels of the Agency. Again, this is your job. It's up to leadership to develop the framework for change -- and to be the agents of change. In fact, given the sweeping changes that lie ahead, we recommend you make change itself a strategic goal.
Specific mid-term tasks:
It's up to leadership to develop the framework for change -- and to be the agents qf change.
Nowhere are these problems more evident -- or more costly to the corporation -- than at the top. The current SALT is ineffective as a decision-making body largely for the reasons cited above.
If we are to get to NSA II, we must start by creating a foundation for sound decisionmaking.
Restructure SALT
1. Replace the current SALT structure with an Executive Leadership Team (ELT) made up of the DIRNSA, DDIR, DDO, and DDI.
This would ensure that strategic decisions are driven by our core missions. The remaining members of the present SALT would provide advice and support. Use the ELT as the premier decision-making body and disband all others (notably the CIG) except for the Joint Issues Board (JIB), which should remain intact to handle issues requiring direct SCE participation. Key tasks of the ELT would be to continually assess NSA's business environment, monitor corporate performance and ensure that decisions are implemented. Perhaps most importantly, the ELT must provide strategic direction. We further recommend that you consider moving the DDO and DDI suites to the eighth floor with the other ELT members to increase opportunities for sharing ideas.
Define authorities; create decision-making process
2. Define the authorities of senior leadership; create a process for decision-making.
Task the DDCM to explicitly define the authorities of the ELT and the JIB and of individual leaders at and above the Key Component level. Furthen-nore, task the Executive Director to define how the decision-making process will work and oversee its implementation.
Create agency-wide Management Information System
3. Create an enterprise-wide management information system to enable fact-based decision-making.
To accomplish this, hire an outside consultant to review and document information needs and systems requirements. As part of the effort, the consultant should review existing and proposed systems that may address these needs (personnel systems, UCIS, etc.). When the review is completed, task the NSA CIO to develop and implement an overall NSA management information systems (MIS) strategy. (See the Customer, Partners, Stakeholders and the Resource Management sections for related MIS recommendations.)
We lack effective leadership.
"Leadership is your key issue, your main problem. You can't assume that because someone has talent, they know [how] to lead."
From Churchill to MacArthur, leaders are easy to recognize. They set strategic direction, drive change. make hard decisions, and motivate people. They have talent they're born with and the skills they develop. A healthy organization looks for the talent and cultivates the skills. Unfortunately, at NSA we do neither well. As a result, leadership is sorely lacking. Indeed, nearly every person we interviewed mentioned the failure of leadership as the principal cause of the Agency's decline. There are several reasons for this:
Leadership is not viewed as a core competency. Leadership qualities and behaviors are not validaed or rewarded.
These shortcomings have put us in dire straits. At a time when we need it most -- when declining resources and increased challenges call for hard decisions and follow-through on those decisions -- leadership has failed on multiple fronts. It has not provided a corporate vision or strategy. It has been unable or unwilling to make the hard decisions. It has been ineffective at cultivating future leaders. And despite a decade of criticism from stakeholders, it has failed to bring about real change.
Unless we do something about our leadership crisis, we will be unsuccessful in the years ahead. To usher NSA into a new era, you will need a firm foundation -- the skills of leadership and decision-making. These are the tools in your tool kit.
Establish leadership standards
1. Establish leadership standards and hold leaders accountable to them.
Establish leadership as a core competency; Identify and develop leaders
2. Establish leadership as a core competency at NSA and build corporate mechanisms to guarantee a supply of future leaders.
Mentor leaders
3. Provide outside mentoring to senior leaders and hold senior leadership accountable for mentoring and coaching junior personnel.
Make "change" a strategic goal
4. Identify as a strategic goal the ability to change in response to external demands. Hire a consultant from industry to shape the change management process.
NSA is not aligned to a corporate strategy -- because NSA has no corporate strategy.
"The reason why we can't get on with the business of the future is because we're an ad hoc organization. There's no way to drop any strategy into the institution as it exists today."
Like cars out of alignment, misaligned organizations quickly develop serious problems.
They are hard to steer and don't respond well to changes in direction. NSA is a misaligned organization. This finding underpins the entirety of this report and is fundamental to its message.
NSA lacks the foundation necessary to achieve strategic alignment. We have no strategic plan and business plan against which to align our budget, our workforce, and our organizational structure. Without these, we will not be postured for success in the 21 Century. The certain loser in such a scenario would be our ultimate customer -- the nation.
Lack of Strategic and business plans
The most consistent criticism cited during our research was the absence of an authoritative corporate NSA strategy and a supporting business plan. These are the basic tools for achieving strategic alignment. Previous efforts have failed because the plans focused on internal processes vice customer outcomes, the plans were never implemented across the organization and, perhaps most importantly, we delegated the effort to staff elements vice charging them to senior leadership.
Budget and workforce misalignment
The lack of plans has a domino effect: we cannot align our budget and workforce to a corporate strategy when none exists. We have fallen victim to the "activity trap" -- we have lots of teams working on lots of problems, but with no connection to a focused strategy.
Organizational misalignment
Likewise, our organizational structure suffers from our lack of a strategic and business plan. We identified a number of issues:
To fix our aligninent problems, we must address the lack of plans, the resulting misalignment of the budget and workforce, and our organizational structure.
Create a strategic and business plan
1. Task the Executive Leadership Team (ELT) to create and implement a strategic and business plan that are focused on customer outcomes and stakeholder expectations.
First, create the plans. Relieve the ELT from line responsibilities and devote them fulltime to completing these plans. As a necessary first step, task them to identify NSA customers by market segment and to engage customers and stakeholders in ascertaining NSA's unique value. Use this as a tool to drive the entire planning process. Hire an industry expert in business planning to mentor and coach the ELT through the creation and implementation of the plans.
Then charge the ELT with implementing and communicating the plans internally and externally. Hire a marketing expert to help with the communications strategy. As part of the implementation, have the ELT lead the development of hierarchical subordinate plans and then direct a scrub of all activities in subordinate organizations (an organizational "census"). Stop all efforts that do not line up with the plans.
Link resource allocation to the plans
2. Directly link resource allocation to the strategic objectives in the plans.
Task the Financial Management Officer (FMO) (see Resource Management section) to reexamine the budget (the CCP, the DCP, and the ISSP) to ensure that it is aligned with business plan priorities. Where it is not, have the FMO implement needed changes. The FMO should also establish metrics for linking spending and investment to the business plan.
Align our workforce to the plans
3. Ensure that the performance appraisal system requires alignment between work performed and the strategic and business plans. From yourself down, have each NSA manager establish position descriptions for all subordinate personnel -- the subordinates should not draft any input. The position descriptions must link work performed with the goals and objectives of the strategic and business plans. Task DDS to incorporate these position descriptions into the performance appraisal process such that they serve as the basis for all appraisals. (See Leadership section for linkage between these actions and the rewards system.)
4. Create and implement a workforce development strategy that is aligned with the strategic and business plans. As a necessary first step, task the ELT to identify and codify NSA core competencies. The development strategy should then balance the development, retention and growth of NSA core competencies with the use of outside expertise. (See Workforce section for related recommendations on developing core skills.)
Realign NSA's Structure
5. Realign NSA to maximize the efficiency and effectiveness of the core SIGINT and INFOSEC missions. Examine organizational constructs for NSA II.
a. Consolidate corporate service and governance activities and do not allow them to be "regrown" in the individual Key Components. Develop plans to centrally manage corporate service activities (space, protocol, etc.) and also corporate governance activities (policy, legislative liaison, etc.). The plans must delineate clear lines of authority and responsibility. Task the DDCM and DDS to do the former plan and the DDCM to do the latter.
b. Consolidate overlapping operational functions. Task DDO and DDT with a fundamental functional review of their organizations against the strategic and business plans to identify areas of overlap, as well as areas where complementary activities could benefit from closer association. Special attention should be paid to functions that are essential to NSA II. This recommendation is limited to SIGINT operations only.
c. Create a single, corporate customer service entity to ensure that customer needs are driving product and service delivery. (This recommendation is discussed in Customers, Partners, and Stakeholders.)
d. Create a single organization for SIGINT modernization. (This recommendation is discussed in Resource Management.)
e. In the longer term, examine structural options to posture NSA II for success in the global network.
Other Recommendations
4. [sic] Once the strategic and business plans are complete, follow through on the announced commitment to assign Chief N6 as the Corporate Communications Officer, full-time.
5. Define and develop the vision and strategy of NSA's integrated role in support to Information Operations.
We focus more on our own tradecraft than on our customers, partners, and stakeholders.
"NSA is important, but that importance has blinded NSA in looking outside itself All that matters is NSA and you've lost the ability to look at yourselves in the larger context.... "
Corporate America knows the keys to success:
These are lessons NSA has not learned. In fact, we've got it backwards. We start with our internal tradecraft, believing that customers will ultimately benefit. We try to control relationships with partners rather than creating win-win situations. And we treat stakeholders with suspicion, as if they're adversaries.
Our insularity came through loud and clear in our interviews:
We've got it backwards. We start with our internal tradecraft, believing that customers will ultimately benefit.
This attitude must not be tolerated. We must recognize that our customers, partners, and stakeholders are key to our future success -- without them we will not prosper. We must put customers at the front of the train rather than the back, and we must create a corporate strategy to manage each of our external relationships and to ensure that we speak with a single voice.
Develop a customer strategy
1. First, task the DDI and DDO to develop a corporate strategy for managing customer relations.
Ensure that the strategy is linked to the NSA strategic and business plans and that it focuses on satisfying our customers' needs. To implement:
Develop a partnership strategy
2. Then develop a corporate strategy for managing partnerships.
Task the ELT, the DDT, and the DDCM to identify existing and potential partners, to create a strategy for managing all partnerships, and to develop metrics for determining the health and effectiveness of the partnerships. Assign each ELT member responsibility for specific partnerships as appropriate.
Develop a stakeholder strategy
3. Finally, task the DDCM to develop a corporate strategy for managing stakeholder relationships.
Ensure that the strategy provides mechanisms for communicating to stakeholders clearly and openly how well we're satisfying customer needs, whether we're using our resources efficiently and effectively, how well we're meeting stakeholder expectations, and to what degree we're providing unique value to the nation's interests
Resource inanagement is out of controh We cannot account for how we use our resources.
"... in industry, you plan then finance. In government, you finance, then plan."
In today's world of declining budgets, we must be willing to make the hard choices. Unfortunately, we lack the skills, tools, and culture to do so: we do not have the business expertise to implement sound resource management practices, and we do not have an infrastructure capable of providing resource data to support decision-making. While several initiatives (ABC, MATRIX, UFAC, and UCIS) are steps in the right direction, we have no overarching strategy for resource management. In short, our resource management process is broken. As evidence of this, we heard the following concerns in interview after interview:
We do not have the business expertise to implement sound inanagement practices...
We must solve these problems. Now more than ever, our success depends on our ability to manage resources smartly and efficiently.
If we are to succeed, we must first articulate a business plan (see Strategic Alignment) and then put into place a resource management strategy to support it. We must clearly state how we are spending our dollars and manpower and for what purpose. We must ensure that mission drives the budget rather than vice versa and that cuts to mission be considered only as a last option. We believe the following recommendations will help us achieve alignment with our strategy, instill sound business practices, and capture the money our stakeholders claim will be there.
Fix resource management
1. First, we must fix resource management. Specifically, we recommend that you:
Get systems development under control
2. Next, get systems development under control and restore financial and management discipline.
We must make development efforts consistent with the strategic plan, deconflict duplicate efforts, and bring developers and users together to ensure that the "right" solutions are developed. Specifically:
Form modernization organization
3. Finally, get the modernization program on track -- form a relatively small but powerful PMO for modernization.
The PMO, which would be jointly manned by DO and DT personnel, would define requirements, control all modernization and development funds (to include "upgrades"), have systerh engineering responsibility (access through dissemination), and have the authority to task any NSA organization directly. Identify the effort as a strategic imperative With the appropriate NSA priority, funding, and elite staffing. The resulting organization must have the concentrated authority of a classical PMO but operate with the speed and flexibility needed to remain abreast of rapidly advancing technology.
Other Recommendations
4. Create a contingency reserve fund that will allow NSA to respond quickly to crises or operational opportunities. Use of this fund would be at your discretion but would be restricted to unforeseen funding needs; it could not be used to correct programmatic oversights or cost overruns.
5. Consider implementing a working capital fund. Here's how it would work: activities not financed through appropriations could bill other parts of NSA or other government agencies for the services they provide. The income would go into the working capital fund to pay operating expenses for the activities. Unlike appropriated funds that revert to the Treasury if not spent, the working capital fund stays in place indefinitely -- meaning that surpluses can be used to "build the business." Such a set-up allows the directorates to "buy" the services necessary for their operations and "invest" their savings as they see fit. This encourages the service provider to deliver an improved service and to strive for efficiency. It also saves money for mission requirements.
6. Work with industrial partners to address Congressional and industry concerns on NSA's use of contractors.
Our workforce is not prepared for thefuture.
"The pointy end of the spear is the analyst. The rest of the organization needs to rally to that idea. The support tail shouldn't wag the mission dog."
NSA's efforts to shape the workforce over the past 10 years have been driven more by the need to reduce it's overall size than the critical need to balance and nurture skill-sets we must have to succeed in the years ahead. As a consequence, our workforce suffers serious shortages in essential skills; training opportunities continue to diminish; authorized hiring continues at a trickle even while significant retirements are forecast over the next 5 to 10 years; and employee pay consumes ever larger portions of the NSA budget, crowding out monies needed for investment and modernization.
NSA's success in providing and protecting information in a world of ever challenging global telecommunications will fundamentally depend on its ability to field a talented workforce whose skills keep pace with technology trends. Competition between NSA and the commercial sector for these skills will be especially keen and NSA must aggressively explore all options for creating and sustaining the workforce it must have to succeed in the 21st century.
Revise pay system
1. Revise our pay system to attract and retain needed skills.
Develop workforce skills
2. Develop skills in our present workforce to meet current and future mission needs. Expand the "cryptologic reserve" of retirees to augment the workforce during crises.
Other Recommendations
3. Limit NCS training to core cryptologic skills. Use external sources for all other training.
4. Align the hiring program with future skill needs based on current and future needs. Match hiring to the requirements articulated in the business plan.
5. Increase collaboration opportunities internal and external to NSA: Task the Key Component Chiefs to take advantage of existing personnel exchange programs with industry. govemment. and academia. Task the CIO to provide access to a knowledgesharing tool and to the Internet to facilitate cross-organizational and external collaboration.
We have recommended that you undertake a number of initiatives aimed at fixing the basics of the NSA institution. There are also a number of practices and processes that should be stopped immediately. Our selection of the items below is based on focusing our resources in alignment with NSA's corporate strategy and business plan by stopping, for the short term, activities that drain energy, labor and dollars from serving our core missions until that alignment can be accomplished.
1. Abolish all senior personnel boards and make senior promotions and job placement the job of the senior leadership team. You currently have approximately 45 seniors and a number of dedicated support personnel tied up for significant periods of time in senior personnel activities. You have no strategy or plan for senior personnel development and succession planning. Develop the plan and make implementation the job of senior leadership. Allow only one senior personnel board to be formed. Do not allow the subordinate boards to be "regrown".
2. Scrub completely the list of "senior positions" and stop selecting people to fill them based only on rank. If the position is needed, then we should be most concerned about putting the right person in the job, vice putting a senior in a job because of tradition, Put the best qualified person in these jobs, even if they are "junior".
3. Abolish Agency-level promotion boards and return promotion authority to the Key Component level. The existing promotion process consumes almost all the time of approximately 30 people (seniors and our highest potential 15's, and dedicated support personnel). The "value-added" of this expenditure of time is questionable, at best.
4. Within one week each Key Component should be directed to eliminate all working groups and committees where a single individual could make decisions, and also eliminate those that are not critical to performing the SIGINT and INFOSEC missions. NSA has too many working groups and committees. Senior leaders (not committees) need to make the hard decisions that need to be made. The workforce needs to apply their talents to the core mission, and not spend time commuting to and attending meetings.
5. Stop the ongoing review of the NSA leadership curriculum until the leadership competencies we require in our institution are defined and aligned with NSA's corporate strategy and business plan. NSA has never embraced leadership and management as core competencies -- they are not designated NSA career fields, nor is even minimum training required to occupy leadership or management positions. While we applaud the desire to review the curriculum, we argue that NSA does not have the skills or background necessary for success. Moreover, NSA does not need to develop its own curriculum. We recommend that NSA examine the courses available in private industry and in the government, and adopt/adapt their use rather than developing all homegrown management and leadership training.
6. Stop initiation of any new programs or initiatives (other than organizational consolidations related to support or corporate governance processes) until business planning is complete, and budget and labor appropriately aligned to support it.
Corporate governance is the process by which an organization governs itself. An effective governance process features a clearly defined set of authorities and a well-understood process for making decisions.
We spent considerable time discussing the merits of a fundamental restructuring of NSA. We concluded that while such a restructuring will eventually be necessary, it is secondary to solving the root causes of our problems-lack of decision-making [governance], lack of leadership, and lack of strategic alignment. We recommend several short-term organizational changes that we believe are essential to preparing for the transformation to NSA 11, and we offer several options to consider as you plan for NSA II. See the appendix for a list of organizing principles.
Appendix A - (U) Organizing Principles
Appendix B - (U) Detailed Recommendations
Appendix C - (U) Process Matrix
Appendix D - (U) The Charge
Appendix E - (U) Methodology
Appendix F - (U) NETeam Standard Interview Questions
Appendix G - (U) Bibliography
Appendix H - (U) List qf Interviewees - note: appendix removed due to specific Agency employee names.
Acknowledgments
First and foremost we extend our warmest thanks to the hundreds of cryptologic professionals who steered our efforts through e-mail, interviews, and dozens of high-quality studies produced over the past decade. We are equally indebted to the Defense and Intelligence Community senior leadership, to our congressional stakeholders, and to the NSA senior leadership for the time they devoted to our efforts in the form of personal interviews. Their perspectives, dedication, passion, and candor were both sobering and uplifting. Their contributions shaped our thinking and our report. We hope we have done them justice.
A special note of thanks goes to:
The Executive Director and the Director of Corporate Management for ensuring that we had the support we needed to complete our work. Our thanks to you both and to your staffs.
The IOTC for their hospitality and marvelous support over the course of the study. We are indebted to each and every one of you.
(The administrative support personnel) who kept us on track and on schedule and served expertly as our morale officers. We would follow you anywhere, and not just for the chocolate!
Our mentors, (two names). Your wisdom and patience as we struggled with our task were an inspiration to us all. Thank you for keeping us focused on the task at hand.
(one name) our indispensable recorder, editor, and layout expert. You were also our conscience. When we got carried away with "admiring the problem," you called us on it. You have our deepest respect, admiration, and gratitude.
[2 pages.]
The merits of a fundamental restructuring of NSA were the subject of considerable NETeam research and discussion. While the results of our work suggest that such a restructuring eventually will be necessary, the NETeam believes that the issue of structure is secondary to our fundamental problems: lack of governance, lack of leadership, and lack of strategic alignment. Indeed we believe that as these root causes are eradicated, the appropriate organizational construct will emerge naturally from what is put in place. We unanimously believe that much work and careful study needs to precede any radical structural changes to the institution. We strongly urge that we enter this examination prepared to accept and recognize if and when the culture is too strong to allow for the necessary transforination, and not licsitate to create a parallel organization to achieve it.
"NSA-2" is the shorthand the NETeam adopted to describe the transformation of NSA from an industrial age monopoly to an information age organization that has entered the competitive market place. What organizational changes we did recommend are those which we believe are essential to preparing for that transformation; they represent both answers to critical issues of today, and are essential to the success of the transformation. We made no recommendations aimed solely at fixing the NSA of today, as we believe the thrust of our efforts must be on building the NSA of tomorrow. We arrived at our organizational change recommendations within the context of larger discussions about the desired organizational attributes of "NSA-2". To aid in future work, we offer the totality of those organizing principles as follows:
1. NSA is a service organization. It applies its tradecraft in service of the security of the United States of America. NSA organizational behavior must reflect that of an institution that not only understands, but also is driven by the sacred trust the nation has placed in it.2. NSA must have a dynamic structure that readily organizes itself around problems and challenges rather than having a static form into which problems and challenges are force-fit. In such a structure ownership of physical assets (resources, space, etc.) is secondary to ownership of the problem's solution. NSA receives high marks for crisis response precisely because it adopts this operating principle during crisis periods.
3. NSA must clearly identify its lines of business (mission and enabling) and decide how to structure itself to optimize those lines of business.
4. NSA must separate current operations (product and service delivery) from investment activities (building future capabilities). Investment activities must have a beginning and an end. They must have milestone reviews, and be linked to the strategic and business plans.
5. NSA must appear as a single organization to our Customers, partners and stakeholders. NSA must deliver a single message to all in one voice.
6. NSA Must consolidate all non-core mission corporate support services and corporate governance processes and not allow them to be re-grown in individual business areas.
7. NSA must minimize the number of decisions made by task force and committee. This requires that lines of authority and responsibility be clearly defined. If "NSA-2" forms a committee or task force, the committee or task force must be addressing a truly cross-functional issue and be operating in an advisory capacity to a decision-maker.
8. All NSA organizations must recognize and embrace the fact that competencies necessary to them exist in other organizations (both internal and external), and leverage those capabilities, rather than trying to build their own organic, but redundant, capabilities.
[29 pages; footer dated 6/23/2000 4:29PM]
[Excerpts]
Decision Making
1. Replace the current SALT structure with Executive Leadership Team (ELT).
2. Create a governance process.
3. Create a management information system.
Leadership
4. Establish leadership standards and metrics.
Strategic Alignment
5. Create and implement strategic and business plans.
6. Implement and communicate the business plan.
7. Ensure that performance appraisal system requires alignment between work performed and the strategic and business plans.
8. Consolidate all corporate service and governance activities and do not allow them to be "regrown" in the individual Key Components.
9. Consolidate overlapping operational functions.
10. Assign Chief N6 as the full-time Corporate Communications Officer.
Customers. Partners, and Stakeholders
11. Develop a corporate strategy for managing customer, partner, stakeholder relationships. Create a single corporate customer service organization.
12. Adopt a tool to track and monitor customer relationships and manage service requests.
Resource Management
13. Fix resource management; begin with hiring a FMO.
14. Get systems requirements and development processes under control.
15. Institute specific measures to ensure SIGINT systerm modernization.
16. Create a Reserve for Contingencies
17. Establish a Working Capital Fund
18. Examine NSA's practices and policies regarding our use of contractors.
Workforce
19. Revise our pay system.
20. Develop skills in our present workforce to meet current and future mission needs.
21. Capitalize on external expertise as a force multiplier
22. Align the hiring program with future skill needs.
23. Divest NCS of non-core cryptologic training.
Decision Making 1: Replace the existing Senior Agency Leadership
(SALT) structure with a lean, authoritative, corporate decision-making
body. Designate the new body "The Executive Leadership Team" to
distinguish it from previous decision-making bodies.
Finding: The present SALT structure is not an effective senior decision-niaking body and is not aligned to underscore the primacy of NSA's core SIGINT and INFOSEC missions. As currently structured, the SALT does not allow senior leadership to focus on strategic issues. Instead, senior leadership spends most of its time managing day-to-day operations in their individual business units. Senior leadership focus must be shifted to: continually assessing NSA's business environment; engaging key customers, stakeholders, and partners; monitoring corporate performance; and providing strategic direction and redirection for the corporation.
Recommendations:
1. Replace the current SALT structure with the Executive Leadership Team (ELT).
- Appoint DIRNSA, D/DIR, DDO, and DDI as full members.- Designate DDT, DDS, DDCM, DCH/CSS, GC, FMO, and CIO as advisors.
- Designate DDT, DDS, DDCM as assistant Directors for Technology and Systems (ADT), Support Services (ADS), and Corporate Management (ADCM).
- Designate the Executive Director as the NSA corporate issues manager; he or she is to ensure that issues are properly framed for the ELT, set agendas, and record and monitor implementation of all ELT decisions.
- Use Joint Issues Board (JIB) to ensure full participation of our Service Cryptologic partners in NSA strategc issues.
- Mandate that the ELT spend the majority of its time on NSA corporate and strategic issues. Delegate management of day-to-day operations to subordinates.
- Appoint a senior technical director to provide unbiased technical advice to the ELT.
- Task the NSA Advisory Board (NSAAB) to provide regular structure support to the ELT on technical issues, business practices, and customer, stakeholder and partner relationships.
2. Take the following tactical actions to increase ELT effectiveness:
- Physically detach the DDO and DDI from their line organizations. Assign each full-time responsibility for strategic issues management.- Hire senior professionals from industry, academia and the media with specific business expertise to fill functional positions (such as the FMO) who can provide the expertise to the ELT to run NSA effectively and efficiently.
- Retain outside management consultants to mentor senior NSA leaders in the development of leadership skills and tools necessary to steer organizations in times of great change.
- Solicit stakeholder approval for a one-time extension of DIRNSA tenure to four or five years. Stakeholders would review DIRNSA performance at the end of three years, and approve or disapprove the extension based on performance. The key metric would be the scope and effectiveness of fundamental change at NSA.
Accountable Authority: DIRNSA
Timeline: 30 days
Decision Making 2: Create and codify a corporate governance process, and hold people accountable for adhering to it. Explicitly define authorities, roles and responsibilities.
Finding: NSA lacks a clearly understood governance process. Many can veto a decision or initiative, but it is not clear who can approve either. At the most senior level, our multiple decision-making bodies (SALT, SALT-plus, CIG, CMRG, ECMRG, etc.) result in confusion and paralysis.
At the same time, NSA has only one document that defines organizational roles and responsibilities at all levels of the institution -- the NSA Organizational Manual. That document is a collection of missions and functions statements written by individual organizations. Even a quick read of the document betrays confused lines of authority between and among organizations. There is no documentation that clearly describes authorities of the Central Security Service (CSS) and its roles and responsibilities relative to NSA and vice versa. The lack of a governance process results in duplication ofeffort, organizational confusion and cyniclsin, and has contributed to a culture of "shared helplessness" which prevents progress.
Recommendations:
1.Task ADCM to define the NSA governance process.
- Adopt industry's Table of Authorities (TOA) tool to accomplish (a TOA is a one-page description of authorities - See attached example).- Hire an Outside Consultant to guide the effort.
- Delegate decision-making authority, as a general rule, to the lowest level possible.
2. Make the ELT and the JIB the premier corporate decision-making bodies; define authorities.
- Ruthlessly scrub the list of othrr corporate decision-making bodies, strive to defer all corporate decisions to the ELT and JIB. if other bodies continue to exist, they must be essential to effective governance: define authorities.- Immediately abolish all corporate decision-making bodies that are not essential to effective governance (CIG, CMRG, FIRRG, ctc.).
- Do not allow corporate decision-making bodies to be "re-grown".
3. Propagate the governance process throughout NSA.
- Task ADCM to define the authorities of each of the deputy and assistant directors.- Task ADCM to lead a complete rewrite of the NSA Organizational Manual, desired outcome is a clear, concise, non-bureaucratic definition of NSA organizational roles and responsibilities.
4. Designate the Executive Director as the implementation authority for the NSA corporate governance process.
- E/DIR to establish, document, and implement the ELT decision-making process; the process should be built around structured argumentation which creates a decision audit trail that can become a historical record.- This is the principal responsibility of the E/DIR.
5. Task Deputy Chief CSS to define and codify the NSA, CSS, and SCE relationship in terms of specific roles and responsibilities.
- SCEs must be full partners in this effort.
Accountable Authority: DIRNSA, ADCM, DCH/CSS as specified
Timeline: Initiate in 30 days; complete in 90 days
***
Strategic Alignment 9: Consolidate overlapping operational functions and in the long term, examine structural options to posture NSA for success in the global network.
Finding: In the absence of strategic and business plans, it is difficult, if not impossible, to define the correct organizational structure for NSA. It is however, apparent through the comments of senior interviewees, that NSA is replete with mission, investment, alignment and partnership inefficiencies, and is not focused on a single corporate vision. A diffusion of roles and rcsponsibilities exists throughout NSA that causes unnecessary duplication of effort across multiple key components. In one interview, the respondent was very pointed: "where work (missions, roles, responsibilities, tasks, fiscal execution, etc.) is duplicated, someone needs to go out of business!"
Reconimendations:
Restructuring NSA is secondary to solving the root causes ofour problems (lack of strategic and business plans. lack of governance, little leadership, poor resource allocation, dissatisfied customers, stakeholders and partners, and unbalanced skills mix). As previously stated, we have no credible basis for recommending a specific organizational structure at this tirne because we have no starting point (i.e., the detailed Agency strategy and business plan) to guide, frame, weigh and decide the optimal structural option. We offer, however, the following wide range of options to be considered once the ELT reaches the point of discussing structure.
Option 1 - SIGINT Efficiencies:
- Consolidate and combine predominant SIGINT-related organizations with duplicative and/or similar management, operational, technical and/or functional activities and associated resources and budgets. This will bring authority, accountability, critical rnass and a single integrated and focused strategy to many of these disparate and competitive efforts. Determine core-staffing requirements for each and reinvest any resource savings back into the production of SIGINT.- Align the DO along Access, Exploitation, Production, and Dissemination processes.
Option 2 - Combined INFOSEC and SIGINT Efficiencies:
- Identify similar and/or duplicative management, operational. and/or technical activities and functions in the INFOSEC and SIGINT missions.- Consolidate and combine these similar/duplicated activities and functions. These newly combined organizations will report directly to both the DDI and DDO and provide the critical inass of talent and resources to bear on their combined goals. Determine core-staffing requirements for each and reinvest any resource savings back into the INFOSEC and SIGINT missions.
Option 3 - Completely Restructure NSA:
- Develop and implement a complete restructuring ofthe Agency built upon a single operations directorate that integrates the SIGINT, INFOSEC, and Support to Information Operations missions. One mission will emerge for NSA: vulnerability analysis.- Align all activities across the Agency to support the new operations directorate. Where possible, collocate technical developers with the mission elements they support to improve our agility, our mutual understanding of mission-related system functional requirements, the development and deployment solutions, and the timely insertion of needed technology on a scale critical to our future success.
- Create a separate, robust and fully funded Advanced Technology Directorate to focus on advanced research and leading edge technologies. This ensures focus on the future and balance between readiness and modernization.
Option 4 - NSA and Community-wide Efficiencies (Long Term):
- Identify NSA activities and functions duplicated in the DoD and Intelligence Communities.- Investiglate ways to reduce duplication and increase efficiency and effectiveness of NSA's contributions to the missions of the DoD and Intelligence Communties.
***
NSA does not speak with one voice to customers, partners and stakeholders.
We lack a single corporate external engagement strategy. There are more that
1,000 SIGINT and INFOSEC professionals deployed with custorner oruanizations,
but Our lack of strategy has limited the return on this investment. One
interviewee stated: "We need more representation in some places and we have
too much in others. We punish people when they go out, and we make it difficult
for people to come back." Internally, we have nurnerous "customer" organizations,
but we have failed to put our customers at the center of product and services
delivery. We are viewed as caring more about our internal processes than
about outcomes for our customers. We manage visits when we should be managing
relationships. The same is true of our relationships with partners and
stakeholders. As one stakeholder put it, "NSA relations with Congress are
broken." We frustrate our stakeholders with our insularity and confuse our
partners with our many voices. We must build our core processes to align
with customner, partner and stakeholder requirements and measure our success
by the impact we have for them. This involves much more than delivering a
product or semice. It is as integral to our business as is the development
of new technologies to exploit adversary vulnerabilities. It requires a
continuous commitment of time and energy and a complete refocusing of our
business processes.
***
Resource Management 14: Get the systems requirements and development process under control through a series of initiatives aimed at eliminating duplicative activities, restoring project management and financial discipline, and bring system developers and users together to ensure that the solution addresses the user's problem and is delivered on time. (Note: Throughout this recommendation, the phrase "systems development" includes in- house development as well as contracted systems acquisition activities.)
Findings: NSA no longer applies processes necessary to ensure that all systems development programs are consistently disciplined, efficient, coherent, meet the needs of the user, and are delivered on time and within budget. No formal process links all systems development activity with the Agency's strategic and business plans and investment strategy.
The current diffusion of responsibility throughout NSA for systems developments presents the strong possibility that the outcome will be fragmented systems solutions and point solutions. Descriptions of roles, responsibilities, authorities, and accountabilities are not accepted, understood, or practiced and therefore hamper efficiency and an effective partnership between the DT and its DO customers. No single focal point is responsible for technical planning from requirements through dissemination. and the lines of authority and responsibility among development organizations are unclear. Consequently, the approach is inefficient but is also certain to produce less than optimal end-to-end solutions. All of these risks are manifested in the current C2C/DNE program and are intolerable given the challenges of today's SIGINT mission and resource situation.
NSA technical systems provide the foundation for NSA's ability to deliver on its mission. The complexity of these systems and the speed at which targets change, dictate that NSA move to modern systern development processes which are timely, flexiblee, and ensure the product is the "right" solution to the user's problem. The DO and DT organizations must work closely together throughout the planning and systems development process to ensure accountability by the systems development organization for the system delivery on time and within budget. In fact, NSA's most successful progranis have been guided by joint management/development teams and this model needs to be adopted as the standard for all future technical developments.
Recommendations:
PROCESSES
1. Put NSA 5000 into effect as the official Agency Systems Development policy.
- Issue corporate guidance for compliance with the established requirements process as defined in NSA 5000 for all NSA systems development.- Task the DDCM with "approval-to-procced" authority for all systems development and the the release of dollars for execution to such approval. He or she must ensure that the process:
- Ensures all development cffiorts support the Agency strategic and business plans and instills discipline and governance for future developments to prevent a recurrence of the present inefficiencies and duplication.
- Reflects the prioritized requirements of the mission directorates (and NSA at large).
- Identifies and deconflicts potentially duplicative programs and ensure coordination with associated activities.
- Develops an efficient and timely corporate review, prioritization, and approval process.
- Instills discipline but minimizes bureaucracy and supports the rapid, flexible developments needed to maintain parity with target technology.
- Clearly defines responsibility and authority for projects and empowers the responsible teams to manage projects and deliver products with minimal interference and maximum accountability.
- Allows Chief of the PMO for SIGINT modernization to have an influential vote.
Accountable Authority: DDCM
Timeline: 45 days
2. Direct the DDO to disestablish the extant G, Z, and E-Group systems requirements processes and create a single DO process for identifying functional requirements needed to support all SIGINT production processes (requirements through dissemination).
- Ensure significant commitment of DO operational personnel resources to the process.
3. Direct the DDO and DDT to establish a joint planning process to evolve DO's functional requirements into development programs in accordance with priorities established by the corporate business plan:
- Build a new, organization focusing on all production processes.- Establish a team at the start of each new development composed of a DT leader and representatives of the M and/or W Group Target Offices.
- Require formal joint concurrence of appropriate DO and DT elements at major milestones during the development cycle and on the final deployment of systems or to conduct any operation (appropriate DO Production Manager will represent the DO).
Accountable Authority: DDO/DDT
Timeline: 45 days
ROLES, RESPONSIBILITIES, AUTHORITIES, AND ACCOUNTABILITIES
1. Direct the DDCM to enact into NSA policy the authorities, roles, responsibilities and accountabilities of each participant organization in the SIGINT systems development process, including the management of projects. At a minimum, this Policy should include:
For the DO:
- Authority and control over the budget for systems development activities that support their lines of business.- Specification of system functional and operability requirements, and mutually agreed-upon time frame and cost.
- Acceptance authority over systems to be installed.
- Overall performance oversight for project deliverables, quality and cost, and the responsibility of holding the systems development organization and program manager "accountable" for same.
- Responsible for establishing advanced analytic and customer development centers to team with technologists in the DT organization.
For the DT:
- Authority to execute and manage the budget for approved systems development projects.
- Authority and direction over required human resources whether or not others normally supervise them.- Responsibility for delivery and installation of system to specifications, on time, and within budget.
- Responsibility for providing technology innovation to its customer as a means to encourage creativity.
STRUCTURE - Consolidate all Agency SIGINT systems development activities in DT.
Accountable Authority: DCM, ELT
Timeline: 60 days
Resource Management 15: Institute specific measures to ensure SIGINT system modernization activities are consistent with an approved Agency strategy, and that interdependent development activities (both internal to NSA and contracted efforts) support a single end-to-end SIGINT modernization strategy and architecture.
Finding: NSA does not have a single, cohesive strategy or implementation plan for SIGINT modernization. Initiatives are fragmented and duplicative. Several ongoing interdependent activities (e.g., SMM, TRAILBLAZER, MASTERKEY, FIREPROOF, ITB, current C2C/DNE efforts) are not necessarily supportive of the same strategic vision. Responsibility for each resides in a different organization (E, Z, R, K, DGTP) and/or with a different person. The ADDT(M), T7, and T8 construct fails because it lacks the unified responsibility, authority, and resources and is separated from the production (DO) elements. Consequently, the viability and success of both current and future SIGINT efforts is at great and unacceptable risk.
The rate of progress to complete modernization planning and start implementation based on the 1997 UCA study is insufficient to keep pace with the target environment. Authority and responsibility for modernization remains diffused across DO, DT, and the UCAO (at least DGTP, E, G, K, R, T7, Z), and long-term planning is unlinked to current development activities. NSA must ensure that diffusion of responsibility does not result in a fragmented system of systems.
NSA attempted to address this issue in the early 1990's by creating Technical Director positions to perform cross-organizational coordination for all technical activities, especially modernization and systems planning functions that were consciously spread across several organizations. The Agency relied on the Technical Director community to eliminate duplication and to ensure that individual programs supported a cohesive end-to-end system. This process has essentially failed. The results are evident in instances of inefficiency, duplication, and fragmention with the most visible examples in critical future missions such as the Digital Network Exploitation arena.
While Technical Directors were created to be the first line of defense for horizontal coordination across organizations, NSA management is primarily responsible for this failure. Even when duplication was clearly identified (between K and Z for instance), management did not move aggressively to deconflict such activities. Assigning a single accountable authority for SIGINT modernization is essential to provide the top down and cross-organizational leadership needed to fix this problem.
Recommendations: ROLES, RESPONSIBILITIES, AUTHORITIES, AND ACCOUNTABILITIES
1a. Confer the following on the DO organization, as the customer of modernization products:
- Responsibility to define the functionality, usability, and operability requirements of all modernization activity.- Authority for the budget dollars (through the FMO) and for release to the systems development organization.
- Authority to hold the systems development organization accountable to agreed upon delivery of specified product, on time and within budget.
- Responsibility to establish acceptance criteria for and authorize installation.
- Responsibility to jointly plan and develop an overall strategy with the systems development organization.
1b. Confer the following on the DT organization as systems development organization and as the supplier of products to the user:
- Responsibility and total authority for managing and implementing the authorized systems development program and project.- Authority over the allocated budget and labor resources.
- Accountability for delivering the authorized products to specs, within budget, on time, as agreed upon.
- Ensure that critical end-to-end systems engineering is performed to ensure those interdependent developments form a cohesive whole.
- Define and enforce technical development, interface, and integration standards.
Structure:
OPTION I. Form a small but powerful DO/DT-PMO for modernization which implements requirements, controls all approved and authorized modernization and development funds (to include "upgrades"), has system engineering responsibility (access through dissemination), and independent tasking authority of NSA systems development work units in line organizations.
- Identify the effort as a strategic imperative with the appropriate NSA priority and funding, and elite staffing.- Give the Chief of the PMO direct access to the Director and oversight authority for all modernization efforts within the NSA SIGINT system.
- Assign the PMW with the authority to operate with speed and flexibility to maintain parity with target technology.
Accountable Authority: DDO/DDT
Timeline: 30 days
OPTION II: Using the "Saturn Plant" model, manage and implement the modernization program in a newly-organized and far larger organizational "spin-off' outside the current NSA structure.
Accountable Authority: DIRNSA
Timeline: 60-90 days
***
Resource Management 17: Determine the viability of a Working Capital Fund for NSA. If of merit, implement a pilot program within 12 months.
Finding: The Resource Allocation team finds the Working Callital Fund concept as recently deployed by the CIA/DA to be interesting enough to warrant further investigation for potential implementation at the NSA. The working capital fund is a mechanism federal agencies use for operations not financed with appropriations. Working capital funds receive payments for services rendered to other parts of the organization, or to other government organizations. The money is used to pay for operation's expenses; but unlike appropriated funds, money in a working capital fund can stay there indefinitely so that "surpluses" could be invested in trying to market the operation's services to new customers. Working capital funds have been set up in State Department, the Defense Department, the Department of Energy and a number of other agencies.
As a first step in business process transformation, the CIA/DA recently established the Working Capital Fund for the provision of support services to the mission directorates. Support services was about 30% of the Agency's budget. With a Working Capital Fund, the DA returned support monies previously used to support the mission directorates (DO, DI, DS&T) to the directorates and allowed them to "purchase" service from the DA or an outside source. Now that the DA competes with outside commercial vendors the directorate is encouraged to provide better quality service at a lower cost. An added benefit is that the mission directorates are now co-responsible for thinking how to deal with the shrinking Agency administrative service budget.
Recommendations:
- Review Lessons Learned from the CIA/DA. Engage with DOE, DOS and other agency which has implernented working capital funds.- Select two pilot programs for implementing Working Capital Fund. (note: CIA chose Logistics Operations Center and the Motor Pool). We recommend Project ASSURE and NCS be adopted as the pilot programs.
- Identify potential cost savings associated with implernentation of a Working Capital Fund.- Solicit support from Stakeholders and OMB.
- Implement pilot program.
Accountable Authority: FMO
Timeline: 90 days- 1 year (Research followed by Pilot Program
Implementation - 1 year)
Resource Management 18: Examine NSA's use of contractors with a goal
of moving towards using Contractors to provide solutions rather than human
resource support.
Finding: Our stakeholders do not understand or condone NSA's policies and practices regarding the use of contractors. Approximately 1500 contractor personnel are currently augn-nenting the DT workforce (800 are elsewhere in the Agency). Congressional and industrial critics of our business practices accuse NSA of using the contractor community as a source ofinanpower rather than as "solution provider," thus depriving the Agency of their major expertise.
Recommendation:
- Task the DDCM to chair a small group of NSA executives and several contractor executives to review NSA's use of contractors.- Develop a policy articulating the conditions under which it is permissible contractor personnel to be used to augment NSA developers.
Accountable Authority: DDCM
Timeline: 180 days
***
Workforce 20: Develop skills in onr present workforce to meet current and future mission needs.
Finding: We have an excess of outdated skills across many career fields at NSA. The recent Clapper Study on Digital Network Intelligence revealed we are ill-prepared to meet the challenges facing us today. The SSCI TAG Report also criticized NSA as "quite literally going deaf' concluding that we have fallen short in dealing with the challenges of the information revolution due in part to an inadequate technical staff.
Recommendations:
- Task the DDCM to "fence" the required funds to support the after-hours training program- Never sacrifice mission related training programs.
Accountable Authority: DDCM
Timeline: 60 days
- Task the Key Component Chiefs to submit annual requirements for after-hours training to the DDCM. The requirements must be aligned with the skill-development goals cited in the annual business plan.
Accountable Authority: Key Component Chiefs
Timeline: 60 days upon completion of the Strategic and Business Plans
- Task the DDS to eliminate the bureaucracy of the professionalization and technical track programs by creating a single program that continually develops the true technical skills required to successfully defend and exploit the digital intelligent network.
Accountable Authority: DDS
Timeline: 180 days
- Task the DDS to establish a civilian cryptologic reserve, composed of former retired civilian and military employees as well as retired industry experts who would volunteer to serve NSA for short periods of tirne in contingency or crisis.
Accountable Authority: DDS
Timeline: 60 days
- Task the Key Component Chiefs to assign senior technical personnel to mentor junior members of the workforce. This will ensure that knowledge is transferred from senior to junior personnel.
Accountable Authority: Key Component Chiefs
Timeline: 30 Days
Workforce 21: Use outside expertise as a force multiplier and a force for cultural change.
Finding: NSA is an insular organization which suffers from a "not invented here" syndrome. This tendency demonstrates itself both within NSA itself and in NSA's relationships with the outside world and results in inefficiency and waste. NSA must change that culture to be successful. We must create an environment that is more open to sharing, free of boundaries, and promotes knowledge sharing and continuous learning from all available sources.
Recommendations:
1. Task Key Component Chiefs to identify key NSA positions that could be filled by other than career NSA employees (e.g. Chief LAO, Chief Corporate Relations, FNIO, Chief Scientist, and Chief Human Resources).
- Task DDS and GC to develop appropriate mechanisms for filling identified positions.- Task DDS to establish processes for personnel exchanges from NSA to the private and public sector, and from the private and public sector into NSA. Ensure that the processes address the placement of the individual upon return to his/her home organization.
2. Task the CIO and the Corporate Knowledge Strategist to work with the Intelligence and Defense Communities to select a standard collaborative tool.
- Ensure that the tool has sufficient functionality for use with our customers, partners and stakeholders alike.- Do not select a "homegrown" solution. Adopt a standard commercial tool that provides the capability we need.
3. Extend knowledge sharing outside the walls of NSA by providing Internet access to each NSA employee.
- Task the CIO to create a plan for Internet access with a view toward "at the desktop" accessibility for all employees.- Embrace the use of the Internet as a force-multiplier for NSA; a means of creating numerous virtual centers of excellence with colleagues around the world.
Accountable Authority: Key Component Chiefs, GC, CIO, and Corporate
Knowledge Strategist, as specified.
Timeline: Identify positions and establish processes within 30 days;
implernent exchange in 180 days; internet access and collaborative tool in
180 days.
***
[Appendices C-F omitted here.]
[4 pages. Footer dated 9/28/2000 5:04 PM]
Approach
AT&T's Mission
Baseline Customer Satisfaction and Retention Research Highlights (1998/1999)
Biographies
CIA - Business Process Transformation by Kennedy School of Government (1999)
Clapper Study (Old - June 1999)
Clapper Study (New - August 1999)
Consolidated Cryptologic Program
Corporate Internal Communications (August 1998)
Combat Support Agency Support Team (CSART) Assessment of NSA/CSS (August 1999)
Combat Support Agency Support Team (CSART) Assessment of DIA (July 1998)
Congressional Budget Justification Book FY2000
CSE's SIGINT Re-organization - "Renewal" (13 September 1999)
CY-500 Report - "What's not working at NSA that will keep us from achieving NCS- 21?"" (May 1998)
Cryptology - (name removed) -"Every profession has its own jargon and cryptology is no exception. Here are a few of the basic terms we use."
DIAP NSFF Update (No date)
DIR Comments on Team's Progress
Director, Central Intelligence Agency Directive 7/3, "Information Operations and Intelligence Community Related Activities" (effective 1 July 1999)
Director, Central Intelligence Agency Directive 1/1, "Authorities and Responsibilities of Director CIA as Read of the U.S. Intelligence Community" (effective 19 November 1998)
Director, Central Intelligence Agency Directive 2/3, "Authorities and Responsibilities of the National Intelligence Council and the National Intelligence Officers (effective 27 May 1999)
Director, NSA Strategy Plan (July 1999)
Director, Central Intelligence Agency Strategic Intent for the U.S. Intelligence Community (March 1999)
DDO Thoughts on Strategic Issues for The Institution (April 1999)
Director, Notes from NSA Seniors
Director, NSA Policy Statement Concerning Congressional Notification (July 1999)
Employee Satisfaction Survey (1997)
Executive Order (EO) 12333 - "U.S. Intelligence Activities" (December 1981)
Herman Study - "Report on Systems Engineering at NSA" (October 1998)
Summary Notes on House Permanent Select Committee on Intelligence (HPSCI) Mark-up
FY-99 Conference report
FY-00 House Appropriations Committee (HAC) Report
FY-00 Classified HPSCI Mark-up
FY-99 Intelligence
Authorization Conference Report (November 1998)
HPSCI Mark-up
Ignitor Recommendations (August 1999)
Interagency OPSEC Support Staff - Fact Sheet
Interview Comments from (named removed)
NSA Joint Monthly Readiness Review (JMRR) (August 1999)
Job Satisfaction Survey
Key Questions - Strategic Planning Tool for a Competitive Organization - Environmental Scan
"Leading Change" by John P. Kotter
Layering Study
Leading Learning Communities: A Case Study of Organization Learning at EDS (June 1995)
Managing Professional Intellect: Making the Most of the Best by James B. Quinn, Philip Anderson, & Sydney Finkelstein (1996)
Mercer Report: Assessment and Recommendations Regarding NSA's Compensation System (February 1999)
NSA SIGINT Business Plan (July 1999)
NCS-21 (NSA Goals)
NSA Operations Capabilities Needs Plan (August 1999)
NSA Actions Resulting from Corporate Studies (May 1992)
NSA Charter (DoD Directive 5100.20) (December 1971)
NSAAB C2C Study: Input and Recommendation
NSA Response to Congressionally Directed Action (June 1993)
NSD-42, National Policy for the Security of National Security Telecommunications and Information Systems (July 1990)
One Team - One What? - (name removed) (August 1999)
Our Values - GE Leaders, Always with Unyielding Integrity
(name removed) Paper (from (name removed) to DIRNSA on 16 July 1999) - "Anticipation of Escalating Computer Network Operations Concerns"
Colin Powell Speech
Rogan Study (December 1991)
Runyan Study - "Cooperative Development Process" (May 1996)
Senate Select Committee on Intelligence (SSCI) Technical Advisory Group (TAG) Report (June 1998)
FY-00 Unclassified Mark-up w/Barr Amendment (Providing for Consideration of H.R. 1555)
FY-99 SSCI Mark-up - "Consolidated Cryptologic Program"
FY-00 SSCI Mark-up
FY-99 Classified Conference Report from House of Representatives - "Intelligence Authorization Act for FY-1999"
FY-99 Unclassified Conference Report from House of Representatives - "Intelligence Authorization Act for FY-1999"
DIRNSA Brief to HPSCI (June 1999)
HPSCI Budget Hearing on Signals Intelligence (March 1999)
National Decision - "Future of SIGINT and NSA" by (name removed)
NSA Strategic Plan (June 1996)
Presidential Decision Directive (PDD)/NSC-63 - "Critical Infrastructure Protection" (May 1998)
NSA/CSS Organization Manual (February 1997)
PL-100-235 - Computer Security Act of 1987 (January 1988)
Presidential Quality Award (PQA) Applicant Feedback (December 1997)
PQA Application and Information
PQA Feedback Report (September 1998
Rich Study (Robert E. Rich, Former DDIR) Study - "SIGINT Strategy for the Nineties" (September 1990)
Regional SIGINT Operations Center (RSOC) Study (March 1999)\
SINEWS - GCHQ Modernization and Change Program
Sloan Management Review Article - Strategy as Strategic Decision Making" (April 1999)
Strategic Plan - "How 3M Is Rewriting Business Planning (June 1998)
Strategic Planning Tools - "Organizational Processes Gap Analysis" (February 1999)
TARP Survey re: Future Customer Satisfaction and Retention Survey Research (June 1999)
Unified Cryptologic Architecture (UCA) - 2010 Presentation to George Tenet
UCA Operational Architecture (January 1998)
UCA Modernization Roadmap (work in progress) (August 1999)
UCA Modernization Roadmap I
UCA Modernization Roadmap 11 - "DIR 60-day Study Team Meeting (30 August 1999)
U.S. Cryptologic Stategy
- Preparing for the 21st Century
Return to Internal Report Page - Appendices
Transcription and HTML by Cryptome.