Skip to content
SPECIAL

THREATS TO CRITICAL INFRASTRUCTURE IN IRAN CONFLICT

READ MORE

NSA’s Cyber Collaboration strategy is quietly disrupting China’s operations – and scaling real defense

(McCrary Institute)

By Don Kauffman

For all the talk of public-private partnerships in cybersecurity, the National Security Agency is one of the few U.S. government agencies turning that rhetoric into operational reality – and doing so at a scale that’s starting to pay off.

Kristina Walter, director of the NSA’s Cybersecurity Collaboration Center, offered a rare behind-the-scenes look at how the agency is working directly with private companies to detect threats, block attacks and prepare for the next wave of disruption. What emerged from her conversation on Cyber Focus wasn’t a policy vision – it was a running operation.

The Collaboration Center, launched in December 2020, was created to close one of the most dangerous gaps in cybersecurity: the mismatch between NSA’s foreign intelligence insights and the domestic visibility held by private infrastructure providers. Now, nearly five years later, that collaboration is proving essential in confronting China’s evolving cyber operations.

“We’ve enumerated 300,000 nodes that we see China using targeting the United States,” Walter said.

Those nodes aren’t in Beijing – they’re compromised home-office routers in the Midwest, university systems and other low-visibility U.S.-based infrastructure. One such campaign helped expose a previously unknown zero-day vulnerability.

“We found it in about two weeks of the start of exploitation,” she said. “And were able to get out the hunting and the detections while the patch was being worked.”

That kind of speed is rare. Walter credits it to trust built in advance – not just between NSA and individual companies, but across a growing network of over 1,500 partners.

“You can’t surge trust in a crisis,” she said.

The model extends beyond threat detection. NSA is now providing free cybersecurity services – including protective DNS – to small defense contractors. That service alone has blocked 4 billion malicious domains, including 500 million flagged by NSA’s own intelligence.

“We are blocking botnets, ransomware, malware, command and control before [employees at enrolled companies] can even visit the site,” Walter said.

The Collaboration Center also houses NSA’s AI Security Center, which works with private labs to secure advanced models and track misuse. And it’s helping lead preparations for the post-quantum era.

“When we talk about a cryptologically relevant quantum computer, it’s really [a question of] when, not if,” Walter said.

For an agency known for secrecy, the CCC is a shift. It’s not just sharing information – it’s enabling coordinated action.

That approach was critical in NSA’s response to Volt Typhoon, a Chinese campaign that embedded itself deep within U.S. systems using “living off the land” techniques – blending in with normal IT activity to avoid detection.

“Our focus was … how do we expose this tradecraft of living off the land … and really unleash the cybersecurity community in the United States to find it and eradicate it on the U.S. government’s behalf?” she said.

As foreign adversaries grow more persistent and better resourced, Walter said the stakes are only rising: “This is a race we cannot lose.”

Click to listen highlighted text!