Title: Talking Points Topics Proposal

Release Date: 2014-06-18

Document Date: 2013-04-19

Description: This internal NSA briefing document from 19 April 2014 supplies background information for a Strategic Planning Meeting with senior BND officers to discuss future collaboration between Germany and the US: see the Der Spiegel article Spying Together: Germany’s Deep Cooperation with the NSA, 18 June 2014.

Document: TOP SECRET//SI//NOFORN

Talking Point Topics Proposai

Name and Title of Visitor: (U//FOUO) Hr. Dietmar E^^^^Bchief Analysis and Production,
German Federal Intelligence Service (BND) and Hr. Wilfriedf^^^|CZhief of Collection, BND,

Accompanied by: Hr. Dietmar Chief Analysis & Production, German Federal

Jncellmenc^iervice (BND); ^^^^^^^^^^Jchief of Station, German Embassy;

BND Liaison Officer, Washington; Representative,

Berlin

Date of Visit: (U) 30 APR -1 MAY 2013

Visit Background: (TS//S17REL TO USA, FVEY) Hr. E^^^and Hr. Hawaii be attending
the Strategic Planning Conference, the goal of which is to do planning for the German
partnership with NSA.

NTOC Topic(s): Computer Network Defense (CND) - Germany:

(5//REL TO USA, FVEY) Both German President Schindler, and BND SIGJNT Director, BG
continue to express a desire to increase CND engagement with the NSA. In addition,
they have already expanded their cyber collaboration with the Federal Office of Information
Security (BS1) and BfV by establishing theT4 (Cyber Intelligence) organization.

(S/REL TO USA, FVEY) As CND continues to be the focus of much discussion with NSA’s 3!d
Paity Partners, Germany is no exception. They continue to seek guidance and advice regarding
their CND effort. The T4 organization, although not expected to be fully staffed for almost one
year, is almost fully staffed. Of the ™150 positions within this newr organization, more than 130
are already filled and the remaining billets are to be filled by ‘hackers’, wrhoare still being
recruited.

(C REL TO USA, FVEY) In preparation for the 3 May visit by Dr. Maassen, Director BfV, Dr.
Massen’s office asked for NSA’s general assessment of the Mandiant Repoit and our comments
on the structure and responsibilities. No answer wras returned to BfV as this is supposed to be a
discussion topic during his visit. Regarding the Mandiant Report, NSA wras awrare of it prior to
its release, but NSA did not request its public release nor contribute to it. Notification of this
report to our SSEUR partners was given via S1GDASYS, prior to the release of the report.

(S/REL TO USA, FVEY) During a VTC held in early Fe bin ary with personnel from NTOC,
FAD, SUSLAG, BND, BSland BfV, several observations were made:

(S//NF)

• BND/BSl/BfV’s CND capability is unclear;

* NSA’s Defense Industrial Base (DIB) partnerships and howr NTOC gained cooperation
wras of interest to BS1;

Derived From: NSA/CSSM 1-52
Dated: 2007010S
Declassify On: 2032010B

TOP SECRET//SI//NOFORN

TOP SECRET //CO MINT//NO FORIN

* German law cuirently prohibits BND/BSl/BfV from doing ‘near real time1 cyber defense
activities;

■ NTOC provided a summaty of TUTELAGE and howr it is utilized on the NIPRNet wdthin
the mil space, and

■ NTOC requested follow' on information on Germany’s unique apertures for S1GINT, their
ability to consume NS A reporting/data, feedback on the reporting/data being provided
and defense and national level network technical information/archilectures.

LANDMINE: (S//NF) The potential analytic and operational mission cost for engaging writh the
Getmans appears to be much greater than the value gained by NTOC, NS A should continue to
track the Getmans’ progress and commitment before investing heavily in analytic and
operational exchanges.

WAY AHEAD: (S//NF)

* Continue to encourage BND/BSl/BfV to collaborate regarding CND;

■ Continue to assess BND/BSl/BfV’s capability for collection, analysis, and/or attribution
of cyber threat;

■ Continue to encourage BND/BSl/BfV to leverage S1GJNT to support CND;

■ Explore options for providing Lessons Learned on cyber technical, process, and training
topics that aid in the development of German S1GJNT support to CND, and

■ Offer selected brieffngVlessons learned discussions via a VTC later this year. Potential
topics include: TLTELAGE/DECS implementation, ESF program overview and
administration, methodologies for building intrusion sets (Diamond Model, etc.), and
lessons learned on operations/intrusion set development

NTOC Point of Contact: (S//REL TO USA, FVEY)
19 April 2013.

TOP SECRET //CO MINT//NO FORIN

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh