(Updated: March 9, 2023)
On February 21, the NSA's National Security Operations Center (NSOC) celebrated its 50-year anniversary. For this occasion, I will take a close look at a range of unique historic photos from inside this "Nerve Center of NSA".
NSA watch centers
At the US National Security Agency (NSA) there are two major watch centers operating on a 24 hours a day, 7 days a week basis:
- The National Security Operations Center (NSOC), established in 1973 for monitoring unfolding events and crises around the world, coordinating time-sensitive actions and providing actionable intelligence to military and civilian decision-makers.
- The NSA/CSS Threat Operations Center (NTOC), established in 2004 for real-time situational awareness of cyber threats against US computer systems and coordinating both defensive and offensive Computer Network Operations (CNO).
> See also: NSA's organizational designations
The history of NSOC
The various international crises in the 1960s, like the tensions in the Middle East, the Soviet invasion of Czechoslovakia, and the capture of the USS Pueblo, prompted NSA leadership to create separate offices for these geographic regions. The same events, however, demonstrated the need for immediate input from multiple offices to get a full understanding of what was happening around the globe.
Therefore, the National Sigint Watch Center (NSWC) was created in December 1968. But already during its set-up a major crisis evolved, when in April 1969 North Korea shot down a US Navy EC-121 SIGINT reconnaissance aircraft. Assistant Director for Production (ADP) John E. Morrison, Jr. was frustrated when he had to speed between various watch centers attempting to piece together a complete picture for military and policy leaders.
Major General John E. Morrison, Jr.
(photo via NCM)
(photo via NCM)
The creation of NSOC
After the EC-121 incident Morrison proposed, and eventually established, a single dedicated watch center to coordinate a rapid response of the NSA to incidents and crises. The new center began limited operations in December 1972 and was formally inaugurated on February 21, 1973, as the National Sigint Operations Center (NSOC).
NSOC (pronounced as "N-sock") was housed at the third floor of the east corridor in the OPS-1 building at the NSA's headquarters compound. OPS-1 is the large flat, three-story building which was built in 1957 as the NSA's very first building at Fort Meade, Maryland:
NSOC in the 1970s
How the National Sigint Operations Center initially looked can be seen in some great photos from the archive of the NSA's National Cryptologic Museum (NCM), which provide a unique look behind once tightly closed doors:
Entrance to the National Sigint Operations Center (NSOC), 1970s
(photo: National Cryptologic Museum)
(photo: National Cryptologic Museum)
Behind this door were the NSOC rooms, including its main watch floor, which consisted of a large open space with numerous desks. Despite the fact that almost all desks have a computer terminal, there is still a lot of paper present:
A view of the NSOC watch floor from its early days in the 1970s
(photo: NSA - click to enlarge)
(photo: NSA - click to enlarge)
It's not yet clear what kind of computer terminals we see on the desks, but one suggestion is that they might have been from Wang Laboratories. Terminals like these allowed NSOC officers access to (informal) teletype links with listening posts, query, update and maintain various databases and review time-sensitive reports. There was also a computer system called SOLIS (Sigint On-Line Information System) for rapid retrieval of SIGINT reports and requirements from the last 14 months.
The telephones right next to the computer terminal are Call Directors: the upper one in black with a keypad and 6 push buttons, the lower one is an older version in white with a rotary dial and 18 push buttons. The Call Director was manufactured by Western Electric from 1958 to the early 1980s and was the most advanced phone from its (largely electromechanical) 1A2 Key Telephone System. Here, one may have been used for secure and another one for non-secure calls.
The desk in the front of the photo even has a third telephone set of the common type from those days but without a rotary dial. Such a phone was usually used for a hotline or a dedicated alerting network, like the secure National Operational Intelligence Watch Officer's Network (NOIWON), which connects NSOC with other military and intelligence watch centers.
Adjacent to the large NSOC watch floor were separate rooms and spaces for specific purposes, like a conference room, a teletype printer room, some kind of map room, a control room and an office for the Senior Operations Officer:
The teletype printer room of NSOC in the 1970s
(photo: NCM - click to enlarge)
(photo: NCM - click to enlarge)
Some kind of map room of NSOC in the 1970s
(photo: NCM - click to enlarge)
(photo: NCM - click to enlarge)
More photos of NSOC can be found in the
photo database
of the NCM.
The organization of NSOC
The internal organization and the atmosphere of NSOC are described in a 2003 internal newsletter which was published as part of the Snowden revelations. At that time, NSOC consisted of 36 desks, with desk officers representing particular elements of the NSA, like collection and analysis units, field sites and Second Party partners. These officers, both military and civilian, work in eight-hour shifts in five rotating teams.
The most important position is the Senior Operations Officer (SOO) who acts as the NSA Director after-hours. To stay abreast of recent reporting and dissemination issues, the SOO relies on the Reporting Cell, which consists of the Reporting Officer (RO) and the Senior Reporting Officer (SRO), who "work intimately with other desks to ensure that authorized customers receive needed intelligence legally, securely, reliably, accountably, and on time."
The Surveillance and Collection Officer (SCO) focuses primarily on operational and technical matters related to the over-all SIGINT system. Other positions are or were the Operations Support Officer (OSO), the Systems Officer (SYO), the Communications Watch Officer (CWO) and the Information Service Officers (ISO).
SRO desk sign on the ceiling of the NSOC watch floor
NSOC in the 1980s
In January 1981, NSOC played a critical role during the Iran hostage crisis when president Jimmy Carter spoke directly with the SOO asking questions about NSA's collection capabilities and Iranian air traffic control tower procedures. Carter insisted that the line with NSOC be kept open so he could follow the progress of events in real time. Even as he was riding to the Capitol, the link with NSOC was reestablished in his car and an aide maintained contact at the Capitol throughout Carter's inauguration ceremony.
In the late 1980s the NSOC watch floor looked much more orderly, with the large watch floor being divided into the ubiquitous office cubicles, each with a MINX workstation with a handset attached to it as this system allowed video calls already (see below):
The NSOC watch floor, August 1988
(photo: NSA - click to enlarge)
(photo: NSA - click to enlarge)
Besides the large watch floor, there appears to be a watch floor in a narrower sense as well, as can be seen in the following photo which was on display in the National Cryptologic Museum and is available at Wikimedia Commons:
The small NSOC watch floor in the early 1980s
(photo: National Cryptologic Museum - click to enlarge)
(photo: National Cryptologic Museum - click to enlarge)
According to the description provided by the National Cryptologic Museum, this photo shows the "NSOC watch floor circa 1975". The computer, however, can be identified as an IBM 5150, which was launched in 1981. This means the photo cannot be from the 1970s, but must have been taken in the early 1980s. Still from the 1970s, however, are the two Call Director telephone sets on the left side of the desk.
Wikimedia Commons has another photo of the small NSOC watch floor, which the National Cryptologic Museum said is from around 1985, but is actually from the late 1980s:
The small NSOC watch floor in the late 1980s
(photo: National Cryptologic Museum - click to enlarge)
(photo: National Cryptologic Museum - click to enlarge)
Here we see a wall covered with large and small monitors and computer screens for various kinds of (real-time) information systems, which are marked on the photo that was on display in the NCM.
Compared to the previous picture of the small watch floor, we see that the old Call Directors had been replaced by black and white multiline office phones from ITT which still worked via the 1A2 Key Telephone sytem.
Job openings indicate that COASTLINE is some kind of messaging system, while MINX stands for Multimedia Information Network Exchange, which was the first workstation that combined a camera and speakerphone with a high-resolution-color video graphics display screen. This system had been introduced in 1985 by Datapoint Corporation with a pricetag of almost 9.000 US Dollar for a single workstation.
Close-up of a MINX video terminal from another photo
(photo: National Cryptologic Museum - click to enlarge)
(photo: National Cryptologic Museum - click to enlarge)
NSOC in the 1990s
Over the years, NSOC was able to assume a wide range of functions in NSA's daily operations and had become the focal point for crisis response at the agency. However, since operation Desert Shield in the early 1990s, the practice of convening special cells tailored to particular crises became standard.
The National Sigint Operations Center was renamed into National Security Operations Center (NSOC as well) in 1996, when it became responsible for the information security side of the NSA as well. Since then, NSOC included specialists who monitored critical networks for indications of hostile threats and intrusions, a function that was taken over by the newly created NTOC in 2004.
From 1997 we have the first video footage of the NSOC watch floor, when it was filmed for the Discovery Channel documentary "Inside the NSA":
A still from this documentary allows a closer look at the telephone and computer equipment used at that time:
On the right we see a SPARCstation, a very popular type of desktop computer that was introducted by Sun Microsystems in 1989.
The telephone set on the left is a beige office phone manufactured by Comdial as part of its ExecuTech electronic key telephone system. The NSA uses these devices on the National Secure Telephone System (NSTS), which is a stand-alone network for secure calls up to the level Top Secret/SCI. NSTS phones are also known as "gray phones" despite the fact that the actual instruments have a different color (non-secure phones are called "black")
Next to the Comdial phone sits a white AT&T 1100 secure telephone from the STU-III family, which can be used for encrypted phone calls to anyone who is not connected to the NSTS, but also for regular unclassified conversations over the public switched telephone network (PSTN).
Close-up of a Comdial ExecuTech phone elsewhere at NSA
(click to enlarge)
(click to enlarge)
After NSA Director Michael Hayden had seen the 1998 Hollywood movie Enemy of the State, in which the NSA was depicted as a rogue agency trying to kill people, he launched a PR-campaign which resulted in the History Channel documentary "America's Most Secret Agency" which was aired in the year 2000 and for which filmmakers had once again been allowed access to the NSOC watch floor:
The alerting function of NSOC was described by James Bamford in his bestseller book Body of Secrets from 2002:
"Of special significance is the capability to instantly display CRITIC messages on screen. Critical Intelligence reports are of the highest importance, and the CRITIC system is designed to get them to the president in ten minutes or less from the time of an event. When Saddam Hussein pushed into Kuwait in 1990, for example, the first alert came in the form of a CRITIC. The issuance of a CRITIC is instantly noted in the National SIGINT File by a flashing message in the top left corner of the screen." (p. 516)
"If a listening post suddenly picks up an indication of a far-off assassination, or a sudden attack by Russia on a neighboring republic, a CRITIC message containing that information will be flashed immediately to the NSOC. Shortly after the USS Cole was attacked by terrorists in the port of Aden in October 2000, a CRITIC was zapped to the NSOC. Within minutes of the early morning message, a call was placed to the director, Michael Hayden." (p. 501)
This CRITICOMM system had become operational in 1961 and consisted of a worldwide network of relay centers which automatically put through the messages to the NSA. Encryption was initially performed by KW-26 machines.
NSOC in the 21st century
The first photo from NSOC in the 21st century can be found on Wikimedia Commons again and shows a visit by NSA Director Hayden somewhere in 2001:
NSA director Michael Hayden visits NSOC, 2001
(photo: National Cryptologic Museum - click to enlarge)
(photo: National Cryptologic Museum - click to enlarge)
With the many screens on the wall, the photo apparently shows the small watch floor with modernized equipment. A whole range of digital clocks show the time in the many regions of the world where the NSA was interested in: Bosnia, Iraq/Saudi Arabia, Mogadishu, Moscow, Afghanistan, Pakistan/India, Tajikistan/Kyrgyzstan, Jakarta and Seoul.
On the left we see a glimpse of two phones: the upper one being the Comdial ExecuTech for the NSTS network, the lower one appears to be a black Motorola Sectel 1500 which is also from the STU-III secure telephone family.
The 9/11 attacks
During the attacks of September 11, 2001, the NSA headquarters complex at Fort Meade was evacuated. All nonessential personnel was sent home immediately, while the remaining mission-essential personnel was moved out of the tall black-glass cubes of OPS-2A and OPS-2B into the less-vulnerable three-story OPS-1 building.
"At the direction of Richard Berardino, the chief of NSOC, his thirty analysts and reporting officers began rapidly compiling whatever information they could brief Hayden and the agency's senior officials about what had just transpired. Other NSOC staffers began systematically going back over the past several days' worth of SIGINT reporting to see if anything had been missed that might have given any warning of the terrorist attacks. They found nothing." *
After the NSA was fully up and running again, NSOC "was converted into a war room. Superfast CRITIC messages began going out to field stations around the world every time a new piece of the puzzle was discovered, such as the names of the hijackers obtained from the passenger manifest lists." *
An alternate NSOC in Georgia
In July 2006, high temperatures and problems with Baltimore Gas and Electric power generation caused server and communications failures around the NSA's headquarters complex. This resulted in a critical limitation in NSOC's ability to dispatch CRITIC messages to the US Intelligence Community.
This prompted the first ever activation of the alternate NSOC (codenamed DECKPIN) at the NSA's regional cryptologic center in Georgia, which had been created to take over critical NSOC functions, should the Fort Meade facility lose its ability to operate. After two days, NSOC at NSA headquarters was able to resume its activities again.
A modernized watch floor
Somewhere before 2012, the large NSOC watch floor in the old OPS-1 building was modernized and give a more futuristic look with a long wall filled with video screens and some spaceship-like elements, as can be seen in a photo that was released on the occasion of the NSA's 60th anniversary:
The NSOC watch floor in 2012
(photo: NSA - click to enlarge)
(photo: NSA - click to enlarge)
Another angle of this new watch floor was shown in the CBS 60 Minutes report "Inside the NSA" from 2014:
The NSOC watch floor in 2014
(still from CBS 60 Minutes - click to enlarge)
(still from CBS 60 Minutes - click to enlarge)
A close look shows that the beige Comdial ExecuTech phones for the secure NSTS network had been replaced by white Nortel M3904 executive office phones:
A Nortel M3904 phone from the NSTS network
Moving to the Morrison Center
By the end of last year and after almost 50 years, NSOC left its rooms in the old OPS-1 building and moved to a brand new office building on the NSA's East Campus. This new building is called the Morrison Center, named in honor of John E. Morrison, Jr., who proposed and established NSOC back in 1973.
Besides NSOC, the seven-story Morrison Center includes a multipurpose conference center, a modern fitness center, a 24/7 open-concept cafeteria, gender-neutral single-user restrooms, modernized sit/stand desks, and larger windows. The building was designed with a strong emphasis on accessibility, so it's the first NSA facility with touchless door activators.
The new Morrison Center at the NSA's East Campus
(photo: NSA.gov - click to enlarge)
(photo: NSA.gov - click to enlarge)
In the Morrison Center, NSOC now has a very spacious watch floor that looks even more futuristic than the previous one in the OPS-1 building, as we can see in two photos which the NSA released in October last year:
The current NSOC watch floor in the new Morrison Center
(photo: NSA - click to enlarge)
(photo: NSA - click to enlarge)
The SOO-pit at the NSOC watch floor in the Morrison Center
(photo: NSA - click to enlarge)
(photo: NSA - click to enlarge)
The new NSOC watch floor has huge video screens along the wall and each workstation is equipped with multiple computer screens and a KVM-switch to switch between physically separated computer networks at different classification levels.
Each workstation also has at least two Cisco IP phones from the current 8800 series, one for the secure NSTS network and another one for a (classified) telephone network depending on the desk officer's mission needs.
Links and Sources
- NSA.gov: NSA's National Security Operations Center celebrates 50 years of 24/7 operations in service to the Nation (Feb. 21, 2023)
- NSA.gov: NSA opens an innovative workplace for critical missions focused on the future (Nov. 17, 2022)
- WashingtonTimes.com: NSA’s new ‘nerve center’ ready to scan the world for threats to America (Oct. 25, 2022)
- NSA.gov: NSA 60th Anniversary Book (2012)
- James Bamford: Body of Secrets: Anatomy of the Ultra-Secret National Security Agency, Anchor, 2002, p. 501-502.
- Cryptologic Spectrum: The National SIGINT Operations Center, Summer 1979, Vol. 9, No. 3.
