The federal government has awakened to the urgency of cybersecurity and responded with new agencies, appointments, and appropriations.\u00a0 It\u2019s an unsurprising flowering of bureaucracy, but it can make for a big picture that is hard to see.\u00a0 Here is a high-level look at these offices and organizations and the roles they play.The NSAThe National Security Agency is the grandaddy of cybersecurity organizations.\u00a0 President Harry Truman created it in 1952 as an ultra-secret organization.\u00a0 It grew out of military intelligence capability forged during WWII to handle signals intelligence (SIGINT) and information security (INFOSEC).\u00a0 These are understood today as the twin goals of cyberspying and cybersecurity.\u00a0\u00a0As the world careened between global conflicts, the NSA enjoyed a period of rubber stamp budgets and anonymity.\u00a0 For a long time, the NSA was jokingly referred to as \u201cNo Such Agency\u201d, so shadowy that it was not officially revealed until 1975.That has changed as over half a century of controversy brought abundant attention to the organization.\u00a0 The NSA was explicitly intended to monitor only foreign communications (as spying on US citizens is a violation of the Constitution), but during the Vietnam war it was revealed in the Church Hearings that the NSA had been monitoring antiwar activists\u2014this included some prominent citizens, including Mohammed Ali and Martin Luther King, Jr.This overstep led to the Foreign Intelligence Surveillance Act (FISA) of 1978, but the NSA wasn\u2019t done with these kinds of troubles.The NSA, in its role of protecting communications ran into conflict with cryptographic innovation in the 70s and 80s.\u00a0 With the introduction of Diffie-Hellman public-key cryptography in 1978, the battle between preserving private communication and government\u2019s ability to listen in has been largely in favor of the former.In the 2010s, the NSA again became the center of attention in its role of spying on people and things it shouldn\u2019t.\u00a0 Its Prism program, which apparently allowed for spying on American citizens\u2019 communications via email, phone, and social media ran afoul of civil protections.\u00a0 These revelations were part of the widely publicized WikiLeaks, Edward Snowden affair.In response to this, the NSA has since undergone a PR overhaul including public outreach efforts. Like the IRS, improbably transforming its image from implacable machine to benevolent institution concerned with customer service.\u00a0 They even do presentations now.In 2018, Congress confirmed General Paul M. Nakasone as head of the NSA.\u00a0 He recently described the US cyber defense posture, not surprisingly devoting a fair amount of space to the unfolding situation in Ukraine, but also touching on strategic highlights such as Iran, North Korea, ransomware, and election security.\u00a0 With respect to China, he makes the interesting observation that \u201cChina is our pacing challenge, which I see as both a sprint and a marathon.\u201dU.S. Cyber Command (CYBERCOM)CYBERCOM is the NSA\u2019s sibling in the defense department, headquartered alongside the NSA at Fort Meade.\u00a0 CYBERCOM was founded in 2009 and is a unified combatant command, the highest division within the U.S. military.\u00a0There has been talk of separating the NSA and Cyber Command, but at this time they remain under a unified command, currently General Nakasone\u2014known as a \u2018dual-hat\u2019 arrangement.What is the difference between the two organizations? Given that the organizations are so steeped in secrecy, the difference is hard to determine exactly.\u00a0 The NSA and Cyber Command operate (largely) with different legal authority, the former under Title 50 intelligence and the latter under Title 10 military authority.\u00a0 This difference seems to be reflected in a more offensive-leaning posture to CYBERCOM.\u00a0Although the mission statements for the NSA and CYBERCOM both read as similar\u2014bland, yet encompassing descriptions of almost any kind of virtual activity\u2014there is a subtle difference.For example, CYBERCOM has this to say: \u201cUnited States Army Cyber Command directs and conducts integrated electronic warfare, information and cyberspace operations [...] through cyberspace and the information environment, and to deny the same to our adversaries.\u201dNotable in the description is the word \u201cwarfare.\u201d\u00a0 Again the clandestine nature of the organization makes it hard to say, but perhaps CYBERCOM has its hand in alleged offensive activities like attacks on Iran and Russia.Increasingly, cyberspace is seen as a battleground where conflict can play out with less risk than actual troop confrontation, and the ongoing invasion of Ukraine is no exception.Cybersecurity & Infrastructure Agency (CISA)CISA is the centerpiece in the federal government's most recent effort to respond to the cyber threat.\u00a0 Its mission is to \u201clead the national effort to understand and manage cyber and physical risk to our critical infrastructure.\u201d\u00a0CISA was founded in 2018 with a broad mission to protect infrastructure in general, but as the placement of cybersecurity indicates in the organization's title, with a prominent focus on securing infrastructure from cyber threats.\u00a0 In general, CISA has a more defensive and regulatory stance than NSA or CYBERCOM.\u00a0 It was central in defining the regulatory response to the KeyStone pipeline attack.\u00a0 As a regulatory body, CISA is an organization that enforces compliance within the federal government, as detailed by its directives.Also front and center for CISA is election security, as highlighted by CISA\u2019s strategic intent document.\u00a0 The organization interfaces with both the state and federal governments to shore up election infrastructure.Although CISA is a more civilian-leaning body, its current head Jen Easterly, confirmed in 2021, is an alum of U.S. Army Intelligence and Cyber Security.\u00a0National Institute of Standards and Technology (NIST)NIST\u2019s mission is to \u201cpromote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life.\u201d\u00a0In the realm of cybersecurity, NIST is focused on the nuts-and-bolts of cryptography.\u00a0 It played a role in the story of developing modern cryptography (both symmetric and asymmetric).\u00a0These days, NIST continues to have a hand in defining crypto standards and is leading the charge in developing post-quantum secure crypto algorithms.\u00a0Deputy National Security Advisor for Cyber and Emerging TechnologyThe Deputy National Security Advisor for Cyber and Emerging Technology is currently Anne Neuberger, appointed in 2021 after working at the NSA.\u00a0 This office is part of the National Security Council, advising the president on cybersecurity and helping to enact his orders across the landscape of agencies.\u00a0For example, on 3\/8\/22, Anne Neuberger issued a statement describing how President Biden\u2019s cybersecurity order was being executed with respect to enforcing security in all software\u2014including open source components\u2014used by the government.In that order you can see the efforts of the deputy national security advisor to direct multiple agencies and private sector organizations into unified action.National Cyber DirectorThe Office of the National Cyber Director (ONCD) is the most recent addition to the pantheon, created in 2021 and currently held by Chris Inglis.\u00a0 This role is another advisor to the president, quite similar in intent to the advisor for cyber and emerging technology just described.\u00a0 It is an office still in the process of building out its capabilities, with a focus on guiding unified action across the government.It describes its mission as four-fold:Ensuring federal coherenceImproving public-private collaborationAligning resources to aspirationsIncreasing present and future resilienceHere we can very much see the efforts of the government to bring the multitude of different agencies under a common umbrella of leadership with respect to their cyber security missions.The FBIOf course, no tour of the federal cyber security landscape would be complete without a look at the FBI, which describes itself as \u201cthe lead federal agency for investigating cyber attacks and intrusions.\u201d\u00a0Their legacy stretches into the pre-digital past, and their image (or their cyber website, frankly) may not be as burnished with a modern, relevant glow by the new focus on cyber security as the other organization above, but to its credit are numerous cyber busts, like tracking down and arresting the international group behind the Zeus trojan thefts, dismantling the Coreflood botnet and recovering much of the Colonial Pipeline ransom.\u00a0The FBI has a broad mandate in cyber security, running the gamut from simple fraud to elaborate, international ransomware organizations.The cyber security e pluribus unumAs you can see, the most recent efforts of the federal government are in trying to define a comprehensive strategy that embraces such a sprawling empire.\u00a0 Indeed, the above portrait is just a thumbnail sketch\u2014it doesn\u2019t even include the CIA, whose mission includes \u201ccutting-edge digital and cyber tradecraft and IT infrastructure.\u201d\u00a0 Or how about the FTC\u2019s responsibility for COPPA (Children\u2019s Online Privacy Protection Act), or the TSA\u2019s heavy involvement in cyber security requirements.In fact, like every business is now a software business, every agency is now a cybersecurity agency. A central challenge in promoting US national cyber security is driving cohesion within the bureaucratic architecture.