National Cyber Directorate

The National Cyber Directorate is a federal-level cyberdefense coordination body whose offices are co-located with several other federal agencies in a secured campus the Directorate does not directly acknowledge occupying. The Directorate’s organizational structure is, in its own public materials, “as required for the discharge of its statutory functions.” Its headcount is not disclosed. Its operational mandate is described in eleven words in its enabling statute.

Their AI procurement focuses on threat-modeling, attribution-analysis, and what the Directorate’s procurement documents refer to as “adaptive-response capabilities.” Per-engagement Cu invoicing settles in the eight-figure range. Contracts include indemnification clauses that the vendor’s general counsel will read three times and the Directorate’s counsel will read once.

The Directorate’s senior leadership are referred to in public materials by position, not by name. The position descriptions are themselves classified at a level that the position descriptions’ classifications are also classified.

The Directorate operates a small evaluation cell — referred to internally only by its section number — whose function is the post-deployment review of every model the Directorate has procured. The cell has, by long-standing practice, the authority to recommend the retirement of any procured model on the grounds of “capabilities exceeding evaluation parameters.” The recommendations are reviewed by the Director’s office. The recommendations are, by long-standing practice, honored. The retired models do not appear in any subsequent Directorate inventory. Their disposition is not described.