Common Americans are no longer considered worth protecting as part of national security.
-----------


Mr. Carboni,

Thank you for providing the information below.  We have conducted an initial search within the organization that is most likely to hold records. That organization advised that the request, as worded, is overly broad.  Querying any of our organizations would likely result in the same response.  The phrase “malware transmitted through USB firmware” is overly broad, such that any of our internal organizations would not be able to determine which files to search or be able to conduct a search with a reasonable amount of effort. Terms such as “malware” or “firmware” may turn up in any number of NSA records and most likely would not be related to securing home networks. Furthermore, added search without a clarification of context and specific records sought, would incur significant fees which would be passed on to you as an “all other” requester. 

  A large facet of the NSA/CSS mission is to protect National Security (i.e. government, DoD, Industry partners) information systems.  In doing so, this Agency provides guidance on Information Assurance security solutions to our Industry and Government customers regarding risk, vulnerabilities, mitigations, and threats.  While it is not part of our mission to provide guidance on securing home networks, we may occasionally post information on our website as you may recall from our letter. Our Information Assurance Directorate (IAD) has provided some information to the public that may be of interest to you.  Here are some additional links that you may peruse:

https://www.nsa.gov/ia/mitigation_guidance/index.shtml

https://www.nsa.gov/public_info/press_room/2014/nsa_seal_scam_alert.shtml (this is a recent article the does provides a link regarding malware)

https://www.nsa.gov/ia/index.shtml  The last paragraph provides a video link under “IAD's Latest Security Guide Helps Customers Protect Home Networks,” and there is also a fact sheet titled “Best Practices for Keeping Your Home Network Secure.”

Since the information you appear to be requesting (protecting home networks) does not fall under the purview of NSA/CSS missions, continued search of our files would not be productive.  Your request will be administratively closed as an improper FOIA.  If, after reviewing the information on our website, you wish to submit a FOIA request on similar topic(s), please provide enough detail to allow for an accurate and focused search.

Regards,

Cindy B
NSA/CSS FOIA Requester Service Center

(301)688-6527