"The NSA/CSS Commercial Solutions Center (NCSC) addresses the strategic needs of NSA/CSS and the national security community by harnessing the power of U.S. commercial technology."
Two pieces of information that add up to a larger story:
* The NSA/CSS Commercial Solutions Center (NCSC) is specifically built around Elliptic Curve Cryptography that they acquired from Certicom.
>The NCSC also manages the Elliptic Curve Cryptography (ECC) program on behalf of the NSA/CSS. Elliptic curve provides greater security and more efficient performance than first generation public key techniques currently in use. NSA/CSS purchased a license that covers intellectual property in a restricted field of use to assist in the implementation of elliptic curves to protect U.S. and allied government information. - https://www.nsa.gov/business/programs/ncsc.shtml
* Certicom designed the Elliptic Curve DRBG (Dual_EC) algorithm including the backdoor (Certicom patented the backdoor functionality in 2005)[0]. The NSA then included this algorithm + backdoor into NIST standard and payed RSA 10 million dollars to make it the default DRBG.
Putting these two facts together suggests that the NCSC was responsible for the Dual_EC backdoor.
https://www.nsa.gov/business/programs/ncsc.shtml
"The NSA/CSS Commercial Solutions Center (NCSC) addresses the strategic needs of NSA/CSS and the national security community by harnessing the power of U.S. commercial technology."