← Back to Blog

The NSA's Data Centers: Public Construction Money, a Classified Operating Budget, and a Building That Could Not Turn On

· 13 min read The NSA's Data Centers: Public Construction Money, a Classified Operating Budget, and a Building That Could Not Turn On

The National Security Agency built two enormous computing complexes in the space of about a decade. One sits on a hillside near Bluffdale, Utah. The other rises across 227 acres at the agency's Fort Meade headquarters in Maryland. Together they represent several billion dollars of federal construction, and they raise a question that comes up often in this series: how do you track the cost of something that is, in large part, secret?

The honest answer is that the picture is neither fully hidden nor fully open. The construction of these facilities was paid for through Military Construction appropriations, and those project line items appear in public Department of Defense budget documents. What happens inside the buildings, the agency's ongoing mission and operations, is funded through the classified National Intelligence Program and Military Intelligence Program, where only the aggregate top-line totals are disclosed each year. The buildings are a matter of public record. The work done in them is not.

This post walks through what the primary and reputable-secondary record establishes about the two campuses, the money that built them, and the electrical failures that kept one of them from reliably powering on for about a year. Every cost figure below carries its year and, where appropriate, a flag that it is a press or planning estimate rather than an audited final total.

Two different buildings, two different missions

It is easy to blur the two facilities together, and much loose reporting does. They are distinct in location, cost, and purpose.

The Utah Data Center sits at Camp Williams near Bluffdale, Utah. Its official designation, confirmed across multiple public and government sources compiled by Wikipedia, is the Intelligence Community Comprehensive National Cybersecurity Initiative Data Center. Its role is storage and analysis. Press and government-plan estimates put its construction cost somewhere between about $1.2 billion and $2 billion, with roughly $1.5 billion the most commonly cited figure, and it was completed in May 2014.

Those two numbers, $1.2 billion and $1.5 billion, are not interchangeable, and conflating them is a common error. The roughly $1.2 billion figure is the design-build construction contract the U.S. Army Corps of Engineers awarded, as reported by DatacenterDynamics. The "up to $1.5 billion" figure is what the NSA itself said it would spend on the facility, per Deseret News reporting from 2011. The "$2 billion all-in" upper bound is looser press framing. They describe different things: a construction award versus a stated program spend versus a rounded-up estimate.

The construction itself was competitively contracted through the Army Corps of Engineers to a private joint venture of Balfour Beatty, DPR Construction, and Big-D Construction, confirmed by the contractors' own releases and by DatacenterDynamics. This matters for the transparency question: the Utah center was not built in the dark by an unnamed agency arm. It went through a normal federal construction procurement, with a named government sponsor and named private builders.

The Site M / High Performance Computing Center-2 campus at Fort Meade is a different animal. It is a computing complex, not a storage-and-analysis center, and it sits on a 227-acre parcel at the NSA's home base. Planning documents discovered and published by Public Intelligence, drawn from NSA and Army Corps master-plan materials, put the total planned cost at about $3.2 billion, with groundbreaking in May 2013. Those figures also appear on the NSA's own Wikipedia entry, which identifies a Hensel Phelps and Kiewit joint venture under Army Corps oversight.

Site M was designed to grow in phases. The first phase was planned at up to roughly 1.8 million square feet across as many as 14 buildings, with a dedicated 150-megawatt substation. The planning documents projected a multi-phase build-out reaching roughly 5.8 million square feet and about 60 buildings by around 2030. A frequently cited figure for the supercomputing center itself is about $778 million, but that specific sub-figure is shaky: Data Center Knowledge reported the supercomputing center at roughly $860 million and InformationWeek at $896.5 million. The sturdier number is the $3.2 billion campus total; treat any single line item for the high-performance center as an estimate that varies by source.

Why the NSA needed more power in the first place

Both builds trace back to a documented constraint: the agency ran out of electricity.

By August 2006, according to reporting in The Baltimore Sun, the NSA had effectively maxed out the capacity available to it from Baltimore Gas and Electric. The agency was BGE's single largest customer, drawing, in the Sun's framing, roughly as much electricity as the entire city of Annapolis. The risk of overloading the local grid was serious enough that it delayed the installation of new supercomputers until additional supply could be arranged. The Sun followed the story into 2007.

That power crisis is the backdrop for everything that followed. It is the documented reason the agency needed to build distributed new capacity, both the Utah center with its own dedicated power and the expanded Fort Meade campus with its 150-megawatt substation. When you read that the Utah Data Center was designed for about 65 megawatts of demand, per its design-build specification corroborated by DatacenterDynamics, the 2006 grid crunch is the context that explains why a data center needed that much dedicated electricity in the first place.

The building that could not reliably turn on

The most striking episode in the record is the Utah center's commissioning phase, and it was first reported in detail by Siobhan Gorman in a Wall Street Journal investigation published in October 2013. Forbes, Marketplace, The Register, and others relayed her findings, and the NSA confirmed the electrical failures to Deseret News.

According to the Journal's review of project documents and contractor interviews, the facility suffered roughly 10 electrical failures over about 13 months. The first occurred around August 2012, and the most recent reported incident was around September 25, 2013. These were arc-flash or arc-fault events. That distinction matters, and the fact base flags it as a landmine: an arc flash is an electrical explosion, not a nuclear event and not the building literally melting. One description relayed in the reporting called each incident "a flash of lightning inside a 2-foot box." An arc flash can reach extraordinary temperatures, which is where the "melts metal" language in some accounts comes from, but the phenomenon is electrical, not structural or nuclear.

The damage, again per the Journal's document review, ran up to about $100,000 per incident and collectively destroyed "hundreds of thousands of dollars" of machinery. The failures delayed the facility's opening by roughly one year. These are press-reported estimates drawn from project documents, not an audited total, and they should be read that way.

The cause was disputed, and it was never conclusively pinned down in the 2013 reporting. The Army Corps of Engineers deployed what was described as a "Tiger Team" in the summer of 2013, and reporting relayed by Marketplace put the investigative effort at more than 50,000 man-hours. Contractor sources blamed inadequate wiring and appliances installed too close together. The Army Corps disputed some of the contractors' characterizations. One added nuance from the reporting: the Tiger Team reportedly found that routine design and construction quality-control steps had been bypassed to accelerate the project, which suggests schedule pressure was a factor. That is stronger than saying the cause was simply unknown, but it still does not amount to a single definitive root cause, and none should be asserted as settled.

The problems were ultimately corrected. The facility opened and became operational around 2013 to 2014. The commissioning failures, serious and expensive as they were, were defects that got fixed, not a permanent condition.

One recurring operating figure is worth flagging with a hedge. The Utah center's monthly electricity bill has been reported at around $1 million, a press-reported operating estimate rather than a published invoice. Combined with the 65-megawatt design spec, it gives a rough sense of the scale of what it costs simply to keep such a facility powered.

What the storage capacity is, and is not

Speculation about how much data the Utah center can hold has been one of the most overheated parts of its public story, and the record does not support any specific number.

Press estimates in 2013 ranged from a few exabytes to a dozen exabytes, derived by Forbes and others from analysis of unclassified blueprints, all the way up to "yottabyte" claims. The yottabyte figures are speculative and have been widely debunked. Even the exabyte estimates are blueprint-derived guesses, not official disclosures. The actual storage capacity is classified. This post does not assert a specific figure, and readers should treat any confident number they encounter elsewhere with skepticism.

The money structure: public bricks, classified operations

Here is the core of the funding question, and it has a two-part answer that resists both the "it's all secret" and the "it's all public" simplifications.

Construction is public at the project level. The NSA's facilities are built through Military Construction, or MILCON, appropriations. Those project line items appear in the public DoD budget justification books published by the Office of the Secretary of Defense Comptroller. You can, in principle, open a Military Construction budget-justification PDF and find NSA project lines. The Utah build and Site M were both procured this way, through the Army Corps of Engineers, with named private contractors. The construction appropriation is not the black-budget part.

Mission and operations are classified. What the agency does inside those buildings is funded through the National Intelligence Program and the Military Intelligence Program. Since 2008, under the requirement stemming from the 9/11 Commission Act of 2007 (Public Law 110-53), the Director of National Intelligence discloses only the single aggregate NIP top-line each year, within 30 days of the fiscal year's end, along with the MIP aggregate. All subsidiary and agency-level line-item detail, including whatever it costs to run the Utah and Fort Meade computing operations, is withheld as classified. The ODNI describes this practice on its public IC budget page.

So the "black budget" opacity applies to the operations, not to the bricks and mortar. The construction of these campuses is more transparent than the shorthand implies, while the ongoing cost of running them is genuinely hard for the public to track.

What the 2013 disclosures added

The public got its clearest glimpse of the aggregate scale of intelligence spending from two sources that should be kept separate.

The first is the official one. The DNI's annual disclosure put the FY2013 National Intelligence Program top-line at about $52.6 billion. That figure is officially corroborated. The Military Intelligence Program aggregate, roughly $23 billion, is also disclosed.

The second is the leaked one. In August 2013, The Washington Post, reporting from documents provided by Edward Snowden, published a "black budget" summary that broke the aggregate down by agency. That summary reportedly showed the CIA at about $14.7 billion and the NSA at roughly half of that, around $10.8 billion. Those per-agency splits come only from the leaked classified summary. They remain officially classified and are otherwise unverifiable. The Post's own explainer noted that the $52.6 billion NIP top-line undercounts total intelligence spending. The load-bearing distinction: the $52.6 billion aggregate is official; the agency-by-agency breakdown is a single-source leaked estimate, and the NSA's specific line item has never been officially released.

The critique and the defense, side by side

This series tries to let the honest oversight critique and the honest mission defense sit next to each other without collapsing one into the other. Here they are.

The documented critique. A roughly $1.2 to $2 billion intelligence data center could not reliably power on for about a year because of repeated electrical arc-flash failures during commissioning, about 10 incidents over 13 months, each costing up to $100,000 in damaged equipment, per the Wall Street Journal's 2013 investigation. The Army Corps of Engineers' own Tiger Team could not immediately diagnose the cause, and the Corps and its contractors publicly disputed it, with reporting suggesting normal quality-control steps had been bypassed under schedule pressure. Beyond that specific failure, the agency's operating and mission budget sits inside the classified National Intelligence Program, so the ongoing cost of running these campuses, the Utah center alone reportedly around $1 million a month in electricity at 65 megawatts, plus Site M's multi-phase $3.2 billion Fort Meade build-out, is far harder for the public to follow than an ordinary federal construction project. Critics point to a pattern: the 2006 Fort Meade grid crisis, then the Utah arc faults, suggesting recurring engineering and oversight gaps on very large, secrecy-driven infrastructure.

The mission defense. Signals intelligence and cybersecurity infrastructure is a genuine, congressionally authorized national-security mission, and the transparency here is better than "black budget" shorthand suggests. Both campuses were built through MILCON appropriations whose project line items appear in public DoD budget books, and the Utah construction was competitively contracted through the Army Corps of Engineers to a named private team. The electrical arc-fault problems, serious and costly as they were, were commissioning-phase defects that were ultimately corrected; the facility opened and became operational. The 2006 Fort Meade power crisis is precisely the kind of documented constraint that justified building distributed new capacity in the first place. And since 2008, the aggregate intelligence top-line has been disclosed annually by law, so the overall scale of spending is public even though individual classified line items are not.

Both of those readings are supported by the record. Neither cancels the other. The construction was traceable and the top-line is disclosed; the operations budget is opaque and one of the two builds stumbled badly and expensively before it worked.

Fact-check notes and sources

  • Utah Data Center official designation (Intelligence Community Comprehensive National Cybersecurity Initiative Data Center) at Camp Williams near Bluffdale, Utah, and completion in May 2014: Wikipedia summary of public reporting. Internal classified functions are not public.
  • Utah construction cost, roughly $1.2 billion design-build contract award versus NSA's stated "up to $1.5 billion" spend; the "$2 billion" figure is looser press framing: DatacenterDynamics. All figures are estimates, not one audited total.
  • Built under U.S. Army Corps of Engineers direction by a Balfour Beatty, DPR Construction, and Big-D Construction joint venture: DPR Construction press release.
  • Roughly 10 electrical arc-fault incidents over about 13 months (first around August 2012, most recent around September 2013), up to about $100,000 per incident, hundreds of thousands of dollars in destroyed machinery, and a roughly one-year delay: originally reported by Siobhan Gorman in the Wall Street Journal, October 2013, relayed by Forbes (Kashmir Hill). These are press-reported estimates from project documents. Arc flash is an electrical explosion, not a nuclear or structural event.
  • Army Corps "Tiger Team," more than 50,000 man-hours, the contractor-versus-Corps cause dispute, and the reported bypassing of routine quality controls under schedule pressure: Marketplace. The root cause was contested and not conclusively established; no single definitive cause is asserted here.
  • NSA confirmation of the electrical failures: Deseret News.
  • Design power of about 65 megawatts (design-build spec) and a reported roughly $1 million monthly electricity bill (press operating estimate, hedged as such): Forbes / Wall Street Journal.
  • Data-storage capacity: exabyte and yottabyte figures are speculative estimates; yottabyte claims are debunked and exabyte figures are blueprint-derived guesses. Actual capacity is classified. Flagged as an estimate/unverifiable per Wikipedia summary.
  • Site M / HPCC-2 at Fort Meade, about $3.2 billion, 227 acres, groundbreaking May 2013, phasing toward roughly 5.8 million square feet and about 60 buildings by 2030 with a 150-megawatt substation: Public Intelligence, citing NSA/USACE planning documents, corroborated on the NSA Wikipedia entry. The specific supercomputing-center sub-figure varies by source ($778 million versus roughly $860 million to $896.5 million); the $3.2 billion campus total is the sturdier figure. Planning estimates, not audited totals.
  • 2006 Fort Meade power crisis: the NSA maxed out Baltimore Gas and Electric capacity, was its largest customer, and used roughly as much power as the city of Annapolis, delaying new supercomputers: The Baltimore Sun. The "city of Annapolis" comparison is the Sun's framing.
  • Funding structure: MILCON construction line items are public in DoD budget justification books while mission and operations funding sits in the classified NIP and MIP: DoD Office of the Comptroller NSA FY2025 Military Construction justification and ODNI IC budget page.
  • FY2013 black budget: the roughly $52.6 billion NIP top-line is officially corroborated by ODNI; the per-agency splits (CIA about $14.7 billion, NSA reported at roughly half) come only from the Snowden-leaked summary and remain officially classified. Marked as leaked/single-source estimate: The Washington Post (Barton Gellman and Greg Miller).
  • Annual disclosure practice: since 2008, under Public Law 110-53 (the 9/11 Commission Act of 2007), the DNI discloses only the aggregate NIP and MIP top-lines each year; subsidiary detail is classified: ODNI.

Related reading

This post is informational and journalistic, not legal or financial advice. It describes public programs and documented events; mentions of third parties are nominative fair use and no affiliation is implied.

← Back to Blog

Accessibility Options

Text Size
High Contrast
Reduce Motion
Reading Guide
Link Highlighting
Accessibility Statement

J.A. Watte is committed to ensuring digital accessibility for people with disabilities. This site conforms to WCAG 2.1 and 2.2 Level AA guidelines.

Measures Taken

  • Semantic HTML with proper heading hierarchy
  • ARIA labels and roles for interactive components
  • Color contrast ratios meeting WCAG AA (4.5:1)
  • Full keyboard navigation support
  • Skip navigation link
  • Visible focus indicators (3:1 contrast)
  • 44px minimum touch/click targets
  • Dark/light theme with system preference detection
  • Responsive design for all devices
  • Reduced motion support (CSS + toggle)
  • Text size customization (14px–20px)
  • Print stylesheet

Feedback

Contact: jwatte.com/contact

Full Accessibility StatementPrivacy Policy

Last updated: April 2026