Now Is Not the Right Time To Split NSA and CYBERCOM

COMMENTARY Cybersecurity

Now Is Not the Right Time To Split NSA and CYBERCOM

Jan 3rd, 2021 5 min read
COMMENTARY BY
James Di Pane

Research Associate, Center for National Defense

James is a research associate in Heritage's Center for National Defense.
A sign for the NSA, U.S. Cyber Command and Central Security Service, near the visitor's entrance to the headquarters of the National Security Agency (NSA) on February 14, 2018. SAUL LOEB / Contributor / Getty Images

Key Takeaways

In addition to the big Russian hack, some other surprising news occurred in the cybersecurity world this holiday season.

This idea, which has surfaced repeatedly since the standup of CYBERCOM, will not advance U.S. national security.

Policymakers should continue to support the growth and development of Cyber Command to ensure that it would be ready for a future split down the road.

In addition to the big Russian hack, some other surprising news occurred in the cybersecurity world this holiday season. The Pentagon is reportedly considering ending the dual-hat arrangement that allows the commander of U.S. Cyber Command to simultaneously serve as director of the National Security Agency.

This idea, which has surfaced repeatedly since the standup of CYBERCOM, will not advance U.S. national security. The current arrangement has served both organizations well for years. There is no immediate need to split the two offices right now.

According to reports, the plan to end the dual-hat arrangement has been sent to Chairman of the Joint Chiefs General Mark Milley, who, according to public law, would have to sign off on the split along with acting Secretary of Defense Chris Miller.

This initiative has caused some consternation in Congress, since lawmakers enacted legislation to address this very issue. The fiscal 2017 and 2018 National Defense Authorization Acts put certain roadblocks in place to ensure a proposal to make the split would not harm national security. In essence, both the secretary of defense and chairman of the Joint Chiefs need to sign off and certify the plan will not harm national security before the arrangement is ended.

The dual-hat arrangement started in 2009 when Cyber Command was created in order to provide it with the support and resources it needed to conduct its mission. The arrangement gave the growing Cyber Command the ability to borrow manpower and other resources from the NSA.

A lot has changed since 2009. Cyber Command has built 133 Cyber Mission Force teams and has conducted sophisticated operations, such as the cyber campaign against the Islamic State, which disrupted the latter’s ability to distribute propaganda online. This means CYBERCOM has gained in experience and developed capacity.

But how ready is it to split its command, and can that be done without affecting its operations? More fundamentally, should splitting the command be a long-term goal?

The initial push to end the dual-hat started during the Obama presidency and was politically motivated in the wake of the Snowden controversy. But military necessity should guide this shift, not politics. So what are the arguments for and against?

Advocates for ending the dual-hat argue that one commander can lead to unfair prioritization of one organization—NSA or CYBERCOM—over the other. They also question the ability for one person to effectively manage two large organizations and claim that increased use of the NSA’s advanced tools could lead to their premature exposure, possibly through a CYBERCOM operation.

Advocates for keeping the current arrangement focus on the close cooperation and synergy it allows between the two organizations that help their operations, the faster decision-making process it enables and the more efficient use of resources, since the two organizations can more easily share.

While there are arguments on both sides and many see the split happening at some point down the road, two things seem clear. A split should not be done hastily or prematurely. The close cooperation between the two organizations must be preserved.

And let’s not forget the timing. Right now, the U.S. government is reeling from a massive breach by suspected Russian hackers with sweeping consequences, making this an inopportune moment for large organizational changes that could hinder cyber operations.

Both the former commander, Adm. Michael Rogers, and current commander, Gen. Paul Nakasone, have expressed caution about ending the arrangement prematurely. Both have said the arrangement works and enables the close relationship between the two organizations.

The two organizations operate under different legal authorities. Cyber Command draws its authorities from Title 10, which governs military forces, and NSA usually operates under Title 50 governing intelligence functions. This mirrors how cyber operations work as well, with the need for close collaboration between intelligence and military operations.

This means that Cyber Command and the NSA are able to collaborate in a way that other military forces are not able to cooperate with their intelligence counterparts. They currently enjoy a large degree of corporate synergy, where their close cooperation and unified command makes them more effective than if they were apart.

As Gen. Nakasone has said, “The National Security Agency is our most important partner; the strength of this relationship will remain critical to the defense of the nation. The agency’s world-class expertise, technical capabilities and accesses are crucial to USCYBERCOM’s success.”

Ending the dual-hat should only be done if it will enhance the effectiveness of both organizations in their operations, and a clear plan should be created with support from Congress, as it will need congressional support to be successful. Policymakers should continue to support the growth and development of Cyber Command to ensure that it would be ready for a future split down the road.

This piece originally appeared in C4ISR Net