Cyber Command and NSA still working to meet measures necessary to split
U.S. Cyber Command and the National Security Agency continue to work toward measures Congress set in place necessary to separate the two co-located organizations, though the official who leads them reiterated Tuesday the power of having a single person in charge.
Rep. Trent Kelly, R-Miss., pressed for progress on how the government is working to split the so-called dual-hat arrangement of NSA and Cyber Command leadership during a hearing Tuesday of the House Permanent Select Committee on Intelligence.
Gen. Paul Nakasone, who leads both organizations, told the committee that Cyber Command and NSA’s requirements continue to grow and that dependencies between the two entities, such as shared infrastructure, have decreased, adding they continue to work towards measures outlined by Congress for their separation.
Since Cyber Command was created a decade ago, it has been co-located with NSA and shared a leader. At the time, this made sense to help the command grow, relying on the personnel, expertise and infrastructure of the NSA.
Several years ago, in response to rumors a split was imminent, Congress felt such a decision was premature and Cyber Command was not ready to stand alone. As such, Congress outlined a series of metrics for the Pentagon to meet in the 2016 annual defense policy bill. Those metrics were then tweaked in the 2017 policy bill adding more restrictions necessary to split the dual hat. They included that each organization have robust command and control systems for planning, deconflicting and executing military cyber operations and national intelligence operations as well as ensuring tools and weapons used in cyber operations are sufficient for achieving required effects. It also sought to ensure that Cyber Command can acquire or develop these tools, weapons, and accesses.
In recent years, Cyber Command has gained significant, yet still maturing, acquisition authority to purchase its own capabilities. It also developed what it calls the Joint Cyber Warfighting Architecture, which guides the command’s acquisition priorities and includes major programs for infrastructure and tools separate from those of the NSA.
Nakasone said that decisions to separate the infrastructures were made before he took command, but he added they were good decisions and they continue to carry out separate infrastructures.
The dual-hat arrangement has been a hotly debated topic in the cyber and intelligence world, with proponents saying the military can benefit from the unique intelligence insights and access of NSA, leading to faster decision-making and operational outcomes. Opponents argue the roles are too powerful for one person and relying on intelligence infrastructure and tools, which are meant to stay undetected, for military activity poses risks to such espionage activity.
Despite the initial dual-hat relationship, it was always understood that it would not be permanent given the inherently different missions of each organization: foreign intelligence and warfighting.
However, officials have increasingly spoken favorably about the nature of the relationship, saying it provides a degree of speed and synergy needed to keep pace in the modern digital world.
“What is unique is that the domain of what we’re operating here in cyberspace is requiring the speed and the agility and unity of effort that the nation needs and we’re seeing that with what we’ve seen in elections, what we’ve seen with ransomware and now what we’re seeing with Ukraine and Russia,” Nakasone told the committee. “This is the advantage of being able to have one person that runs both organizations, in my opinion.”
At the conclusion of the Trump administration, officials attempted to hastily finalize the split between the two organizations. Members of Congress at the time opposed this plan, citing the aforementioned certifications had not been made.