Much Ado About Nothing? Cyber Command and the NSA – War on the Rocks

Category: NSA

Last week, word began to spread that the Trump administration was considering granting new powers to U.S. Cyber Command. Lolita Baldor of the Associated Press had the scoop, discussing two related but separate steps under consideration: first, to elevate U.S. Cyber Command to the status of a unified command and second, to break the current dual-hat arrangement with the National Security Agency (NSA), whereby the commander of U.S. Cyber Command is the same individual as the director of the NSA.

It is worth noting, however, four things: First, these two steps (elevation and separation) have been under consideration for years. Second, there were good reasons at the time why the Obama administration didnt act on them. Third, elevation and separation should, in theory, operationally empower U.S. Cyber Command, but in practice Cyber Command may ironically find itself with less capability to offer. And finally, Cyber Command has already quietly amassed non-operational power and authority within the Department of Defense, making it one of the most independent commands, second only to the U.S. Special Operations Command. As such, while this weekends news is a good sign of the continued maturation of Cyber Command (and the acknowledgment of that maturation by the White House), theres less here than meets the eye.

Lets review Cyber Commands origins and its assigned missions before tackling the news. (Please accept my apologies in advance for some acronym salad.) For the short-story long, see chapter 8 of Playing to the Edge by Michael Hayden and the early parts of Jay Healeys Fierce Domain. Long-story short, the NSA had been the nations leading signals intelligence agency for decades. But after 9/11, as new opportunities emerged to create effects against adversaries during declared hostilities, Pentagon leadership became uncomfortable with the notion that the intelligence missions of collection and analysis would be conducted by the same organization that would disrupt or degrade, even destroy, targets through cyber-attacks during an armed conflict. In 2002, U.S. Strategic Command was given responsibility for cyberspace, and two little-known subordinate organizations emerged to manage it: Joint Task Force-Global Network Operations (JTF-GNO) would handle guarding the Defense Departments networks while Joint Functional Component Command-Network Warfare (JFCC-NW) would be responsible for missions wed think of as offense. Because there was so much overlap between the NSA and the emerging JFCC-NW, the Department of Defense created the dual-hat by making the NSA director (then Hayden) the commander of JFCC-NW. As the threats to the Department of Defense in cyberspace increased throughout the 2000s, Secretary of Defense Robert Gates consolidated JTF-GNO and JFCC-NW under a new U.S. Cyber Command in 2010, but it was still subordinate to U.S. Strategic Command and still dual-hatted with the NSA director. Thats more or less where we find ourselves today.

Since then, U.S. Cyber Command has been charged with three missions: defend the Defense Departments networks and systems, provide offensive support to other commands in the event of a contingency, and defend the nation from a cyber-attack of significant consequence (less than two percent of incidents would qualify as significant).

Advocates of more autonomy and authority for U.S. Cyber Command have often bemoaned its subordinate status to U.S. Strategic Command. The theory is that having to work through Strategic Command slows down operational approval, coordination, or whatever else needs to happen. Based on my experience in the Cyber Policy office of the Office of the Secretary of Defense, I am of the view that a stove-piped Joint Staff had more to do with delays and miscommunication than anything else; nor could I ever find a function Cyber Command might be asked to execute that could only be performed by a full, unified command (like Strategic Command) but not by a sub-unified command (like Cyber Command). We looked at this several times during the last administration: If the secretary of defense wanted the sub-unified command to execute, they could and would. It wasnt a problem, so elevating the command wasnt necessary. So, while I dont think there are any big wins to be had by the recent news about the Trump administration wanting to elevate Cyber Command, I dont think it hurts to do it either. And it might not ultimately be up to the White House: The 2017 NDAA requires the administration to elevate Cyber Command.

Breaking the dual-hatted relationship with the NSA is more complicated. There are very good reasons why JFCC-NW was born with the NSA as its commander, as there is a lot of overlap between the organizations. This overlap is intuitive to those whove worked in the business, but hard to explain in brief here. Ill just quote Hayden on this point: [I]n the cyber domain the technical and operational aspects of defense, espionage, and cyberattack are frankly indistinguishable they are all the same thing. Its obviously more complicated than this, but at a high level, I think this was the rationale.

There were studies undertaken about the implications of breaking the dual-hat before the Snowden affair, but his disclosures forced policymakers to confront the issue head-on. At that time, it was thought that breaking the dual-hat could improve perceptions about privacy and civil liberties at the NSA, but in December 2013 the Obama administration decided to maintain the arrangement. Senior leaders felt it was too soon to separate Cyber Command. Its readiness and resources were growing but insufficient, and it was still too reliant on NSA talent and services for its missions.

Working with the two organizations, I found that the relationship between the two was akin to a mix between hostage-taking and Stockholm syndrome except each organization kept mixing up which was the hostage and which was the hostage-taker. One day, U.S. Cyber Command would demand NSA support due to the latters responsibility as a combat support agency. The next day, the command would cave and say that NSA had other, more important priorities. And NSA too would resist a request from Cyber Command, then embrace it, and then fight it. The overlap and dependence was that tight.

For that reason, among others, I understand the argument about needing to separate Cyber Command from NSA so that the former can pursue its missions (especially to defend the nation and to support other commands) with greater independence from signals intelligence. But theres a risk here that would be dangerous to miss: When Cyber Command needs NSA support, the fact that its the same person in charge of both organization can break what might otherwise be a log-jam. Splitting the dual-hat could result in the NSA isolating itself and refocusing on its own core missions (the collection of signals intelligence and providing information assurance) while minimizing its support to Cyber Command.

Just because there are risks does not mean the Trump administration should leave the current arrangement in place. The question is not whether, but when and how, to break the dual-hat. One priority for the White House and Secretary Mattis will be to have a clear understanding with the new NSA director (who may well be a civilian for the first time) about how he or she sees the relationship with Cyber Command, and then how the administration monitors the relationship to ensure the NSA doesnt abandon Cyber Command outright.

The selection of who will next lead Cyber Command will also be a priority. Someone like the current commander of Army Cyber Command, Lt. Gen. Paul Nakasone, is an ideal candidate: He has years of experience in the cyber effects business, time in the Pentagon and the field, and he understands the roles of civilians, fellow military officers, and senior political types. Another name thats been floated is Lt. Gen. William Mayville, currently the Director of the Joint Staff. His time as the Joint Staffs chief information officer and with Joint Special Operations Command would make him a strong leader for Cyber Command as well.

The good news for the future of the U.S. militarys cyber operations is that, regardless of whether or not Cyber Command is elevated as a unified command or separated from the NSA, Congress has quietly been empowering Cyber Command with greater authorities and independence through legislation. My colleague Charley Snyder and I assessed all the additional powers conferred in the 2017 NDAA over at Lawfare, but Id like to single out the authority related to requirements: Being able to set its own requirements for the conduct of cyber operations, as well as validating the requirements of other defense components, matters more than this bland bureaucratic language might suggest. With the independent acquisition authority Congress gave it in a previous NDAA, Cyber Command can now accelerate acquisition and procurement to keep up with new requirements without the usual deliberations chaired by the Joint Staff. Special Operations Command is the only other military outfit with that kind of freedom, and it makes a big difference.

But the big question will be this: Regardless of these crucial authorities and any new command arrangements, what will Cyber Commands role be in protecting the country from threats like Russian information operations? Maybe its time we get away from using cyber as the description of what needs to be done, and instead think about what an Information Warfare Command would look like. How should the United States wage such a fight, and how should it protect itself? I am pleased the Trump administration is considering organizational changes to support a higher profile for cyber operations, but we really need answers to these bigger policy questions.

Michael Sulmeyer is the Director of the Cyber Security Project at the Harvard Kennedy Schools Belfer Center for Science and International Affairs. He also served in the Office of the Secretary of Defense, Cyber Policy, from 2012-2015. Follow him on Twitter @SultanOfCyber.

Image:Airman 1st Class Christopher Maldonado/Shaw Air Force Base

Originally posted here:
Much Ado About Nothing? Cyber Command and the NSA - War on the Rocks

All-clear issued about 2 hours after NSA Naples schools evacuated over potential threat - Stars and Stripes - November 18th, 2025 [November 18th, 2025]
'Dhurandhar': R Madhavan reveals Aditya Dhar's little trick that perfected his NSA-inspired look for the - The Times of India - November 18th, 2025 [November 18th, 2025]
Army officer with Indo-Pacific experience emerges as potential Cyber Command, NSA pick - The Record from Recorded Future News - November 18th, 2025 [November 18th, 2025]
NSA Dr Rahman to attend Security Conclave in New Delhi - United News of Bangladesh - November 18th, 2025 [November 18th, 2025]
Man claims NSA told him to shatter glass at AT&T building with hatchet, Nashville police say - WSMV - November 18th, 2025 [November 18th, 2025]
How the heartbreaking lack of a confirmed leader is impacting CYBERCOM and NSA - Breaking Defense - November 7th, 2025 [November 7th, 2025]
Goa invokes NSA for three months to tackle anti-socials - The Times of India - November 7th, 2025 [November 7th, 2025]
CISA, NSA and other unveil security blueprint to harden Microsoft Exchange servers - Homeland Preparedness News - November 7th, 2025 [November 7th, 2025]
NSA Shares Q3 Revenue Results Below Expectations - GuruFocus - November 7th, 2025 [November 7th, 2025]
Filipinos aware of civilian supremacy over military NSA Ao - Philippine News Agency - October 28th, 2025 [October 28th, 2025]
Sonam Wangchuk says his words were twisted to justify his NSA detention - The Statesman - October 26th, 2025 [October 26th, 2025]
Nokia and stc pioneer the first commercial 5G NSA Cloud RAN deployment in the MEA region - ZAWYA - October 26th, 2025 [October 26th, 2025]
China accuses NSA of multi-year hack targeting its national time systems - Nextgov/FCW - October 23rd, 2025 [October 23rd, 2025]
Cybersecurity News: AWS outage, NSA hacking accusations, High risk WhatsApp automation - CISO Series - October 23rd, 2025 [October 23rd, 2025]
Hackers Say They Have Personal Data of Thousands of NSA and Other Government Officials - Homeland Security Today - October 23rd, 2025 [October 23rd, 2025]
AWS outage, NSA hacking accusations, High risk WhatsApp automation - LinkedIn - October 23rd, 2025 [October 23rd, 2025]
Palestinian President Mahmoud Abbas: No Concessions Were Made In The Oslo Accords 1.85 Million Palestinians Returned To Their Homeland;... - October 23rd, 2025 [October 23rd, 2025]
NSA to partner JKG to drive sports technology through Artificial Intelligence - GhanaWeb - October 23rd, 2025 [October 23rd, 2025]
China claims NSA hacked its national timing systems using 42 "special cyber weapons" - TechSpot - October 23rd, 2025 [October 23rd, 2025]
US NSA alleged to have launched a cyber attack on a Chinese agency - csoonline.com - October 21st, 2025 [October 21st, 2025]
Hackers Say They Have Personal Data of Thousands of NSA and Other Government Officials - 404 Media - October 21st, 2025 [October 21st, 2025]
China says it has foiled a series U.S. cyberattacks on its critical infrastructure Ministry of State Security says it has 'irrefutable evidence' NSA... - October 21st, 2025 [October 21st, 2025]
China claims the NSA conducted cyberattacks on its national time center - Engadget - October 21st, 2025 [October 21st, 2025]
China claims the US NSA conducted cyberattacks on its national time center - TechRadar - October 21st, 2025 [October 21st, 2025]
Donald Trump's ex-NSA John Bolton indicted; charged over mishandling classified information; Trump calls - Times of India - October 19th, 2025 [October 19th, 2025]
Trump critic and former NSA adviser John Bolton indicted on classified documents charges - MLive.com - October 19th, 2025 [October 19th, 2025]
NSA Accused of Stealing Secrets from Chinas National Time Centre - Modern Diplomacy - October 19th, 2025 [October 19th, 2025]
Ex-Donald Trump NSA John Bolton Indicted: All About The 18 Charges - NDTV - October 19th, 2025 [October 19th, 2025]
Explained: What are the charges against ex-US NSA John Bolton? What next? - Firstpost - October 19th, 2025 [October 19th, 2025]
Former Trump NSA John Bolton Indicted On 18 Counts For Sharing Classified Information - Republic World - October 19th, 2025 [October 19th, 2025]
Ex-Trump NSA Bolton charged with storing, sharing classified information - Business Standard - October 17th, 2025 [October 17th, 2025]
Lt. Gen. William Hartman, acting leader of NSA and Cyber Command, will not be nominated for the dual-hat role - POLITICO Pro - October 17th, 2025 [October 17th, 2025]
Shaping health futures together: NSA engagement for EPW2 and Ageing is Living - World Health Organization (WHO) - October 17th, 2025 [October 17th, 2025]
Trump's ex-NSA John Bolton indicted over sharing US defence secrets: Was his email hacked by Iran? - WION - October 17th, 2025 [October 17th, 2025]
John Bolton Indicted: What are the Charges Against Trump's Former NSA? - Times Now - October 17th, 2025 [October 17th, 2025]
China infrastructure hacks are 'unrestricted warfare' against America, former NSA director says - Washington Times - October 15th, 2025 [October 15th, 2025]
Children were scared to sleep outside, many stopped going to schools: Why NSA was invoked against a rape accused in UPs Bhadohi - The Indian Express - October 15th, 2025 [October 15th, 2025]
Chinas Capacity to Hack the U.S. Is Growing, Former NSA and Retired Gen. Tim Haugh Warns - Homeland Security Today - October 15th, 2025 [October 15th, 2025]
Ousted NSA head Gen. Tim Haugh on his firing by the Trump administration - CBS News - October 13th, 2025 [October 13th, 2025]
China's capacity to hack the U.S. is growing, former NSA head says. Here's what they're targeting and why. - CBS News - October 13th, 2025 [October 13th, 2025]
China is hacking America's critical infrastructure, former NSA and retired Gen. Tim Haugh warns - CBS News - October 13th, 2025 [October 13th, 2025]
John Bolton, Former US NSA And Trump Critic, May Face Federal Charges Soon: Report - News18 - October 13th, 2025 [October 13th, 2025]
Acting US Cyber Command, NSA chief wont be nominated for the job, sources say - The Record from Recorded Future News - October 11th, 2025 [October 11th, 2025]
Exclusive: DOJ seeking criminal charges against Trump's former NSA John Bolton - Yahoo - October 11th, 2025 [October 11th, 2025]
NSA boss explains how revenue from Ghana-Mali game will be shared - GhanaWeb - October 11th, 2025 [October 11th, 2025]
NSA rolls out digital skills, military training and smart reforms - GBC Ghana Online - October 9th, 2025 [October 9th, 2025]
Overheated Solar Panel Batteries Caused Fire at NSA Chiefs Residence - liberianobserver.com - October 9th, 2025 [October 9th, 2025]
NSA Doval meets Brazilian counterpart to review cooperation in strategic areas | Latest News India - Hindustan Times - October 4th, 2025 [October 4th, 2025]
Red Hat allegedly hit by huge breach exposing major organizations, including the NSA - Cybernews - October 2nd, 2025 [October 2nd, 2025]
NSA officer injured after Maryland man drives through checkpoint, rams multiple police vehicles - WMAR 2 News Baltimore - September 30th, 2025 [September 30th, 2025]
Why should officials not be fined: HC on illegal NSA arrest - The Times of India - September 30th, 2025 [September 30th, 2025]
SKM demands to release Sonam Wangchuk, revoke imposition of NSA - The Times of India - September 30th, 2025 [September 30th, 2025]
Seoul's NSA reportedly says S.Korea unable to pay $350b upfront in investment in US for tariff deal; weaponizing alliance exposes nature of US... - September 30th, 2025 [September 30th, 2025]
'Delhi banega Khalistan': Freed Khalistani terrorist out on bail in Canada threatens India, targets NSA A - The Times of India - September 30th, 2025 [September 30th, 2025]
Two Days After His Detention Under NSA, Sonam Wangchuks Wife Says She Is Yet to Speak to Him - The Wire India - September 30th, 2025 [September 30th, 2025]
Sonam Wangchuk detained under NSA: What to know about National Security Act - The Indian Express - September 28th, 2025 [September 28th, 2025]
Evercore ISI Raises PT on National Storage Affiliates Trust (NSA) to $32, Maintains an Underperform Rating - Yahoo Finance - September 28th, 2025 [September 28th, 2025]
Sonam Wangchuk Arrested under NSA: Ladakh admin explains why he was moved to Jodhpur jail - Mint - September 28th, 2025 [September 28th, 2025]
NSA whistleblower Reality Winner on rebuilding her life in new memoir - MSN - September 21st, 2025 [September 21st, 2025]
Assessing the Valuation of National Storage Affiliates Trust (NSA) After Recent Share Price Moves - simplywall.st - September 19th, 2025 [September 19th, 2025]
NSA Warns iPhone And Android UsersClose All Apps If You See This - Forbes - September 17th, 2025 [September 17th, 2025]
US' Ex-NSA John Bolton: Trump Should Call Modi, Fix Relations, And Visit India For QUAD Summit' - Times of India - September 17th, 2025 [September 17th, 2025]
'Come To India': Ex-NSA's Words Of Wisdom To Trump On Tariff, Indo-US Ties - Times of India - September 17th, 2025 [September 17th, 2025]
Video NSA whistleblower Reality Winner on rebuilding her life in new memoir - ABC News - September 17th, 2025 [September 17th, 2025]
Former US NSA calls India proud and strong, criticises Trumps India strategy - The Shillong Times - September 17th, 2025 [September 17th, 2025]
Video | Ex-US NSA's Explosive Interview: 'Navarro Keeps Picking Fights' - NDTV - September 15th, 2025 [September 15th, 2025]
NSA, EFCC, DSS urged to probe alleged funding of bandits in Zamfara - The Guardian Nigeria News - September 15th, 2025 [September 15th, 2025]
Ex-US NSA Reveals Navarro Once Attempted Confrontation Between Donald Trump, PM Modi - News18 - September 15th, 2025 [September 15th, 2025]
Navarro tried to provoke Modi-Trump clash, claims ex-US NSA; says India should ignore the sideshow - Moneycontrol - September 15th, 2025 [September 15th, 2025]
'Erratic behaviour': Ex-US NSA John Bolton slams Trumps India tariffs; rejects claim of brokering India- - The Times of India - September 13th, 2025 [September 13th, 2025]
Unqualified to be US Ambassador to India: Ex-US NSA slams Sergio Gor nomination; dismisses Navarros re - The Times of India - September 13th, 2025 [September 13th, 2025]
Trump's not thinking about the effects of his actions: Ex-US NSA John Bolton - The Times of India - September 13th, 2025 [September 13th, 2025]
NSA leaker Reality Winner is rebuilding her life -- and looking back at her past - NPR - September 13th, 2025 [September 13th, 2025]
India should see Trump as one-time proposition: Ex-US NSA John Bolton flags number of concerns on Indian side - Mint - September 13th, 2025 [September 13th, 2025]
Peter Navarro Tried To Start Fight Between Trump, PM Modi: Ex US NSA - NDTV - September 13th, 2025 [September 13th, 2025]
'Erratic behaviour': Ex-US NSA John Bolton slams Trumps India tariffs; rejects claim of brokering India-Pak peace - MSN - September 13th, 2025 [September 13th, 2025]
India should see Trump as one-time proposition and act in its national interest: Ex-US NSA John Bolton - Tribune India - September 13th, 2025 [September 13th, 2025]
Cyber Command, NSA to remain under single leader as officials shelve plan to end 'dual hat' - The Record from Recorded Future News - September 11th, 2025 [September 11th, 2025]
Cyber Command, NSA to remain under the leadership of one person - SC Media - September 11th, 2025 [September 11th, 2025]
CISA, NSA and Partners Release Shared Vision of Software Bill of Materials for Cybersecurity Guide - Homeland Security Today - September 11th, 2025 [September 11th, 2025]

July 20th, 2017

No comments yet

Comments are closed.

Mediaboss Marketing

Much Ado About Nothing? Cyber Command and the NSA – War on the Rocks

About

Pages

Categories

Media Sites

Recommended Sites

Archives