Analysis: Obama moves to split cyberwarfare command from the NSA

With weeks to go in his tenure, President Obama on Friday moved to end the controversial “dual-hat” arrangement under which the National Security Agency and the nation’s cyberwarfare command are headed by the same military officer.

2016-10-05t164154z_01_tor908_rtridsp_3_usa-cybersecurity-arrest-0563NSA Headquarters.   Reuters

It is unclear whether President-elect Donald Trump will support such a move. A transition official, who spoke on the condition of anonymity to discuss the next administration’s plans, said only that “cybersecurity has been and will be a central focus of the transition effort.”

Pressure had grown on Obama to make such a move on the grounds that the two jobs are too large for one person to handle, that the two organizations have fundamentally different missions and that U.S. Cyber Command, or Cybercom, needed its own leader to become a full-fledged fighting force.

This is a very bad idea as the Analysis at the end of this story makes clear

“While the dual-hat arrangement was once appropriate in order to enable a fledgling Cybercom to leverage NSA’s advanced capabilities and expertise, Cybercom has since matured” to the point where it needs its own leader, Obama said in a statement accompanying his signing of the 2017 defense authorization bill.

Cybercom’s mission is, when ordered, to disrupt and destroy adversaries’ networks. It is also to defend the nation against incoming threats to critical systems and to protect the military’s computers from cyberattack.

The NSA also has a defensive mission — to protect the government’s classified networks — but is better known for its role in conducting electronic spying on overseas targets to gather intelligence on adversaries and foreign governments.

Cybercom, established in 2009 inside the NSA headquarters at Fort Meade, Md., has long depended on the spy agency’s capabilities. NSA and Cybercom personnel sit side by side and use the same networks that were built by the NSA.

“The two organizations should have separate leaders who are able to devote themselves to each organization’s respective mission and responsibilities, but should continue to leverage the shared capabilities and synergies developed under the dual-hat arrangement,” Obama wrote.
Defense Secretary Ashton B. Carter and Director of National Intelligence James R. Clapper Jr. earlier recommended to Obama that the two organizations have separate heads.

Obama had been on the verge of ending the dual-hat leadership in late 2013 but was persuaded to hold off when senior officials, including the NSA’s director at the time, Army Gen. Keith B. Alexander, argued that the two agencies needed one leader to ensure that the NSA did not withhold resources from Cybercom.

Others, including a presidential review commission, recommended that each of the two groups have its own leader and that the NSA director be a civilian. Since its inception in 1952, the NSA has been led by military officers.

The bill that Obama signed bars the splitting of the leadership role until the defense secretary and the chairman of the Joint Chiefs of Staff jointly certify that to do so would not diminish Cybercom’s effectiveness.

Obama took a swipe at Congress for imposing that requirement on him.

“The Congress . . . should not place unnecessary and bureaucratic administrative burdens and conditions on ending the dual-hat arrangement at a time when the speed and nature of cyber threats requires agility in making decisions about how best to organize and manage the nation’s cyber capabilities,” he wrote.

Obama said that the Pentagon and the Office of the Director of National Intelligence have planned a “phased” transition during which the NSA can continue to “provide vital operational support” to Cybercom.

Ellen Nakashima 12-21-2016



Before there is even a suggestion of breaking up the current unified Strategic Command structure, covering the Cyber warfare capabilities, we need to fully understand what ‘Cyber’ actually is, what is can and cannot provide, and most especially the very different cyber needs and roles between the Intelligence Agencies and the Department of Defence. There are some ‘SiFi way out-there’ views on what Cyber capability brings to the fight and particularly who uses its outputs. Various users of Cyber material have very different requirements and abilities to use this capability. That is where the boundaries should be drawn, between the users, NOT right through the middle of Cyber structures itself that generates the output. 

The NSA / Intelligence Agencies do not exhibit the same ‘offensive operational use’ constraints,  common to the DOD operational cyber warfare use case. The ‘dual-hat’ both defensive and offensive operational flexibility is key to the ‘intelligence’ side of the table. In fact having dual defensive / offensive capabilities is key to intelligence agencies capabilities on a day to day operational basis. One needs to look carefully at the statutory requirements and authorities laid out for DOD operational planning rules, compared to the NSA / Intelligence Agencies  requirements under the government’s Title 10 & Title 50 of the US Code.

Maintaining a ‘one-stop shop’ capability is crucial in allowing NSA/ Agencies operational flexibility but at the same time protecting and providing the DOD with defensive and maintenance functions, whilst maintaining the complete spread of operationally effective up to date ‘offensive cyber weapons’, to be used in a DOD war scenario.

  • Former NSA’s director, Army Gen. Keith B. Alexander, argued the NSA & CyberCommand needed one leader to ensure that the NSA did not withhold resources from Cybercom. He was correct in 2013 and he’s still correct in 2017.
  • Adding additional layers of Headquarters to an organisational structure, without adding the commensurate hardware and capability is a guaranteed to end up with inefficiencies, ‘turf-wars’, stifling bureaucratic controls, and increased costs, with a decrease in capabilities.
  • Distributed operational capability under a centralised administrative command, that allows easy information sharing between different users, to align with their varying needs is logical. It also makes the structure more resilient to bureaucratic ennui and external penetration.
  • Unlike many systems ‘cyber-weapons’ are NOT EXPENDED after use. They can be intercepted, analysed and reverse engineered and then used against the original users, with all of the risks of rapid and dangerous esclation that one sees in nuclear weapon deployment. We assume that there will quickly develop Positive Procedural Controls governing the use of Cyber-weapons in line with current Nuclear weapon protocols.
  • Realistically ‘offensive cyber weapons’ have a limited deterrent effect, similar to an on-line equivalent of physical sabotage during war. Cyber weapons are capable of stopping and disrupting processes, but offensive cyber weapons  can never drive an enemy from the field. As such Cyber warfare is a supporting element in the overall DOD war fighting mission.
  • Other than DOD Network Defence and Maintenance, approval from Department of Defence for offensive’cyber-operation’ will end up being held at such a high level (as is the case with nuclear weapon use) as to be operationally moot. The mission of BOTH defence / maintenance AND offensive cyber operations, evaporates in such circumstances. 
  • A separate Cyber Command with stand alone Command Headquarters and authority is a mistake. The establishment of a separate Command with all of the attendant bureaucratic and organisational, authority, resourcing, ‘turf war’ problems is NOT justified, for what is Joint Forces Support Provider.
  •  Examples of questionable establishment of stand alone Command bureaucracies are  in the ill-advised, and the problematic establishment of Special Forces Command, with the attendant and endemic SF Command resource fights, internal turf wars, and organisation justification arguments, is an example to learn from and avoid.

The real value of the current organisational model for a Cyber-Command nestled under, developed,  nurtured and protected within the NSA and Intelligence Agencies structure, under Strategic Command ‘roof ‘ is ideal. Most of the offensive capability as well as defence can be developed and operationally deployed under the NSA and agencies, while the DOD Cyber Command ‘s real value exists as a Joint Forces provider of intelligence support capabilities NOT stand alone ‘war-fighting’ function with its own designated Headquarters.

Offensive Cyber / Intelligence gathering activities should remain firmly under the INTEL Sector where it belongs, and can be used effectively to provide intelligence outputs, to enable the missions of the rest of the DOD, on demand. Cyber Command can then get on with its job as a Joint Service provider of cyber options to Strategic Command. This has been the successful default model between the DOD and inter-agencies ever since the DOD and CIA began their relationship in 1947 on the back of OSS experience in WWII.

The Obama plan for a separate Command Cyber HQ structure is wrong and should be resisted by the incoming Trump Administration.