Much Ado About Nothing? Cyber Command and the NSA – War on the Rocks

Category: NSA

Last week, word began to spread that the Trump administration was considering granting new powers to U.S. Cyber Command. Lolita Baldor of the Associated Press had the scoop, discussing two related but separate steps under consideration: first, to elevate U.S. Cyber Command to the status of a unified command and second, to break the current dual-hat arrangement with the National Security Agency (NSA), whereby the commander of U.S. Cyber Command is the same individual as the director of the NSA.

It is worth noting, however, four things: First, these two steps (elevation and separation) have been under consideration for years. Second, there were good reasons at the time why the Obama administration didnt act on them. Third, elevation and separation should, in theory, operationally empower U.S. Cyber Command, but in practice Cyber Command may ironically find itself with less capability to offer. And finally, Cyber Command has already quietly amassed non-operational power and authority within the Department of Defense, making it one of the most independent commands, second only to the U.S. Special Operations Command. As such, while this weekends news is a good sign of the continued maturation of Cyber Command (and the acknowledgment of that maturation by the White House), theres less here than meets the eye.

Lets review Cyber Commands origins and its assigned missions before tackling the news. (Please accept my apologies in advance for some acronym salad.) For the short-story long, see chapter 8 of Playing to the Edge by Michael Hayden and the early parts of Jay Healeys Fierce Domain. Long-story short, the NSA had been the nations leading signals intelligence agency for decades. But after 9/11, as new opportunities emerged to create effects against adversaries during declared hostilities, Pentagon leadership became uncomfortable with the notion that the intelligence missions of collection and analysis would be conducted by the same organization that would disrupt or degrade, even destroy, targets through cyber-attacks during an armed conflict. In 2002, U.S. Strategic Command was given responsibility for cyberspace, and two little-known subordinate organizations emerged to manage it: Joint Task Force-Global Network Operations (JTF-GNO) would handle guarding the Defense Departments networks while Joint Functional Component Command-Network Warfare (JFCC-NW) would be responsible for missions wed think of as offense. Because there was so much overlap between the NSA and the emerging JFCC-NW, the Department of Defense created the dual-hat by making the NSA director (then Hayden) the commander of JFCC-NW. As the threats to the Department of Defense in cyberspace increased throughout the 2000s, Secretary of Defense Robert Gates consolidated JTF-GNO and JFCC-NW under a new U.S. Cyber Command in 2010, but it was still subordinate to U.S. Strategic Command and still dual-hatted with the NSA director. Thats more or less where we find ourselves today.

Since then, U.S. Cyber Command has been charged with three missions: defend the Defense Departments networks and systems, provide offensive support to other commands in the event of a contingency, and defend the nation from a cyber-attack of significant consequence (less than two percent of incidents would qualify as significant).

Advocates of more autonomy and authority for U.S. Cyber Command have often bemoaned its subordinate status to U.S. Strategic Command. The theory is that having to work through Strategic Command slows down operational approval, coordination, or whatever else needs to happen. Based on my experience in the Cyber Policy office of the Office of the Secretary of Defense, I am of the view that a stove-piped Joint Staff had more to do with delays and miscommunication than anything else; nor could I ever find a function Cyber Command might be asked to execute that could only be performed by a full, unified command (like Strategic Command) but not by a sub-unified command (like Cyber Command). We looked at this several times during the last administration: If the secretary of defense wanted the sub-unified command to execute, they could and would. It wasnt a problem, so elevating the command wasnt necessary. So, while I dont think there are any big wins to be had by the recent news about the Trump administration wanting to elevate Cyber Command, I dont think it hurts to do it either. And it might not ultimately be up to the White House: The 2017 NDAA requires the administration to elevate Cyber Command.

Breaking the dual-hatted relationship with the NSA is more complicated. There are very good reasons why JFCC-NW was born with the NSA as its commander, as there is a lot of overlap between the organizations. This overlap is intuitive to those whove worked in the business, but hard to explain in brief here. Ill just quote Hayden on this point: [I]n the cyber domain the technical and operational aspects of defense, espionage, and cyberattack are frankly indistinguishable they are all the same thing. Its obviously more complicated than this, but at a high level, I think this was the rationale.

There were studies undertaken about the implications of breaking the dual-hat before the Snowden affair, but his disclosures forced policymakers to confront the issue head-on. At that time, it was thought that breaking the dual-hat could improve perceptions about privacy and civil liberties at the NSA, but in December 2013 the Obama administration decided to maintain the arrangement. Senior leaders felt it was too soon to separate Cyber Command. Its readiness and resources were growing but insufficient, and it was still too reliant on NSA talent and services for its missions.

Working with the two organizations, I found that the relationship between the two was akin to a mix between hostage-taking and Stockholm syndrome except each organization kept mixing up which was the hostage and which was the hostage-taker. One day, U.S. Cyber Command would demand NSA support due to the latters responsibility as a combat support agency. The next day, the command would cave and say that NSA had other, more important priorities. And NSA too would resist a request from Cyber Command, then embrace it, and then fight it. The overlap and dependence was that tight.

For that reason, among others, I understand the argument about needing to separate Cyber Command from NSA so that the former can pursue its missions (especially to defend the nation and to support other commands) with greater independence from signals intelligence. But theres a risk here that would be dangerous to miss: When Cyber Command needs NSA support, the fact that its the same person in charge of both organization can break what might otherwise be a log-jam. Splitting the dual-hat could result in the NSA isolating itself and refocusing on its own core missions (the collection of signals intelligence and providing information assurance) while minimizing its support to Cyber Command.

Just because there are risks does not mean the Trump administration should leave the current arrangement in place. The question is not whether, but when and how, to break the dual-hat. One priority for the White House and Secretary Mattis will be to have a clear understanding with the new NSA director (who may well be a civilian for the first time) about how he or she sees the relationship with Cyber Command, and then how the administration monitors the relationship to ensure the NSA doesnt abandon Cyber Command outright.

The selection of who will next lead Cyber Command will also be a priority. Someone like the current commander of Army Cyber Command, Lt. Gen. Paul Nakasone, is an ideal candidate: He has years of experience in the cyber effects business, time in the Pentagon and the field, and he understands the roles of civilians, fellow military officers, and senior political types. Another name thats been floated is Lt. Gen. William Mayville, currently the Director of the Joint Staff. His time as the Joint Staffs chief information officer and with Joint Special Operations Command would make him a strong leader for Cyber Command as well.

The good news for the future of the U.S. militarys cyber operations is that, regardless of whether or not Cyber Command is elevated as a unified command or separated from the NSA, Congress has quietly been empowering Cyber Command with greater authorities and independence through legislation. My colleague Charley Snyder and I assessed all the additional powers conferred in the 2017 NDAA over at Lawfare, but Id like to single out the authority related to requirements: Being able to set its own requirements for the conduct of cyber operations, as well as validating the requirements of other defense components, matters more than this bland bureaucratic language might suggest. With the independent acquisition authority Congress gave it in a previous NDAA, Cyber Command can now accelerate acquisition and procurement to keep up with new requirements without the usual deliberations chaired by the Joint Staff. Special Operations Command is the only other military outfit with that kind of freedom, and it makes a big difference.

But the big question will be this: Regardless of these crucial authorities and any new command arrangements, what will Cyber Commands role be in protecting the country from threats like Russian information operations? Maybe its time we get away from using cyber as the description of what needs to be done, and instead think about what an Information Warfare Command would look like. How should the United States wage such a fight, and how should it protect itself? I am pleased the Trump administration is considering organizational changes to support a higher profile for cyber operations, but we really need answers to these bigger policy questions.

Michael Sulmeyer is the Director of the Cyber Security Project at the Harvard Kennedy Schools Belfer Center for Science and International Affairs. He also served in the Office of the Secretary of Defense, Cyber Policy, from 2012-2015. Follow him on Twitter @SultanOfCyber.

Image:Airman 1st Class Christopher Maldonado/Shaw Air Force Base

Originally posted here:
Much Ado About Nothing? Cyber Command and the NSA - War on the Rocks

NSA warned of vulnerabilities in Signal app a month before Houthi strike chat - CBS News - March 26th, 2025 [March 26th, 2025]
Trump said poised to fire NSA Mike Waltz for including journalist in top secret war chat - The Times of Israel - March 26th, 2025 [March 26th, 2025]
Not the last Waltz: Trump defends NSA after security breach - The Times of India - March 26th, 2025 [March 26th, 2025]
NSA warned about vulnerabilities in Signal prior to White House group chat fiasco - SiliconANGLE News - March 26th, 2025 [March 26th, 2025]
NSA warned the Signal app was vulnerable last month - WTIC - March 26th, 2025 [March 26th, 2025]
Codebreakers and Covert Agents: The Women Behind the NSA and CIA heads to Illinois State Museum - WAND - March 26th, 2025 [March 26th, 2025]
NSA warned about using Signal a month before leak of Houthi strike chat - CBS News - March 26th, 2025 [March 26th, 2025]
'Putin is giddy': NSA knew Signal was vulnerable to Russian hackers before security breach - AlterNet - March 26th, 2025 [March 26th, 2025]
RAW: NSA MIKE WALTZ EXPECTED TO VISIT GREENLAND - Local 3 News - March 26th, 2025 [March 26th, 2025]
US NSA likely to visit India in third week of April - Hindustan Times - March 26th, 2025 [March 26th, 2025]
Statement from Secretary Rubio and NSA Waltz on Call with Zelenskyy - Department of State - March 22nd, 2025 [March 22nd, 2025]
Europe must invest more in defence amid global shifts: Greeces NSA Ntokos - Firstpost - March 22nd, 2025 [March 22nd, 2025]
NSA Bahrain, NAVCENT Hold First-of-its-Kind Exercise Vigilant Resolve - navy.mil - March 22nd, 2025 [March 22nd, 2025]
Former NSA boss Osei Assibey Antwi picked up by NIB - GhanaWeb - March 22nd, 2025 [March 22nd, 2025]
WHAT THE TECH? NSA recommending weekly smartphone restarts & how it improves performance - Local 3 News - March 9th, 2025 [March 9th, 2025]
Ex-NSA cyber chief warns of devastating impact of potential DOGE-inspired firings - Breaking Defense - March 9th, 2025 [March 9th, 2025]
Former top NSA cyber official: Probationary firings devastating to cyber, national security - CyberScoop - March 9th, 2025 [March 9th, 2025]
Prime Targets Martha Plimpton On Her NSA Character & Why This Political Thriller Works: Never Trust People In Charge - Deadline - March 9th, 2025 [March 9th, 2025]
Former NSA Dep. Director, Gifty Oware-Mensah will see NIB over 80k ghost names allegations - GhanaWeb - March 5th, 2025 [March 5th, 2025]
Zelensky is not ready for peace talks, US NSA says - Mehr News Agency - English Version - March 3rd, 2025 [March 3rd, 2025]
More Than 100 Intelligence Staffers Will Be Fired Over Sexually Explicit Texts In NSA Chatrooms, Gabbard Says - Forbes - March 1st, 2025 [March 1st, 2025]
NSA says it is investigating potential misuse of chat platform - The Record from Recorded Future News - March 1st, 2025 [March 1st, 2025]
100-plus spies fired after NSA internal chat board used for kinky sex talk - The Register - March 1st, 2025 [March 1st, 2025]
Tulsi Gabbard says more than 100 intelligence officers will be fired for sexually explicit NSA chat messages - CNN - March 1st, 2025 [March 1st, 2025]
Elon Asked What Government Workers Did. The NSA Overshared - Schiff Sovereign - March 1st, 2025 [March 1st, 2025]
Tulsi Gabbard Fires 100 Intelligence Officers for Sex Chats on NSA-Hosted Tool - The Daily Beast - March 1st, 2025 [March 1st, 2025]
Elon Musk reacts to leaked chat alleging NSA, CIA officials discussed raising intersex babies as non-bina - The Times of India - March 1st, 2025 [March 1st, 2025]
What NSA, DIA agents said about Libs of TikTok, Ben Shapiro in leaked messages - The Times of India - March 1st, 2025 [March 1st, 2025]
NSA staff accused of lurid sex chats at work they were just discussing LGBTQ+ issues - PinkNews - March 1st, 2025 [March 1st, 2025]
Sen. Tom Cotton reacts to lewd NSA chats: 'We don't want these people anywhere near classified information' - Fox News - March 1st, 2025 [March 1st, 2025]
At least 100 NSA staffers to be fired for explicit chats during work hours - WDRB - March 1st, 2025 [March 1st, 2025]
Gifty Oware-Mensah on the run as NIB investigates NSA scandal - GhanaWeb - February 25th, 2025 [February 25th, 2025]
Former NSA, Cyber Command chief Paul Nakasone says U.S. falling behind its enemies in cyberspace - CyberScoop - February 25th, 2025 [February 25th, 2025]
NSA emphasizes strong defensive posture as it responds to report it hacked China - Washington Times - February 25th, 2025 [February 25th, 2025]
How the NSA Head of Accounts was undermined by his deputy for eight months after appointment - GhanaWeb - February 25th, 2025 [February 25th, 2025]
What Is Proteus in Zero Day? How the NSA Weapon Changes Everything - Collider - February 25th, 2025 [February 25th, 2025]
'Zelenskyy will sign the minerals deal, no matter': US NSA Mike Waltz on Trump's Ukraine plan - The Economic Times - February 25th, 2025 [February 25th, 2025]
EXCLUSIVE: Clearcover launches Illinois-based reciprocal exchange to jumpstart entry into NSA - Re-Insurance.com - February 12th, 2025 [February 12th, 2025]
Chief of Naval Operations Visits NSA Crane, Purdue University [Image 18 of 25] - DVIDS - February 12th, 2025 [February 12th, 2025]
Liminal Health Launches NSA ClearPath: Revolutionizing Reimbursement for Out-of-Network Providers - PR Newswire - February 12th, 2025 [February 12th, 2025]
Elon Musks D.O.G.E is giving the CIA and NSA nightmares now - MSN - February 12th, 2025 [February 12th, 2025]
NSA Ajit Doval likely to visit US along with PM Modi - The Economic Times - February 12th, 2025 [February 12th, 2025]
The NSA says do these 5 things with your phone right now - Fox News - January 30th, 2025 [January 30th, 2025]
NSA: Iraqi territory will not be used to attack neighboring countries Iraqi News Agency - ina.iq - January 30th, 2025 [January 30th, 2025]
NDC is not here to witch-hunt - Opare Addo to NSA staff - GhanaWeb - January 30th, 2025 [January 30th, 2025]
NSA Warns iPhone And Android UsersDisable Location Tracking - Forbes - January 19th, 2025 [January 19th, 2025]
Trumps incoming NSA: Hamas must have no role in governing Gaza - JNS.org - January 19th, 2025 [January 19th, 2025]
Trump NSA Disputes Report That Neocons Are Influencing MAGA Staffing - RealClearDefense - January 19th, 2025 [January 19th, 2025]
US NSA lauds Ajit Doval for pivoting ties to advanced future tech - The Times of India - January 9th, 2025 [January 9th, 2025]
Auto insurtech Clearcover expands into Texas NSA market with CGA launch - Re-Insurance.com - January 9th, 2025 [January 9th, 2025]
"Cannot Think Of A Better Way To End My Tenure": US NSA On His India Visit - NDTV - January 9th, 2025 [January 9th, 2025]
Heightened Security At U.S. Naval Academy And NSA Annapolis: Public Access Suspended Amid Increased Force Protection Measures - Bay Net - January 9th, 2025 [January 9th, 2025]
From The Seabed To The Stars: 10 Takeaways From U.S. NSA Sullivans Visit - Strategic News Global - January 9th, 2025 [January 9th, 2025]
NSA Sullivan to visit India to finalise important ongoing initiatives: White House - The Hindu - January 9th, 2025 [January 9th, 2025]
What NSA Jake Sullivans India Visit Signals For Nuclear And Tech Ties As US Lifts Curbs On Indian Entities - Swarajya - January 9th, 2025 [January 9th, 2025]
NSA Sullivan arrives today, seeks to strengthen AI, space, tech ties - The Tribune India - January 9th, 2025 [January 9th, 2025]
CISA, NSA, and Partners Issue Annual Report on Top Exploited Vulnerabilities - HSToday - December 5th, 2024 [December 5th, 2024]
Where Will The Top Amateurs at NSA Yamaha Land After the Team Closes? - Vurbmoto - December 5th, 2024 [December 5th, 2024]
CISA, NSA, FBI and International Partners Publish Guide for Protecting Communications Infrastructure - HSToday - December 5th, 2024 [December 5th, 2024]
Main players backing Syrian government have been weakened by other conflicts, NSA Sullivan says - NBC News - December 5th, 2024 [December 5th, 2024]
Trump's incoming NSA Mike Waltz wants US to dance cheek-to-check with India - The Times of India - November 14th, 2024 [November 14th, 2024]
What Trump's NSA Nominee Said On India's Pivotal Role In The 21st Century - NDTV - November 14th, 2024 [November 14th, 2024]
Exclusive: Nakasone on exploding pagers, life after the NSA and another possible government job - The Record from Recorded Future News - November 14th, 2024 [November 14th, 2024]
FBI, CISA, and NSA reveal most exploited vulnerabilities of 2023 - BleepingComputer - November 14th, 2024 [November 14th, 2024]
CISA, NSA, and Partners Issue Annual Report on Top Exploited Vulnerabilities - National Security Agency - November 14th, 2024 [November 14th, 2024]
6 Principles of Operational Technology Cybersecurity released by joint NSA initiative - Security Intelligence - November 14th, 2024 [November 14th, 2024]
It's official FBI, CISA, and NSA reveal the most exploited vulnerabilities of 2023 - TechRadar - November 14th, 2024 [November 14th, 2024]
Donald Trump picks Mike Waltz as US NSA: What it means for China and India - The Times of India - November 14th, 2024 [November 14th, 2024]
Who is Mike Waltz, Donald Trump's new NSA pick? What are his ties to India Caucus? - Firstpost - November 14th, 2024 [November 14th, 2024]
NSA should not oversee the management of national facilities RexDanquah - Citi Sports Online - November 14th, 2024 [November 14th, 2024]
Trudeaus NSA admits to leaking secret intel alleging Indias interference to Washington Post - Firstpost - October 31st, 2024 [October 31st, 2024]
White House dials NSA Ajit Doval: Here's what happened in the call - The Economic Times - October 31st, 2024 [October 31st, 2024]
NSA Doval Stresses Need For Stable Indo-Pacific In Phone Call With US Counterpart Sullivan - News18 - October 31st, 2024 [October 31st, 2024]
Director-General of NSA calls for continued support from government - GhanaWeb - October 21st, 2024 [October 21st, 2024]
5G Non Standalone Nsa Architecture Market to Reach USD 240.0 - openPR - October 21st, 2024 [October 21st, 2024]
NSA meets with Minister Muir and DAERA to discuss industry concerns - Meat Management - October 21st, 2024 [October 21st, 2024]
NSA cyber chief: Espionage is now Russias focus for cyberattacks on Ukraine - The Record from Recorded Future News - October 11th, 2024 [October 11th, 2024]
NSA Investigating If Chinese Hackers Breached US Telecoms - Yahoo Finance - October 11th, 2024 [October 11th, 2024]
NSA Issues Updated Guidance on Russian SVR Cyber Operations - National Security Agency - October 11th, 2024 [October 11th, 2024]
News - Honoring the Stars and Stripes: NSA Philadelphia Hosts Dignified Flag Disposal Ceremony - DVIDS - October 11th, 2024 [October 11th, 2024]

July 20th, 2017

No comments yet

Comments are closed.

Mediaboss Marketing

Much Ado About Nothing? Cyber Command and the NSA – War on the Rocks

About

Pages

Categories

Media Sites

Recommended Sites

Archives