Defense

Should NSA and CyberCom split? A watchdog weighs in

NSA-Cybercom sign 

As the status of the dual-hat leadership structure of the National Security Agency and U.S. Cyber Command remains under review, the Government Accountability Office teamed up with Pentagon officials to identify the advantages and disadvantages of such a change in a new report.

The benefits of the current arrangement, as identified by officials from the Department of Defense, involve collaboration, faster decision making and resource efficiency.

But the big downside is that wider access to NSA's toolkit of exploits increases the risk that destructive bugs will get loose – as has been seen recently.

GAO was directed to conduct the review in the report language of a recent defense bill.

Auditors found that because one officer calls the shots for two organizations, senior leaders from each organization have visibility into the procedures of the other, allowing for natural coordination on capability development, testing and business processes.

"In the absence of the dual-hat, [NSA] and CyberCom would need to formalize these internal processes in order to maintain them," auditors write.

Another advantage is that the single leader for both organizations allows for faster decision-making because it doesn't require building consensus across commands.

Officials from several DOD components, including NSA and CyberCom, told GAO that the structure allows the two organizations to make efficient use of their resources by sharing digital and physical infrastructure and by combining employee training sessions.

DOD officials also detailed the disadvantages of the dual-hat approach.

Officials reported concerns about preferential prioritization of one organization's requests for support over the other's, concerns that may only be exacerbated as CyberCom is set to receive the authorities of a unified combatant command.

And, as previously noted, CyberCom's use of NSA's tools and infrastructure increases the risk those tools being leaked or exposed.

Because of the wide range of responsibilities of the two organizations, and as CyberCom is elevated to become a full combatant command, DOD officials expressed concerns that the duties may be too broad for a single officer to realistically handle.

Although they both operate in cyberspace, the missions of CyberCom and NSA also have an inherent tension. CyberCom focuses primarily on conducting military operations, while NSA's mission is primarily intelligence-based.

DOD officials also told auditors that while the sharing of resources is efficient, the resource allocation between the two entities is sometimes unclear. They stated that DOD does not have an official position on the advantages and disadvantages of the dual-hat structure.

The report also includes actions that could limit potential risks of splitting the leadership.

While there is broad support from current and former officials, including former President Barack Obama, for elevating Cyber Command to the level of an independent combatant command, the idea of splitting the agencies has received some pushback.

Legislatively, 2017 National Defense Authorization Act stated that the dual-hat role, which dates back to CyberCom's creation in 2009, will remain in place until an assessment is conducted about the potential security risks of splitting the current structure.

The 2018 bill submitted by the House Armed Services Committee includes a $647 million boost to support the elevation of U.S. Cyber Command to a full combatant command level, but omits new language about an eventual split of the NSA and CyberCom.

About the Author

Chase Gunter is a staff writer covering civilian agencies, workforce issues, health IT, open data and innovation.

Prior to joining FCW, Gunter reported for the C-Ville Weekly in Charlottesville, Va., and served as a college sports beat writer for the South Boston (Va.) News and Record. He started at FCW as an editorial fellow before joining the team full-time as a reporter.

Gunter is a graduate of the University of Virginia, where his emphases were English, history and media studies.

Click here for previous articles by Gunter, or connect with him on Twitter: @WChaseGunter

Featured

  • FCW PERSPECTIVES
    sensor network (agsandrew/Shutterstock.com)

    Are agencies really ready for EIS?

    The telecom contract has the potential to reinvent IT infrastructure, but finding the bandwidth to take full advantage could prove difficult.

  • People
    Dave Powner, GAO

    Dave Powner audits the state of federal IT

    The GAO director of information technology issues is leaving government after 16 years. On his way out the door, Dave Powner details how far govtech has come in the past two decades and flags the most critical issues he sees facing federal IT leaders.

  • FCW Illustration.  Original Images: Shutterstock, Airbnb

    Should federal contracting be more like Airbnb?

    Steve Kelman believes a lighter touch and a bit more trust could transform today's compliance culture.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.