Should NSA and CyberCom split? A watchdog weighs in

NSA-Cybercom sign 

As the status of the dual-hat leadership structure of the National Security Agency and U.S. Cyber Command remains under review, the Government Accountability Office teamed up with Pentagon officials to identify the advantages and disadvantages of such a change in a new report.

The benefits of the current arrangement, as identified by officials from the Department of Defense, involve collaboration, faster decision making and resource efficiency.

But the big downside is that wider access to NSA's toolkit of exploits increases the risk that destructive bugs will get loose – as has been seen recently.

GAO was directed to conduct the review in the report language of a recent defense bill.

Auditors found that because one officer calls the shots for two organizations, senior leaders from each organization have visibility into the procedures of the other, allowing for natural coordination on capability development, testing and business processes.

"In the absence of the dual-hat, [NSA] and CyberCom would need to formalize these internal processes in order to maintain them," auditors write.

Another advantage is that the single leader for both organizations allows for faster decision-making because it doesn't require building consensus across commands.

Officials from several DOD components, including NSA and CyberCom, told GAO that the structure allows the two organizations to make efficient use of their resources by sharing digital and physical infrastructure and by combining employee training sessions.

DOD officials also detailed the disadvantages of the dual-hat approach.

Officials reported concerns about preferential prioritization of one organization's requests for support over the other's, concerns that may only be exacerbated as CyberCom is set to receive the authorities of a unified combatant command.

And, as previously noted, CyberCom's use of NSA's tools and infrastructure increases the risk those tools being leaked or exposed.

Because of the wide range of responsibilities of the two organizations, and as CyberCom is elevated to become a full combatant command, DOD officials expressed concerns that the duties may be too broad for a single officer to realistically handle.

Although they both operate in cyberspace, the missions of CyberCom and NSA also have an inherent tension. CyberCom focuses primarily on conducting military operations, while NSA's mission is primarily intelligence-based.

DOD officials also told auditors that while the sharing of resources is efficient, the resource allocation between the two entities is sometimes unclear. They stated that DOD does not have an official position on the advantages and disadvantages of the dual-hat structure.

The report also includes actions that could limit potential risks of splitting the leadership.

While there is broad support from current and former officials, including former President Barack Obama, for elevating Cyber Command to the level of an independent combatant command, the idea of splitting the agencies has received some pushback.

Legislatively, 2017 National Defense Authorization Act stated that the dual-hat role, which dates back to CyberCom's creation in 2009, will remain in place until an assessment is conducted about the potential security risks of splitting the current structure.

The 2018 bill submitted by the House Armed Services Committee includes a $647 million boost to support the elevation of U.S. Cyber Command to a full combatant command level, but omits new language about an eventual split of the NSA and CyberCom.

About the Author

Chase Gunter is a staff writer covering civilian agencies, workforce issues, health IT, open data and innovation.

Prior to joining FCW, Gunter reported for the C-Ville Weekly in Charlottesville, Va., and served as a college sports beat writer for the South Boston (Va.) News and Record. He started at FCW as an editorial fellow before joining the team full-time as a reporter.

Gunter is a graduate of the University of Virginia, where his emphases were English, history and media studies.

Click here for previous articles by Gunter, or connect with him on Twitter: @WChaseGunter


  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.