What Cybercom's independence means

U.S. Cyber Command was designated as an independent combatant command by presidential order in August. Now the big question is whether the cyber forces are going to separate from the National Security Agency.

Former NSA chief Michael Hayden thinks it's time for a split.

"There's a natural momentum here towards maturity. Maturity here means true independence, not this symbiotic relationship with NSA," Hayden told FCW after a panel discussion at the Air Force Association's Air, Space, and Cyber conference just outside Washington, D.C.

"I have at least an equally powerful concern that the relationship gets in the way of NSA being NSA," said Hayden, now a principal at the Chertoff Group and a frequent commentator on cybersecurity and intelligence.

"If NSA is spending a lot of its energy getting Cyber Command up and running for its Title 10 warfighting functions, that means they're not spending that amount of energy on their Title 50 espionage functions," Hayden said. "They ought to split the director of NSA from the director of Cyber Command, not because I think Mike Rogers has too much power, but because I think Mike Rogers has too much work."

Admiral Mike Rogers, who wears the dual hats of NSA director and CyberCom chief, also spoke on the panel, and was more circumspect in his assessment of the current situation.

In 2009, when Cyber Command launched, Rogers said, the Department of Defense was looking for "a very traditional warfighting construct" in cyber. "At the same time seven years ago, when we stood it up, we also said, let's take advantage of the investments, expertise and capacity within the DOD. And we asked ourselves, where is that center of DOD gravity in cyber. Seven years ago, the answer was National Security Agency out it Ft. Meade."

It's now up to Pentagon and Trump administration leaders to determine what the future will hold Rogers noted that the presidential memorandum establishing CyberCom as an independent command also sought further guidance on the future relationship between the cyber forces and NSA.

 "We've already seen significant changes in the evolution of cyber in the last few years," Rogers said. "The idea that the DOD all by itself is going to defend its networks -- I don't think that's going to get us where we need to go."

One of the Rogers' big goals for Cyber Command is to expand the focus from defending networks to a broader perspective that encompasses infrastructure protection, combat systems, platforms and data.

"So as we're trying to build a future for us from a joint perspective in the DOD, we are very focused on those four areas increasingly. And we're also asking ourselves what we need to evolve to?"

For Rogers, there's a renewed attention on initiating a culture shift to an institutional thinking that nothing in cyber stays the same. 

"The idea that we're going to stick to a specific construct, a specific set of operational practices or a specific set of skillsets over time is very flawed," Rogers said. "We've got to get used to the idea that change is a normal component of this mission set and what are the implications of that change from how you build with your human capital, how you build a mission team, how do you organize whether that be formally from a command of controls perspective all the way down to the tactical."