This is Part I of a four-part series exploring what U.S. Cyber Command will need to operate on its own, separate from the National Security Agency.
With the impending split of U.S. Cyber Command and the National Security Agency, the focus will shift from personnel and staffing to infrastructure and tools. Under current law, one of the requirements set forth in the 2017 National Defense Authorization Act calls for – among other things prior to a split – the chairman of the Joint Chiefs of Staff and the secretary of defense to certify that the capabilities of Cyber Command and the NSA won't be degraded if they split off.
Currently, CYBERCOM, which was stood up in 2009, is co-located with the NSA — a decision that made sense at the time of CYBERCOM's inception to rely on the infrastructure and rich cyber talent resident within the NSA.
PART II: Here's what Cyber Command's war-fighting platform will look like
PART III: The types of tools an independent Cyber Command will need
However, the two perform different roles: The NSA is an intelligence-gathering organization focused on national-level security as well as a combatant command-support organization; CYBERCOM performs war-fighting tasks.
In September 2016 under the Obama administration, there were three issues under discussion surrounding the split, explained Phil Quade, former director of the NSA Cyber Task Force, in an interview.
The first was a prioritization schema so CYBERCOM could prioritize its needs of the NSA, and so the NSA could consider those by weighing them against the needs of other combatant commands or civilian agencies it supports.
The second was that the NSA needed greater capacity, Quade said, under the guise of: If the government (or CYBERCOM) is going to be on the offensive, there must be improved intelligence to underpin that.
Lastly, Quade said CYBERCOM needs a better indigenous capability to act on the offensive. "If you’re constantly trying to repurpose intelligence tools, you’re going to have a fundamental equity decision. So there needed to be more of a split between intelligence tool[s] and attack tools," he said.
"As far as the Cyber Command-NSA split, we intend to make this a split that actually gains more unity of effort from a broader constituency, too, from other elements that are also engaged in that counter-cyberthreat," Secretary of Defense Jim Mattis told Congress in June.
"I’m on record as saying that my recommendation to this process is … the right answer in the long term is to separate the two," Adm. Michael Rogers, who leads both CYBERCOM and the NSA, told lawmakers in early May. "They’ll still remain closely aligned because Cyber Command and NSA will still continue to work in the same battle space in many ways, so to speak. It will still be a unique relationship."
Rogers also noted there’s a series of steps needed to make sure each organization — as it shifts from the structure originally created — is optimized to continue to achieve successful outcomes while acknowledging there are some factors that need to be addressed, particularly on the side of CYBERCOM.
Part II will examine the infrastructure that U.S. Cyber Command needs separate from the NSA.
Mark Pomerleau is a reporter for C4ISRNET, covering information warfare and cyberspace.