The Pentagon would have to meet a series of new requirements before U.S. Cyber Command could split from the National Security Agency, according to a proposal from a Senate defense committee.
In what is known as the dual-hat arrangement, the two organizations are co-located at Fort Meade in Maryland and share a leader in Gen. Paul Nakasone. The arrangement came about 10 years ago with the creation of Cyber Command to help get the organization off the ground and leverage the expertise and infrastructure of NSA.
Officials spoke favorably about the dual-hat arrangement.
But when rumors of a split surfaced a few years ago, some members of Congress felt the decision was premature and that Cyber Command was not yet ready to stand on its own. As a result, Congress outlined in 2016 a series of metrics Pentagon leaders had to meet. These included ensuring both organizations had the infrastructure they needed and that the missions of each organization would not be hurt by a split.
Now, the Senate Armed Services Committee tweaks three of those provisions included in the fiscal year 2017 defense policy bill. The committee’s draft of the annual defense policy bill passed in late May but the full text was only made available June 12.
The first change requires that each organization have robust command and control systems for planning, deconflicting and executing military cyber operations and now national intelligence operations as well.
The next change is related to cyber tools. Cyber Command buys and develops cyber tools for military cyber operations. But these systems aren’t always compatible with the tools NSA uses to access networks for foreign intelligence collection. The provision requires that “tools and weapons used in cyber operations are sufficient for achieving required effects” and adds that Cyber Command “is capable of acquiring or developing these tools, weapons, and accesses.”
In recent years, Cyber Command was granted limited acquisition authority to procure its own tools and systems, though some in Congress have been skeptical of this process because Cyber Command has not used all the money lawmakers set aside.
Some congressional leaders are questioning Cyber Command's needs given it has yet to exhaust what has already been provided.
The last change focuses on the full operational capability of the cyber mission force. Under the current law, the cyber mission force must reach full operational capability before a split. The Pentagon announced it reached this milestone in May 2018.
Now, the Senate wants to ensure the cyber mission force “has demonstrated the capacity to execute the cyber missions of the Department.” This includes execution of a national level missions such as deterrence and disruption of adversary activity, defense of DoD networks and support for combatant commands by targeting of adversary military assets.