This is the second part of a series exploring the future of Cyber Command. For previous installments, see part one.
Already tasked with making Cyber Command a full unified combatant command, national security leaders are working on a separate, but parallel effort: splitting of the dual hat relationship between Cyber Command and NSA.
There is no timeline either mandated or charted for a split.
Congress, however, has outlined specific metrics DoD, Cyber Command and NSA must meet in order for the split to occur. These include ensuring each organization has sufficient operational infrastructure to operate independently, guaranteeing the missions of each won’t be impacted by the division and requiring the cyber mission force achieves full operational capability, among others.
A Pentagon spokesman said in a written statement to Fifth Domain that the secretary of defense and chairman of the joint chiefs of staff, in consultation with the director of national intelligence, “continue to consider potential recommendations on when timing and conditions would be appropriate to terminate the arrangement, consistent with the requirements in section 1642 of the National Defense Authorization Act for FY 2017, and statements in the report accompanying the Intelligence Authorization Act for Fiscal Year 2017.”
Some in Congress have not seen the same sense of urgency from the Trump administration to split the NSA and Cyber Command as exhibited by the Obama administration. Lt. Gen. Paul Nakasone’s nomination Feb. 13 to lead both agencies shows that the Trump administration is not using the retirement of current commander and director Adm. Michael Rogers’s to split the dual hat arrangement as some in the national security community had expected.
“The longer there’s that dual hat relationship the more potential there is to exacerbate some of those potential disadvantages that we’re seeing,” Joseph Kirschbaum, the director of defense capabilities and management at the Government Accountability Office told Fifth Domain. He referenced advantages and disadvantages of the dual hat arrangement outlined in an August GAO report.
Kirschbaum said DoD and the administration isn’t necessarily ignoring separation but may be trying to square the task of elevation first.
Michael Sulmeyer, director of the cybersecurity project at Harvard’s Belfer Center and the former director of plans and operations for cyber policy at the Pentagon, said he doesn’t think the efforts associated with elevation are affecting separation given there are a different set of issues to resolve.
However, Jamil Jaffer, founder of the National Security Institute at George Mason University Law School and a former Senior Counsel at the House Intelligence Committee believes elevation makes it more likely Cyber Command and NSA will split. In many ways, he told Fifth Domain, the elevation of Cyber Command to a full unified command has to happen before a potential split because it raises the profile and responsibility of the missions allocated to Cyber Command.
The concern going forward, Kirschbaum said, is keeping DoD’s eye on the ball and focused on meeting the elements listed in the annual defense authorization bill.
Kirschbaum noted that GAO is trying to ensure DoD doesn’t treat Congress’s items as a list and that the department is honestly assessing each element outlined by the annual defense policy bill before they move on.
“We see this a lot in DoD where you’re trying implement recommendations or you’re trying to do something and you’ve completed a task and you’ve checked it and you’re moving on,” he said. “We would rather them accomplish the task but also assess what that task is meant, a problem it was meant to solve or an effect it’s trying to achieve and whether or not it’s achieving that effect.”
Members of Congress aren’t pushing for a rapid separation of the dual hat, according to a Senate staffer. Instead, they want to make sure the split is done in a cautious and meaningful way, which is the intention of last year’s defense authorization bill.
The House Armed Services Emerging Threats and Capabilities subcommittee, which oversees cyber, held a classified member briefing with the Government Accountability Office in mid-January to discuss a variety of cyber policy issues, including the splitting of the dual hat.