Much has been made over the discussions surrounding a potential separation of the National Security Agency and US Cyber Command. Such a determination would involve severing the "dual-hat" leadership of these organizations, which share the same chief, as well as raise questions of what CYBERCOM standing up as its own independent organization might look like.
Since its creation in 2009, the command has been co-located with the NSA at Fort Meade, Maryland, sharing personnel, tactics, tools and a director. Officials have long lauded the rich partnership both organizations share, especially the NSA's history in the signals intelligence business.
During recent congressional testimony, when pressed by Sen. John McCain, R-Ariz., a vehement opponent to splitting these organizations, NSA Director and CYBERCOM Commander Adm. Mike Rogers agreed that maintaining the dual hat currently is in the best national security interest of the country. Rogers has, however, expressed that the two organizations will likely have to split eventually.
"I've been very public about saying I believe in the long run the right thing is to keep these two aligned, but to separate them. As Cyber Command, particularly, gains more capacity and more capability, the demand on Cyber Command's time, resources and capabilities just continue to grow," Rogers said at the Intelligence and National Security Summit in Washington in September. "I just think you need two people full time focused on this, but even as we do that, you're going need to keep these closely aligned."
In practical and operational terms, what would a split mean?
Both organizations, while often times conducting similar activity, are defined under different statutory terms. CYBERCOM, as a military organization under the chain of command of the secretary of defense, falls under Title 10 of the United States Code. The NSA, on the other hand, as an intelligence organization falls under the scope of Title 50, though it does perform Title 10 duties from time to time. These legal distinctions trigger certain roles and responsibilities for the organizations that govern them.
"Cyberspace operations as a Title 10 operations is a military operation, not an intelligence operation," Ronald Pontius, deputy to the commanding general of Army Cyber Command, said. "So it's very important and we go through a lot of training and we have our operational lawyers very much with us on everything. … You have to understand under what authorities are you conducting what operation, and we work that very carefully."
Retired Gen. Jennifer Napper, who served as the director of policy, plans and partnerships for CYBERCOM, said intelligence is key for any operation, cyber or otherwise.
"I think it's important to understand that in any operation you want to have as much and as good intelligence as you can. And we have built out our intelligence forces over the years, whether you're talking about surveillance or anything else, to go look and find and fix the enemy," she told C4ISRNET in an August interview. "We need to be able to do the same thing in cyber and the guys that understand that part of the intelligence world are sigint because they do go out and do great intelligence work for our country using their capabilities across the signals intelligence. I think it's very important that they stay close so that any operation is properly informed by the intelligence apparatus."
Pontius also lauded the strong relationship NSA and CYBERCOM share in the signals intelligence space.
"There is a close working relationship between signals intelligence and cyber. One can inform the other, but also the other informs the other," he said. "There's things that we very much could see from a cyberspace operations point of view that could say: Here's something we need to look at from a signals intelligence point of view. Or we may have indications and warnings from signals intelligence that says: We believe adversaries are thinking about pursuing this kind of thing against our networks or our systems — you need to look in this area."
A fully separate CYBERCOM would have to rely solely on its own personnel, tools and infrastructure.
The close relationship with NSA was logical at the beginning in standing up a brand new organization with similar, yet separate mission sets and skills. However, the similarities have presented the potential to blur these intelligence and war fighting lines — or Title 10 and Title 50.
In addition to the head of CYBERCOM and NSA being dual-hatted, many employees of each also share this designation. A former NSA worker, speaking to C4ISRNET on condition of anonymity, explained that many individuals in this dual-hat role conduct intelligence work for the NSA and once they discover an entry point into a network, they can "flip their hat" and create cyber effects for CYBERCOM.
This issue — balancing the equities between the spying and effects — is at the heart of the Title 10 and Title 50 debate, the former NSA worker said. The NSA will find the path inside to exploit the target, but the effects generated as well as the planning and executing will be conducted within CYBERCOM's Title 10 authorities.
The dual-hat aspect should be viewed as vector versus payload, the former NSA worker said. Title 50 for cyberwarfare will always be used to find the vector and find the target, but the payload might be different as opposed to a spying payload. Title 10 will want a physical payload, the source added.
The dual-hatting of individuals is not necessarily unusual, according to a former government official who dealt with many national security issues, speaking to C4ISRNET on condition of anonymity. The dual-hatting of staff members made sense when first standing up CYBERCOM given budget constraints, the former national security official said, noting that the notion of dual-hatting has been around for a long time and is common at other agencies within the military and the intelligence community such as the Defense Intelligence Agency, the National Reconnaissance Office and the National Geospatial Intelligence Agency. NSA as a support organization will often times execute Title 10 authorities, according to the former government official.
The nature of cyberspace operations pairs very close to the signint and hacking capabilities fostered among a competent NSA workforce, making it a great parent organization to help stand up a new military command focused on cyber operations. However, the skills involved in this space are very specialized and might not suit the military based upon the way its training architecture is set up. More on this in Part II.
Mark Pomerleau is a reporter for C4ISRNET, covering information warfare and cyberspace.