A Department of Defense official said Nov. 1 that U.S. Cyber Command needs to have its own infrastructure and not lean as heavily on the National Security Agency for some cyber tools, a transition that may foreshadow an eventual split between the two dual-hatted agencies.

Cyber Command has operated on the NSA’s networks since its conception in 2009, but is in the process of building systems "by which we can do our own operations and not rely as heavily on the NSA infrastructure,” said Capt. Ed Devinney, director of corporate partnerships and technology outreach at Cyber Command.

“Building our own infrastructure is probably the biggest thing that will impact both organizations,” Devinney said at the CyberCon conference hosted by Fifth Domain Nov. 1.

The infrastructure split stems from the different missions of the two agencies, Devinney said. The NSA’s infrastructure is designed for intelligence gathering, as well as persistent and covert access capabilities, while Cyber Command’s needs are often more blunt.

“Often times we may not care about the persistent access. We may not care about being quiet," Devinney said. “In fact, in some cases we want to be overt about what we’re doing — we want to make sure that the adversary knows that we’re there.”

In August, Gen. Paul Nakasone, who heads both the National Security Agency and U.S. Cyber Command, recommended the two organizations remain formally unified for at least two years, according to reporting in the Washington Post. Calls to end this “dual-hat” arrangement have existed since the Obama administration, but were delayed when Nakasone took over, according to the Post.

Share:
More In IT and Networks
Six proven steps to Zero Trust
Agency leaders are working to adopt the mindset of trust nothing and verify everything to prioritize the transformation of legacy systems.
US must prepare for proliferation of cyber warfare
To build cyber resilience in this heightened threat environment, agencies must work closely with both international counterparts and industry to align on a proactive, global approach to all cyber threats –– not just state-sponsored attacks.