New review will look at NSA and Cyber Command’s two-hat structure
Former Chairman of the Joint Chiefs of Staff Joseph F. Dunford Jr. has been asked by the Biden administration to guide a review of the leadership arrangement governing US Cyber Command and the National Security Agency , a review that could trigger lasting ramifications for the nation’s digital and intelligence. operations.
The administration has assembled a small study group to examine the pros and cons of the “double hat” leadership structure that has existed since Cyber Command was established in 2009, according to three sources familiar with the matter.
The fact that the administration chose Dunford — who remains widely respected among national security circles for his thoughtful approach when he was the nation’s top military officer — indicates the importance attached to the assessment.
Cyber Command and the NSA have always been headed by the same military officer, a role currently filled by Army General Paul Nakasone. The practice has been enshrined in law, but has angered some members of the underground community who don’t believe it’s appropriate for the NSA – the nation’s largest intelligence agency, responsible for electronic espionage – to have a chief. in uniform.
The arrangement has also caused tension on Capitol Hill, where some lawmakers believe the responsibilities of each role have become so broad that they require two people, especially since Cyber Command expanded its missions to include the electoral security and the fight against ransomware.
Nakasone has held the position since 2018 and the administration asked him earlier this year to extend his tour for at least another year.
A senior Pentagon official testified earlier this year that the leadership program would be reviewed.
“I believe the ‘double hat’ will be revisited, just by this administration, just to make sure we understand what the added value is, but also what the impacts are,” Ronald Moultrie, Under Secretary of Defense for the intelligence and security, a subcommittee of the House Armed Services Committee said.
“We understand there is a feeling – on both sides – of really doing no harm” in making changes that could cripple either organization, he added.
The study group – formed with input from the Department of Defense and the intelligence community – began work earlier this month.
It includes three administration officials who have no vested interest in the results of the study, according to a source, who like the others spoke on condition of anonymity to discuss the sensitive deliberations.
In addition to Dunford, the team includes:
- Michael Sulmeyer, who served as an adviser to Nakasone before joining the White House National Security Council as senior director of cyberpolicy early in the Biden administration. He left that position last year and is currently the army’s top cyber advisor.
- Susan Hennessey, former editor of the Lawfare website and former NSA attorney, who works in the National Security Division of the Department of Justice. She became a frequent target of Republican attacks for her outspoken criticism of the Trump administration while serving as a CNN analyst.
- Austin Long, deputy deputy director of strategic stability for the Joint Chiefs of Staff.
The group hopes to complete its work within the next two or three months, sources told The Record. Its findings are unlikely to be shared publicly, these people said.
A spokesperson for the Office of the Director of National Intelligence did not immediately respond to a request for comment.
Double hat debate
Proposals to dissolve the partnership have arisen several times since Cyber Command was established at NSA headquarters in Fort Meade, Maryland, where the two still share resources.
President Barack Obama nearly severed the relationship in 2013 and again in the final weeks of his administration, saying Cyber Command had “matured” enough to stand on its own. Both times he was dissuaded by senior officials.
In 2018, then-Secretary of Defense Jim Mattis almost recommended splitting the roles, with Chris Inglis – a former deputy chief of the NSA, who is now the national director of cybersecurity – as his choice to be the first civilian head of the spy agency. Nakasone, after months of work, advised against the move, saying Cyber Command was not ready to decouple.
The matter lay dormant until the final days of the Trump administration, when a small group of political appointees presented a plan to Pentagon leadership to end the shared relationship.
The previous year, the Annual Defense Policy set out a number of conditions that had to be met before Cyber Command could break with the NSA, including the requirement for the Chairman of the Joint Chiefs of Staff and the Secretary of Defense to certify that a separation would not pose “unacceptable” risks. to the effectiveness of the military unit.
The eleventh-hour push ultimately went uncertified, and Biden and his own national security team took office.
The study group was seen by the administration as the best way to answer ongoing congressional questions about the 13-year-old construction, one person said.
If he concludes that the organizations should go their separate ways, any recommendation would almost certainly set a date for years in the future, according to another source.
This person cited the urgency of current events as the main reasons for a longer timeline, such as the 2024 presidential election – that Cyber Command and the NSA already play central roles in defending against foreign opponents.
There is also the threat of Russian cyberattacks stemming from Moscow’s unprovoked invasion of Ukraine. This year, Cyber Command has increased the frequency of its “forward hunting” missions in Eastern Europe, deploying personnel to Ukraine, Lithuania and Croatia and no doubt sharing what it gleaned from the NSA.
Additionally, Air Force Lt. Gen. Timothy Haugh, Cyber Command’s recently installed No. 2, seen as Nakasone’s successor, favors keeping the roles together. However, it is unclear what weight his opinion would be given by the White House.
Senate Armed Services Committee Chairman Jack Reed (DR.I.) said he was aware of the Dunford-led review and was “looking forward” to hearing if he “could report the fault lines that would necessitate the separation of powers”.
“There’s a theory: if it ain’t broke, don’t fix it,” he told The Record, adding that the band hadn’t approached him for his opinion.
However, House Intelligence Committee Chairman Adam Schiff (D-California) said he was “encouraged” to learn that the arrangement is receiving a fresh look from the administration. .
“I’ve always preferred to separate the two,” he said, arguing that the positions are big enough for two people and that each organization would “benefit from someone who would just focus on them.”
Rep. Jim Langevin (DR.I.), a longtime congressional leader on cybersecurity issues, declined to comment on the study’s existence, but opposed revisiting the topic.
“I think having one person at the top of both organizations reduces operational friction between the two organizations and makes things more efficient, more efficient – especially when you need to move with the level of agility you have. need to move with when it comes to cyber operations,” he told The Record.
Langevin, who is retiring at the end of the year, said his biggest problem was “that I don’t see there is a problem that needs to be solved”.
“If you’re going to share the hat, what problem does that solve?” I don’t see it,” he said.