Cyber Command, the NSA, and Operating in Cyberspace: Time to End the Dual Hat

[InfoSec News <alerts () infosecnews org>]

https://warontherocks.com/2019/04/cyber-command-the-nsa-and-operating-in-cyberspace-time-to-end-the-dual-hat/

By Andrew Schoka
War on the Rocks
April 3, 2019

To publish this article, I had to submit it for review to three separate 
organizations: the U.S. Army Intelligence and Security Command, United 
States Cyber Command (my employer), and the National Security Agency 
(NSA). In total, it took just under two months to secure approval from all 
three organizations for public release, significantly longer than it took 
to actually write the article itself. And this is still substantially 
faster than Cyber Command’s process to review and approve actual 
cyberspace operations, a system subjected to similar redundancy and 
repetition.

The organizational inefficiency inherent to both processes is a 
consequence of the "dual hat: relationship between NSA and Cyber Command, 
which entrusts the command of both organizations to a single individual. 
The original motivation for the arrangement -- which was always intended 
to be temporary -- was to allow a nascent Cyber Command to benefit from 
NSA's expertise, capabilities, and experience, which helped all of Cyber 
Command’s teams to achieve full operational capability last year. In 
practice, the relationship allows a single individual to weigh the 
oft-competing interests of NSA and Cyber Command, whose responsibilities 
in the cyber domain frequently overlap. The dual hat command relationship 
has been continually reviewed by presidential administrations since its 
inception, and experts have made competing arguments for both the 
dissolution and continuation of the arrangement.

While most of the arguments for ending the dual hat relationship have 
focused on the successful buildup of Cyber Command or the risk to NSA's 
operations and capabilities, comparatively little attention has been given 
to how the organizational overlap with NSA affects Cyber Command’s pursuit 
of its missions. The interdependence between the two organizations has 
allowed Cyber Command to grow accustomed to virtually uninterrupted 
operational and logistical support from NSA offices. This deeply ingrained 
organizational reliance on NSA tradecraft and processes has fundamentally 
shaped the way the command approaches cyberspace operations. Specifically, 
by borrowing from NSA’s procedures and culture, Cyber Command has steadily 
become more risk-averse than befits an organization dedicated to offensive 
operations and imposing costs on adversaries. For Cyber Command to more 
effectively accomplish its mission, it should be separated from NSA sooner 
than planned. This will allow the command to better pursue the nation’s 
military objectives in cyberspace, including deterring potential 
adversaries from threatening critical national infrastructure.

Dual-hatting initially made sense because there is a fundamental 
similarity between the technical aspects of military cyberspace operations 
(Cyber Command’s domain) and intelligence-related computer network 
operations (what NSA does). Gen. Michael Hayden noted that offensive 
cyberspace operations and signals intelligence are technically 
indistinguishable from each other, citing this as reason for unifying the 
command of the two organizations responsible for each. A pressing need to 
develop a robust military cyberspace operations capability motivated the 
decision to attach Cyber Command to the fully developed and functional 
NSA.

[...]

--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_