One of the most hotly contested debates surrounding the maturation of U.S. Cyber Command is its eventual split from the National Security Agency. Top officials have long maintained the so-called dual-hat relationship, where one leader oversees both organization, was temporary.
But Cyber Command’s new leader, Gen. Paul Nakasone, has said he will re-examine the issue in an assessment to the Secretary of Defense and chairman of the Joint Chiefs of Staff within his first 90 days in charge.
That 90 day mark falls on Aug. 2. A Cyber Command spokesman confirmed Nakasone is working on the report.
Nakasone, who now also leads NSA, said during his confirmation hearings he did not have a strong feeling about the split.
Lt. Gen. Paul Nakasone, the nominee to head both the National Security Agency and U.S. Cyber Command, told the Senate Intelligence Committee that the decision to split the two should be done with the best interests of the nation in mind.
“Any decision with respect to terminating the dual-hat leadership arrangement ... must be conditions based — that is to say that processes and decisions which enable effective mutual collaboration and deconfliction are well-established and operating,” he wrote in response to questions prior to the March 15 Senate Intelligence Committee confirmation hearing.
Despite Nakasone’s report, a final decision on a split is made by the Secretary of Defense or president. Many senior officials at the end of the Obama administration reportedly advocated for the split. However, President Barack Obama demurred.
Congress, concerned about a premature split, took steps to prevent the split until the Secretary of Defense certified a variety of requirements. The Secretary of Defense still must certify these eight items have been met.
The Defense Department does not have a hard timeline for splitting Cyber Command from the National Security Agency, but work on the division is ongoing.
Among their conditions were that a split can’t occur until Cyber Command’s cyber mission force reached what is known as full operational capability. That designation occurred in May, leading some expert observers to question whether a split might soon be imminent.
Now that Cyber Command has completed the build of its cyber teams, the focus will now shift to readiness.
Another requirement was a determination that the two organizations could carry out their respective roles and responsibilities independently.
Sources have said that NSA regularly shares personnel and infrastructure with Cyber Command. There’s even a phrase in which NSA operators “flip their hats,” from Title 50 intelligence operations to Title 10 military operations. Such actions have made some former employees uncomfortable.
The non-partisan Government Accountability Office has noted that in May 2017, Nakasone’s predecessor testified that a division would impair mission effectiveness.
Senior Pentagon leaders, including Nakasone, have said that even after a split, the two organizations will remain inextricably linked as Cyber Command will rely on the intelligence the NSA gleans from penetrating foreign networks.
“Whatever decision is made, the partnership between the National Security Agency and U.S. Cyber Command is going to be one that is critically important to our nation,” Nakasone said at the Aspen Security Forum in late July. “Whether or not that’s one person or two people, that partnership, I would offer, is the most important thing we should think about.”
Sources have told Fifth Domain that the two organizations have been planning for a spilt and the lines of authority are becoming clearer. Notably, the two agencies are working on deconflicting activity within foreign networks. This includes assigning roles for when NSA, through its support to military operations, will act and for when Cyber Command will act as a warfighting organization.
Nakasone also will likely need to address infrastructure concerns.
As the command continues to grow and mature leaders have said it will need its own equipment, not the systems shared with the NSA, to conduct operations. As recently as 2015, top Pentagon officials acknowledged Cyber Command did not possess a robust joint computer network infrastructure capability, a robust command and control platform or systems to plan and execute fast-moving, large-scale cyber operations.
A proposal for the next generation cyber operations platform went out to industry recently, however, details are scarce.
“Operating under the constraint of the intelligence authorities that govern NSA infrastructure and tools would severely limit USCYBERCOM’s ability to effectively support wartime cyber operations,” he said.