Five reasons not to split cyber command from the nsa any time soon – if ever – war on the rocks

In the waning days of President Donald Trump’s administration, a group of outgoing political appointees unexpectedly pushed through the acting secretary of defense to the chairman of the

Joint Chiefs of Staff a hotly disputed plan to split the U.S. Cyber Command from the National Security Agency (NSA). This idea is a contentious and recurring sparring point, emerging in

greater public display with the second Obama term. Some argue that the split is a question of when, not if. The debate is likely to continue through into the Biden administration given the

proposal’s inclusion in the 2017 National Defense Authorization Act and language creating a commission to study conditions for separation in drafts for the 2021 equivalent law. Nonetheless,

a divorce of this kind is the wrong long-term solution for both agencies and for the nation. Cutting up what’s known as the “dual hat” — an arrangement under which the same leader runs both

Cyber Command and the NSA — fragments American “defend forward” capabilities when the nation needs them to be integrated the most. These capabilities allow Cyber Command in particular to

operate outside of formal military networks to disrupt malicious attacks at their sources, and are deeply dependent on the closely combined skills of both organizations. The proposal risks

reigniting turf battles between the intelligence and operations arms of the secretary of defense and mistakes the intertwined relationship between defense and offense in cybered conflict.

Instead of simplistic organizational surgery, therefore, what’s needed is a longer-term plan incorporating Cyber Command and, especially, the capabilities of the National Security Agency

into a resilient and adaptive whole-of-society cyber defense system. REASONS TO AVOID RECREATING SILOS _Reason 1: Scale of Adversaries_ First, the scale of adversary cyber threats is

unprecedented, prompting cyber commands not only in the United States but elsewhere to expand budgets and personnel. The latest attack, the so-called SolarWinds campaign, is only one of a

legion of campaigns attacking the nation as well as its allies. The massive volume of systemic assaults against the United States and allies requires a matching scale of coordinated units

with integrated knowledge and capability for action. Cybered conflict today involves countering adversaries that are operating at a scale and with a reach that is already overwhelming to the

combined size of the dual-hatted unit, other federal civilian cyber entities, and the huge commercial cyber security community of the United States. Scale is needed to defeat scale when the

battlefield is the interconnected cyberspace substrate underlying all modern national socio-technical-economic systems. Separating the two organizations means withdrawing the huge

intelligence agency’s knowledge-generating and cyber security assets back to more traditional strategic national intelligence and defensive information-assurance missions, and away from the

more offense-oriented but smaller Cyber Command. There is already a national shortage of people with advanced computer skills. These folks are now shared relatively readily between the

joined organizations. A split would increase the competition for such talented employees just when collectively employing the limited set of “wizards” efficiently is essential. Splitting the

dual-hat arrangement further weakens an already too small and fragmented U.S. national effort in cyber defense. _Reason 2: Speed in Trade-Off Decisions_ Second, the split is likely to hand

the speed advantage to adversaries. Unity of command has long been taken for granted as key to a faster decision in a crisis, even given the size of the organization. Having a single leader

is even more important in cybered conflict, where offense and defense are inextricably linked, and the guidance of a shared boss helps ensure more speedy trade-off decisions. Weapons in

cyber operations need to be tailored to cybered targets in ways more traditional weapons do not. That tailoring requires careful, highly responsive timing and constantly refreshed

intelligence. Cyber defense requires a more in-depth understanding of corresponding offensive tools and operations than is required in conventional military forces. Executing cyber offense

requires a similar knowledge of cyber defense. Exquisitely detailed intelligence therefore becomes exceptionally important to knowing whether the cyber tools have any discernible offense and

defense effects, let alone those desired. Having the two organizations share the same person as commander in the dual hat is far from what later critics might explain as a convenient,

short-term nurturing arrangement for the infant Cyber Command. Rather, it is intended to achieve a longstanding military desire of having close and effective — and therefore accurate and

rapid — integration of intelligence and operations. With a dual-hat arrangement, the single individual at the head of Cyber Command and the NSA can more effectively and quickly tailor demand

signals to both planners and developers about the intelligence needs of operations against specific targets. Suboptimal speed in trade-off decision-making is certainly more likely if there

are two peer organizational leaders viewing themselves as having two different missions. _Reason 3: Synergy in Innovative Shared Operations_ Third, separating intelligence from operations as

it was before the dual-hat arrangement cedes a critical synergy advantage to adversaries. In all conflict, having knowledge in advance is key to success, resilience, and innovation around

future threats, and it is often found by accidental exchanges among colleagues or peers routinely working with each other. Unexpected information discoveries would be less readily shared if

the two organizations split. Cyber Command’s operational interests would no longer be prominent in the intelligence analysts’ chain of command or field of view. The traditional distinctions

between operations and intelligence concerns are likely to return, with less frequent shared daily practices marking the current operational teams. To be clear, it is much easier to decouple

two organizations than to integrate them — to destroy synergy than to create it. The evolution of a more integrated understanding of cyber operational needs has been a long, hard-fought

success so far, and it is not guaranteed to survive a separation. There are always voices in favor of decoupling, irrespective of the overarching benefits. For example, an NSA colleague

remarked in a private conversation several years ago that they thought the intelligence agency itself was becoming too “military” in its organization and short-term in its thinking under the

dual-hat arrangement. Similarly, in 2016 the executive director of U.S. Cyber Command was quoted as saying, “As the United States Cyber Command, we need totally separate tools and

infrastructure to conduct our operations.” If the organizations split, these opinions may gain more adherents and dominate collective efforts. The turf-reinforced bureaucratic divisions

would return and the commonality of understanding developed over the past 10 years would wither. So would the spontaneous support in ideas, sacrifice, additional time, and innovative action.

If the organizations are separated, the consequences are likely to be less agile, intuited, and innovative cyber operations in both organizations. _Reason 4: Immutable Interdependence_

Fourth, removing the dual hat would not improve the organizations’ ability to carry out their operations. The two organizations will still have to cooperate on cyber operations. Two separate

hierarchies would have to agree on defense and offense trade-offs in priority of operations and budgets. Furthermore, in cybered conflict, defense is not effective without cyber security,

and offense is not successful without intelligence. To the cybered fight, NSA brings cyber security as well as national intelligence. Cyber Command conducts defensive as well as offensive

cyber operations. The operational overlaps in mission needs between NSA and Cyber Command are profound, and would be equally disrupted by splitting the two. Disputes are likely to be less

easily resolved at lower levels due to the more thoroughly reinforced separated bureaucratic processes. Larger inter-organizational battles could begin in an accumulated multitude of smaller

struggles across organizational barriers. Members of each organization will quickly learn how to avoid time-consuming interagency collaboration by demanding that time- or resource-diverting

orders across organizational boundaries be, for example, “in writing and sent through the chain of command.” This split would lose 10 years of lessons in operational offense-defense

integration learned through the dual hat. _Reason 5: No Automatic Advantage_ Fifth, there is no guarantee of any new advantage to be gained to compensate for what is lost. Neither the

desired fragmentation of power by making two commanders from one nor Cyber Command’s potential decoupling from the NSA can ensure that the military unit alone will be more or less

aggressive. The organizational evolutionary thread could go either way. Even without the dual-hat structure, laws and military lawyers will exist. They will ensure that each operational

commander will be obliged to consider possibilities in surprises, unanticipated consequences, or harmful cascading events. Indeed, the interagency operations deconfliction process could be

less favorable to Cyber Command’s desired operations when the NSA director becomes yet another external agency chief competing for authorization, priority, or resources. Conversely, it is

possible that an uncoupled Cyber Command could push for operations to be more risk-acceptant. Cybered conflict is a nonstop, urgent struggle, and tactically aggressive cyber operations could

prove irresistible if there are fewer old hands from the intel side to urge a wider, longer-term view. For example, an insider essay written in 2019 urged splitting the two organizations so

that a separated Cyber Command freed of the intelligence agency’s secrecy-focused covert influence could more readily use an overt and deliberately attributable massive denial-of-service

attack on an adversary target. There is no guarantee that more or less offensive operations will happen – or more advantages accrue – if an independent but still forming organization such as

Cyber Command finds itself always negotiating with a sovereign NSA for its critical intelligence and cyber security support. THERE’S JUST TOO MUCH ELSE TO DO For the United States, the

worst choice is to split the NSA from the U.S. Cyber Command too soon, if at all. Both the NSA and Cyber Command are unique assets. The combination was, and continues to be, meant to solve

an age-old problem of integration of intelligence with operations as rapidly and organically as possible. Separation of the two may at some point be desirable, but only if the country has a

better plan for both agencies beyond “just go back to doing what you were doing” (NSA) and “you do you” (Cyber Command). In the meantime, such a choice stunts the forward learning,

experimentation, and defense innovations such as the hunt forward teams supporting allies against state sponsored hackers. It will also distract policymakers, scholars, analysts, and

practitioners from more critically needed research and thinking. The United States and its allies are headed into the most challenging era since World War II, facing the largest, most

strategically coherent, technologically aggressive, and economically intrusive adversary this community has ever faced. This split and its debate can wait. Better to find a whole-of-society

cyber resilience plan than to rip apart what appears to be working. Such a plan unites government and the information and telecommunications sectors in operations to make America’s whole

society effectively resilient to malicious cyber attacks, whether against critical infrastructure, companies, or communities. It is equally important for each of America’s allies. There is

no guarantee of survival for democratic states in the coming exceptionally digitized and increasingly authoritarian world unless this minority community of consolidated democracies finds

ways to closely cooperate in a cyber operational resilience alliance for collective defense. The current focus needs to be on this larger societal defense and well-being challenge, not on

separating a successful working arrangement in national cyber defense. Needed urgently is a long-term systemic and well-resourced plan that accommodates what each organization inside the

government and outside in the technology private sector could bring to the table, what the entire country needs in terms of cyber defense and underlying digital transformation, and how to

establish and maintain national resilience with allies as peers and the private sector inside a common democratic digital defense tent. As the global order is shifting, there is little

enough time to create and implement a collective working cyber operational defense plan among democratic allies and their interdependent private sectors. Any serious attention or time spent

in the United States on whether to split Cyber Command from the NSA right now or any time soon constitutes a distraction from much bigger and more urgent, systemic national challenges. _With

degrees in engineering, economics, and comparative complex organization systems/political science, Chris C. Demchak is the Grace M. Hopper Chair of Cyber Security and Senior Cyber Scholar,

Cyber and Innovation Policy Institute, U.S. Naval War College. In published articles, books, and current research on cyberspace as a global, insecure, complex, conflict-prone “substrate,”

Demchak takes a socio-technical-economic systemic approach to comparative institutional/architectural evolution with emerging technologies, adversaries’ cyber/artificial intelligence/machine

learning use in campaigns, virtual wargaming for strategic/operational organizational learning, and regional/national/enterprise-wide resilience against complex systems surprise. Her

manuscript in-progress is titled _Cyber Westphalia: Rise of Great Systems Conflict and Need for Democratic Collective Resilience_. Her next manuscript is titled _Cyber Commands: Organizing

for Cybered Great Systems Conflict_._ _All ideas expressed here are those of the author and do not reflect the views of the United States Department of Defense, the Navy, or the U.S. Naval

War College._ Image: U.S. Army Cyber Command