NSA-Cyber Command Chief Recommends No Split Until 2020: Sources

SAN FRANCISCO — The commander of the nation’s top military cybersecurity organizations, the National Security Agency and U.S. Cyber Command, has recommended they split from each other next year, Defense One has confirmed. That’s another delay for an organizational change first planned for in 2016 and since slowed to allow officials time to sort out the authorities for the civilian agency and military command and ensure that both entities can perform well independently.

Gen. Paul Nakasone, who leads NSA and CYBERCOM, recommended to former Defense Secretary James Mattis last August that the split be put off until 2020, current and former intelligence officials told Defense One this week. Those officials believe the general’s recommendation will be accepted by Pentagon leaders, though Acting Defense Secretary Patrick Shanahan’s views are not known. A Pentagon spokesman said no official decision has been made. Previous reports have hinted at the timing without confirming a year. In December, Defense One filed a Freedom of Information Act request to the command for the information, which was denied on the basis that the information was “pre-decisional.”

Nakasone told the Senate Armed Services Committee last month that the decision how to split the organizations “remains with the secretary.”

Related: Supply-Chain Attacks Rose 78% Last Year, Cyber Researchers Found

Related: Rethink 2%: NATO ‘Defense Spending’ Should Favor Cyber

Related: Russian Attacks Hit US-European Think Tank Emails, Says Microsoft

Former Defense Secretary Ash Carter first floated the idea to split the agencies in 2016. They currently function under a “dual-hat arrangement”: the four-star head of CYBERCOM also leads the NSA. In the  2017 National Defense Authorization Act, lawmakers authorized DOD to split CYBERCOM from the NSA and elevate it to be the nation’s tenth unified combatant command, on par with Strategic Command, which controls nuclear weapons, and combatant commands for troops in various regions around the globe. The bill also authorized the creation of a new civilian director of NSA. But the split was only to occur if the defense secretary and chairman of the Joints Chiefs certified to Congress that the split would not hurt the command. Congress directed no timing for the split.

The sources also confirmed a report in October that Chris Inglis, former deputy director of the NSA, is the pick to lead the independent civilian agency after the breakup. Inglis is popular with intelligence officials and others in the private cybersecurity community who spoke to Defense One.

Why so long to split the two entities? The concern has always been how well CYBERCOM would perform with less access to NSA’s tools and capabilities. (U.S. Cyber Command was established in 2009, the NSA in 1952.)

The marriage has, at times, been difficult.

“NSA can’t achieve its full potential because it has to do so much for Cyber Command. That’s a widely held view,” said one former senior intelligence official. The timing also depended on whether the latter’s head could generate “resources Cyber Command doesn’t have.” For example, the former official said, CYBERCOM lacks the NSA’s recruiting infrastructure.

The former official said the agencies will be better able to carry out their increasingly divergent missions as separate organizations. The NSA’s principal charges are collecting foreign intelligence and protecting critical U.S. networks. Cyber Command focuses on collecting signals intelligence collection, defending networks, and achieving cyber effects, such as targeting and manipulating enemy computers, systems, and phones — all in support of U.S. military operations. (They also play a supporting role to DHS in the event a massive attack aimed at U.S. infrastructure.) “The NSA architecture and tools are not fit for Cyber Command,” said the former official. Both agreed that the recommendation was likely to pass.

Under Nakasone, CYBERCOM disrupted Russian disinformation operations during the U.S. 2018 midterm elections. He also played a big role in the offensive cyber operations against ISIS. Previously, he helped Gen. Keith Alexander stand up U.S. Cyber Command and helped Army and Navy Cyber Mission Force teams hit operational capability ahead of schedule.

UPDATE: In testimony to Congress on Wednesday, Gen. Paul Nakasone disputed this article’s characterization of his August 2018 recommendation.

“I’m familiar with the article,” Nakasone told members of the House Armed Services Subcommittee on Intelligence and Emerging Threats and Capabilities. “I will tell you that the article is not accurate. And that the topics and the actual facts behind that are classified and so if I could save that perhaps for closed testimony.”

Rep. Don Bacon, R-Nebraska, then asked whether Nakasone supported splitting NSA and Cyber Command. The general asked to answer in closed session.