Playtime's over: Next NSA boss may be torn away from US cyber-war effort
Too much power for one person in wake of Snowden snooping leaks
The job of running both the NSA and the US Cyber Command – which tasked with defending Uncle Sam's military computer networks – may be split after their boss General Keith Alexander retires.
Alexander became a four-star general after he took the combined roles of leading both the NSA and US Cyber Command following the creation of the latter in 2009. Senior military officials are reportedly considering splitting up the two roles when the general steps down next spring, although this remains undecided.
The possible split is an indirect consequence of the Snowden revelations or, more specifically, the growing perception that the position has too much power and not enough oversight as a result of the whistleblower's leaks.
The next NSA director – a position traditional assigned to a senior military officer – may even be a civilian. The Pentagon has already drawn up a list of possible candidates, a former high-ranking administration official has claimed. A separate armed-forces officer would head up US Cyber Command, which is a team of military-trained hackers tasked with protecting US government computer systems and preparing offensive cyber-attacks.
Alternatively, the Obama administration may eventually decide to assign two military officers to head the two agencies.
"The fact that the administration is considering whether to split the commands isn’t a direct response to the revelations about the NSA’s surveillance operations, but it does reflect growing concern over the power of the NSA director and a shortage of oversight of the position," political blog The Hill reports, adding that congressional committees are also reviewing whether one official should lead both the NSA and Cyber Command.
'US Cyber Command depends on NSA'
General Alexander is reportedly lobbying policy makers against splitting up his post. “If you try to break them up [NSA and US Cyber Command], what you have is two teams not working together. Our nation can't afford, especially in this budget environment, to have one team try to rebuild what the other team does,” Alexander said during a discussion on cyber-security hosted by Politico last month.
Splitting the two organizations would result in fights over resources and command decisions, according to Gen Alexander. Jim Lewis, a senior fellow at the Center for Strategic and International Studies, expressed concern that Cyber Command is too immature to operate on its own.
“It's still small; it's still growing. There's a real shortage of bodies in the US government,” Lewis told The Hill. “Cyber Command depends on NSA.”
However, Jason Healey, director of the cyber statecraft initiative at the Atlantic Council, welcomed the move. In a guest editorial, Healey argued that uniting the two outfits concentrates too much power in the hands of one general, and tends to lead to bad policy decisions. Healey reckons today's structure is responsible for pushing the NSA towards aggressive and global dragnet-style surveillance as well as vigorously assaulting computer networks.
"The official and public US policies on cyberspace emphasize peace and security, but the cyber 'deep state' led by NSA and Cyber Command have essentially overridden that policy by changing the facts on the ground, in the network, through aggressive collection and covert actions," Healey wrote.
"NSA must be split from US Cyber Command to create separate leadership with physically distinct headquarters. This will of course create tensions and increased costs, but cyberspace is too important to grant one person have a near-monopoly on threat intelligence while simultaneously conducting active espionage, directing military force, and advising on policy."
Other security experts also welcomed possible moves to split the NSA and US Cyber Command, but they wanted to go even further. "I think it's great they're separating NSA and Cyber Command. Even better: don't make the same agency perform offensive and defensive roles," Matthew Green, a cryptographer and research professor at Johns Hopkins University, said in a Twitter update. ®
Green's point references an idea we first heard back in April, from Bob Ayers, a former US intelligence officer in the US Army and the Defense Intelligence Agency with 30 years of experience. Ayers, commercial director at UK-based security firm Glasswall Solutions, explained that in an intelligence organization with both offensive and defensive roles that attack will always take precedence over defense.
Sponsored: The Nuts and Bolts of Ransomware in 2016