Feeds

Playtime's over: Next NSA boss may be torn away from US cyber-war effort

Too much power for one person in wake of Snowden snooping leaks

The Essential Guide to IT Transformation

The job of running both the NSA and the US Cyber Command – which tasked with defending Uncle Sam's military computer networks – may be split after their boss General Keith Alexander retires.

Alexander became a four-star general after he took the combined roles of leading both the NSA and US Cyber Command following the creation of the latter in 2009. Senior military officials are reportedly considering splitting up the two roles when the general steps down next spring, although this remains undecided.

The possible split is an indirect consequence of the Snowden revelations or, more specifically, the growing perception that the position has too much power and not enough oversight as a result of the whistleblower's leaks.

The next NSA director – a position traditional assigned to a senior military officer – may even be a civilian. The Pentagon has already drawn up a list of possible candidates, a former high-ranking administration official has claimed. A separate armed-forces officer would head up US Cyber Command, which is a team of military-trained hackers tasked with protecting US government computer systems and preparing offensive cyber-attacks.

Alternatively, the Obama administration may eventually decide to assign two military officers to head the two agencies.

"The fact that the administration is considering whether to split the commands isn’t a direct response to the revelations about the NSA’s surveillance operations, but it does reflect growing concern over the power of the NSA director and a shortage of oversight of the position," political blog The Hill reports, adding that congressional committees are also reviewing whether one official should lead both the NSA and Cyber Command.

'US Cyber Command depends on NSA'

General Alexander is reportedly lobbying policy makers against splitting up his post. “If you try to break them up [NSA and US Cyber Command], what you have is two teams not working together. Our nation can't afford, especially in this budget environment, to have one team try to rebuild what the other team does,” Alexander said during a discussion on cyber-security hosted by Politico last month.

Splitting the two organizations would result in fights over resources and command decisions, according to Gen Alexander. Jim Lewis, a senior fellow at the Center for Strategic and International Studies, expressed concern that Cyber Command is too immature to operate on its own.

“It's still small; it's still growing. There's a real shortage of bodies in the US government,” Lewis told The Hill. “Cyber Command depends on NSA.”

However, Jason Healey, director of the cyber statecraft initiative at the Atlantic Council, welcomed the move. In a guest editorial, Healey argued that uniting the two outfits concentrates too much power in the hands of one general, and tends to lead to bad policy decisions. Healey reckons today's structure is responsible for pushing the NSA towards aggressive and global dragnet-style surveillance as well as vigorously assaulting computer networks.

"The official and public US policies on cyberspace emphasize peace and security, but the cyber 'deep state' led by NSA and Cyber Command have essentially overridden that policy by changing the facts on the ground, in the network, through aggressive collection and covert actions," Healey wrote.

"NSA must be split from US Cyber Command to create separate leadership with physically distinct headquarters. This will of course create tensions and increased costs, but cyberspace is too important to grant one person have a near-monopoly on threat intelligence while simultaneously conducting active espionage, directing military force, and advising on policy."

Other security experts also welcomed possible moves to split the NSA and US Cyber Command, but they wanted to go even further. "I think it's great they're separating NSA and Cyber Command. Even better: don't make the same agency perform offensive and defensive roles," Matthew Green, a cryptographer and research professor at Johns Hopkins University, said in a Twitter update. ®

Bootnote

Green's point references an idea we first heard back in April, from Bob Ayers, a former US intelligence officer in the US Army and the Defense Intelligence Agency with 30 years of experience. Ayers, commercial director at UK-based security firm Glasswall Solutions, explained that in an intelligence organization with both offensive and defensive roles that attack will always take precedence over defense.

The Essential Guide to IT Transformation

More from The Register

next story
Just TWO climate committee MPs contradict IPCC: The two with SCIENCE degrees
'Greenhouse effect is real, but as for the rest of it ...'
'Blow it up': Plods pop round for chat with Commonwealth Games tweeter
You'd better not be talking about the council's housing plans
Arrr: Freetard-bothering Digital Economy Act tied up, thrown in the hold
Ministry of Fun confirms: Yes, we're busy doing nothing
Help yourself to anyone's photos FOR FREE, suggests UK.gov
Copyright law reforms will keep m'learned friends busy
Apple smacked with privacy sueball over Location Services
Class action launched on behalf of 100 million iPhone owners
Adam Afriyie MP: Smart meters are NOT so smart
Mega-costly gas 'n' 'leccy totting-up tech not worth it - Tory MP
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.