Feeds

Playtime's over: Next NSA boss may be torn away from US cyber-war effort

Too much power for one person in wake of Snowden snooping leaks

Internet Security Threat Report 2014

The job of running both the NSA and the US Cyber Command – which tasked with defending Uncle Sam's military computer networks – may be split after their boss General Keith Alexander retires.

Alexander became a four-star general after he took the combined roles of leading both the NSA and US Cyber Command following the creation of the latter in 2009. Senior military officials are reportedly considering splitting up the two roles when the general steps down next spring, although this remains undecided.

The possible split is an indirect consequence of the Snowden revelations or, more specifically, the growing perception that the position has too much power and not enough oversight as a result of the whistleblower's leaks.

The next NSA director – a position traditional assigned to a senior military officer – may even be a civilian. The Pentagon has already drawn up a list of possible candidates, a former high-ranking administration official has claimed. A separate armed-forces officer would head up US Cyber Command, which is a team of military-trained hackers tasked with protecting US government computer systems and preparing offensive cyber-attacks.

Alternatively, the Obama administration may eventually decide to assign two military officers to head the two agencies.

"The fact that the administration is considering whether to split the commands isn’t a direct response to the revelations about the NSA’s surveillance operations, but it does reflect growing concern over the power of the NSA director and a shortage of oversight of the position," political blog The Hill reports, adding that congressional committees are also reviewing whether one official should lead both the NSA and Cyber Command.

'US Cyber Command depends on NSA'

General Alexander is reportedly lobbying policy makers against splitting up his post. “If you try to break them up [NSA and US Cyber Command], what you have is two teams not working together. Our nation can't afford, especially in this budget environment, to have one team try to rebuild what the other team does,” Alexander said during a discussion on cyber-security hosted by Politico last month.

Splitting the two organizations would result in fights over resources and command decisions, according to Gen Alexander. Jim Lewis, a senior fellow at the Center for Strategic and International Studies, expressed concern that Cyber Command is too immature to operate on its own.

“It's still small; it's still growing. There's a real shortage of bodies in the US government,” Lewis told The Hill. “Cyber Command depends on NSA.”

However, Jason Healey, director of the cyber statecraft initiative at the Atlantic Council, welcomed the move. In a guest editorial, Healey argued that uniting the two outfits concentrates too much power in the hands of one general, and tends to lead to bad policy decisions. Healey reckons today's structure is responsible for pushing the NSA towards aggressive and global dragnet-style surveillance as well as vigorously assaulting computer networks.

"The official and public US policies on cyberspace emphasize peace and security, but the cyber 'deep state' led by NSA and Cyber Command have essentially overridden that policy by changing the facts on the ground, in the network, through aggressive collection and covert actions," Healey wrote.

"NSA must be split from US Cyber Command to create separate leadership with physically distinct headquarters. This will of course create tensions and increased costs, but cyberspace is too important to grant one person have a near-monopoly on threat intelligence while simultaneously conducting active espionage, directing military force, and advising on policy."

Other security experts also welcomed possible moves to split the NSA and US Cyber Command, but they wanted to go even further. "I think it's great they're separating NSA and Cyber Command. Even better: don't make the same agency perform offensive and defensive roles," Matthew Green, a cryptographer and research professor at Johns Hopkins University, said in a Twitter update. ®

Bootnote

Green's point references an idea we first heard back in April, from Bob Ayers, a former US intelligence officer in the US Army and the Defense Intelligence Agency with 30 years of experience. Ayers, commercial director at UK-based security firm Glasswall Solutions, explained that in an intelligence organization with both offensive and defensive roles that attack will always take precedence over defense.

Security for virtualized datacentres

More from The Register

next story
Facebook pays INFINITELY MORE UK corp tax than in 2012
Thanks for the £3k, Zuck. Doh! you're IN CREDIT. Guess not
Google Glassholes are UNDATEABLE – HP exec
You need an emotional connection, says touchy-feely MD... We can do that
Lawyers mobilise angry mob against Apple over alleged 2011 Macbook Pro crapness
We suffered 'random bouts of graphical distortion' - fanbois
Just don't blame Bono! Apple iTunes music sales PLUMMET
Cupertino revenue hit by cheapo downloads, says report
US court SHUTS DOWN 'scammers posing as Microsoft, Facebook support staff'
Netizens allegedly duped into paying for bogus tech advice
Feds seek potential 'second Snowden' gov doc leaker – report
Hang on, Ed wasn't here when we compiled THIS document
Verizon bankrolls tech news site, bans tech's biggest stories
No agenda here. Just don't ever mention Net neutrality or spying, ok?
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Simplify SSL certificate management across the enterprise
Simple steps to take control of SSL across the enterprise, and recommendations for a management platform for full visibility and single-point of control for these Certificates.