Feeds

Playtime's over: Next NSA boss may be torn away from US cyber-war effort

Too much power for one person in wake of Snowden snooping leaks

Beginner's guide to SSL certificates

The job of running both the NSA and the US Cyber Command – which tasked with defending Uncle Sam's military computer networks – may be split after their boss General Keith Alexander retires.

Alexander became a four-star general after he took the combined roles of leading both the NSA and US Cyber Command following the creation of the latter in 2009. Senior military officials are reportedly considering splitting up the two roles when the general steps down next spring, although this remains undecided.

The possible split is an indirect consequence of the Snowden revelations or, more specifically, the growing perception that the position has too much power and not enough oversight as a result of the whistleblower's leaks.

The next NSA director – a position traditional assigned to a senior military officer – may even be a civilian. The Pentagon has already drawn up a list of possible candidates, a former high-ranking administration official has claimed. A separate armed-forces officer would head up US Cyber Command, which is a team of military-trained hackers tasked with protecting US government computer systems and preparing offensive cyber-attacks.

Alternatively, the Obama administration may eventually decide to assign two military officers to head the two agencies.

"The fact that the administration is considering whether to split the commands isn’t a direct response to the revelations about the NSA’s surveillance operations, but it does reflect growing concern over the power of the NSA director and a shortage of oversight of the position," political blog The Hill reports, adding that congressional committees are also reviewing whether one official should lead both the NSA and Cyber Command.

'US Cyber Command depends on NSA'

General Alexander is reportedly lobbying policy makers against splitting up his post. “If you try to break them up [NSA and US Cyber Command], what you have is two teams not working together. Our nation can't afford, especially in this budget environment, to have one team try to rebuild what the other team does,” Alexander said during a discussion on cyber-security hosted by Politico last month.

Splitting the two organizations would result in fights over resources and command decisions, according to Gen Alexander. Jim Lewis, a senior fellow at the Center for Strategic and International Studies, expressed concern that Cyber Command is too immature to operate on its own.

“It's still small; it's still growing. There's a real shortage of bodies in the US government,” Lewis told The Hill. “Cyber Command depends on NSA.”

However, Jason Healey, director of the cyber statecraft initiative at the Atlantic Council, welcomed the move. In a guest editorial, Healey argued that uniting the two outfits concentrates too much power in the hands of one general, and tends to lead to bad policy decisions. Healey reckons today's structure is responsible for pushing the NSA towards aggressive and global dragnet-style surveillance as well as vigorously assaulting computer networks.

"The official and public US policies on cyberspace emphasize peace and security, but the cyber 'deep state' led by NSA and Cyber Command have essentially overridden that policy by changing the facts on the ground, in the network, through aggressive collection and covert actions," Healey wrote.

"NSA must be split from US Cyber Command to create separate leadership with physically distinct headquarters. This will of course create tensions and increased costs, but cyberspace is too important to grant one person have a near-monopoly on threat intelligence while simultaneously conducting active espionage, directing military force, and advising on policy."

Other security experts also welcomed possible moves to split the NSA and US Cyber Command, but they wanted to go even further. "I think it's great they're separating NSA and Cyber Command. Even better: don't make the same agency perform offensive and defensive roles," Matthew Green, a cryptographer and research professor at Johns Hopkins University, said in a Twitter update. ®

Bootnote

Green's point references an idea we first heard back in April, from Bob Ayers, a former US intelligence officer in the US Army and the Defense Intelligence Agency with 30 years of experience. Ayers, commercial director at UK-based security firm Glasswall Solutions, explained that in an intelligence organization with both offensive and defensive roles that attack will always take precedence over defense.

Protecting against web application threats using SSL

More from The Register

next story
Hey, Scots. Microsoft's Bing thinks you'll vote NO to independence
World's top Google-finding website calls it for the UK
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
Apple CEO Tim Cook: TV is TERRIBLE and stuck in the 1970s
The iKing thinks telly is far too fiddly and ugly – basically, iTunes
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Huawei ditches new Windows Phone mobe plans, blames poor sales
Giganto mobe firm slams door shut on Microsoft. OH DEAR
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Found inside ISIS terror chap's laptop: CELINE DION tunes
REPORT: Stash of terrorist material found in Syria Dell box
OECD lashes out at tax avoiding globocorps' location-flipping antics
You hear that, Amazon, Google, Microsoft et al?
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.