New review will examine NSA and Cyber Command’s ‘dual hat’ structure

Date: 2022-09-22T21:33:51+00:00

Location: therecord.media

Former Joint Chiefs of Staff chairman Joseph F. Dunford Jr. has been tapped by the Biden administration to guide a review of the leadership arrangement governing U.S. Cyber Command and the National Security Agency, an examination that could trigger lasting ramifications for the country’s digital and intelligence operations.

The administration has assembled a small study group to scrutinize the benefits and drawbacks of the “dual-hat” leadership structure that has existed since Cyber Command was created in 2009, according to three sources familiar with the matter.

That the administration chose Dunford — who remains widely respected among national security circles for his thoughtful approach when he served as the country’s top military officer — signals the importance attached to the evaluation.

Both Cyber Command and NSA have always been helmed by the same military officer, a role currently filled by Army Gen. Paul Nakasone. That practice has been enshrined in law, but has rankled some within the clandestine community who do not believe it’s appropriate for NSA — the country’s largest intelligence agency, responsible for electronic espionage — to have a uniformed chief. 

The arrangement has also caused tensions on Capitol Hill where some lawmakers believe the responsibilities of each role have grown so vast that it requires two people, particularly since Cyber Command has expanded its missions to include election security and fighting ransomware.

Nakasone has served in the role since 2018 and was asked earlier this year by the administration to extend his tour for at least another year

A top Pentagon official testified earlier this year the leadership scheme would be revisited.

“I believe that the ‘dual-hat’ will be looked at again, just by this administration, just to ensure that we understand what the value added is, but also what the impacts are,” Ronald Moultrie, Under Secretary of Defense for Intelligence and Security, told a House Armed Services Committee subpanel.

“We understand that there is sentiment — on both sides — to really not do any harm” by making changes that could hamstring either organization, he added.

The study group — formed with input from both the Defense Department and the intelligence community — began work earlier this month. 

It includes three administration officials who don’t have a vested interest in the study’s outcome, according to one source, who like the others spoke on the condition of anonymity to discuss the sensitive deliberations.

In addition to Dunford, the team includes:

  • Michael Sulmeyer, who served as an adviser to Nakasone before he joined the White House National Security Council as senior director for cyber policy at the beginning of the Biden administration. He left that post last year and currently serves as the Army’s principal cyber adviser.
  • Susan Hennessey, the former executive editor of the Lawfare site and a former NSA attorney, who works in the Justice Department’s national security division. She has become a frequent target of Republican attacks over her outspoken criticism of the Trump administration while she was a CNN analyst.
  • Austin Long, the vice deputy director for strategic stability on the Joint Staff.

The group hopes to complete its work within the next two or three months, sources told The Record. Its conclusions most likely won’t be shared publicly, these people said.

A spokesperson for the Office of the Director of National Intelligence did not immediately respond to a request for comment.

Dual-hat debate

Proposals to dissolve the partnership have cropped up a handful of times since Cyber Command was established within NSA headquarters at Fort Meade, Md., where the two still share resources.

President Barack Obama almost severed the relationship in 2013 and again in the final weeks of his administration, claiming Cyber Command had “matured” enough to stand on its own. Both times he was talked out of it by senior officials.

In 2018, then-Defense Secretary Jim Mattis nearly recommended splitting up the roles, with Chris Inglis — a former NSA deputy chief, who today is the National Cyber Director — as his pick to be the spy agency’s first ever civilian head. Nakasone, months into the job, counseled against the move, saying Cyber Command wasn’t ready to decouple.

The matter lay dormant until the final days of the Trump administration, when a small group of political appointees delivered a plan to Pentagon leadership to end the joint relationship.

The previous year, the annual defense policy set a number of conditions that needed to be met before Cyber Command could break with NSA, including a requirement for both the Joint Chiefs chairman and the defense secretary to certify a separation would not pose “unacceptable” risks to the military unit’s effectiveness.

The eleventh-hour push ultimately wasn’t certified and Biden and his own national security team took office.

The study group was considered by the administration as the best way to address continued questions from Congress about the 13-year-old construct, said one person.

If it does conclude the organizations should split, any recommendation would almost certainly set a date for years into the future, according to another source. 

This person cited the urgency of current events as key reasons for a longer timeline, such as the 2024 presidential election — which Cyber Command and NSA already play a central part in defending against foreign adversaries.

There is also the threat of Russian cyberattacks spilling out of Moscow’s unprovoked invasion of Ukraine. Cyber Command this year has ramped up the frequency of its “hunt forward” missions to eastern Europe, deploying personnel to Ukraine, Lithuania and Croatia and no doubt sharing what it gleaned with NSA.

In addition, Air Force Lt. Gen. Timothy Haugh, Cyber Command’s recently-installed No. 2 who is considered to be Nakasone’s successor, favors keeping the roles together. It’s unclear how much weight his opinion would be given by the White House, though.

Senate Armed Services Committee Chair Jack Reed (D-R.I.) said he knew of the Dunford-led review and is “eager” to learn if it “can point out any fault lines that would require the separation of authority.”

“There’s a theory: if it ain’t broke, don’t fix it,” he told The Record, adding the group has not approached him to seek his views.

However, House Intelligence Committee Chair Adam Schiff (D-Calif.) said he was “encouraged” to learn the arrangement is getting a fresh look by the administration.

“I’ve always favored separating the two,” he said, arguing the positions are large enough for two people and that each organization would “benefit from somebody with a sole focus” on it.

Rep. Jim Langevin (D-R.I.), a longtime congressional leader on cybersecurity issues, declined to comment on the existence of the study but railed against the idea of reviewing the topic again.

“I think that by having one person at the top of both organizations it works to reduce the operational friction between the two organizations and makes things run more efficiently, more effectively — especially when you need to move with the level of agility that you need to move with in respect to cyber operations,” he told The Record.

Langevin, who is retiring at the end of the year, said his biggest issue with is “that I don’t see that there’s a problem that needs to be solved.”

“If you’re going to split the hat, what is the problem that it’s solving? I don’t see it,” he said.

Martin is a senior cybersecurity reporter for The Record. He spent the last five years at Politico, where he covered Congress, the Pentagon and the U.S. intelligence community and was a driving force behind the publication's cybersecurity newsletter.