In the long run it may make sense to keep nation’s cyber offense mission separate from NSA, Michael Rogers says.
Admiral Michael Rogers, the director of the National Security Agency (NSA) this week said he is not opposed to the idea of separating US Cyber Command from the spy agency.
Speaking at a forum organized by the John F. Kennedy Jr. Forum at Harvard University’s Institute of Politics, Rogers said any decision to separate the two organizations would have to be made by the President of the United States. But he would support the idea so long as it did not introduce any new risks.
“Look, in the long run I think it is the right thing to do,” Rogers said. “The only question in my mind is the timing. We have to do it in a way that minimizes risk to Cyber Command and NSA,” said Rogers who as director of the NSA is also the head of Cyber Command.
US Cyber Command was established seven years ago to provide a range of mainly offensive cyber capabilities for the US Department of Defense.
The organization is structured along the lines of a typical military organization. One of Cyber Command’s missions is to provide capabilities for defending weapons systems, platforms and data against cyber attacks. On the offensive side, it is tasked with providing US operational command and policy makers with what Rogers described as a range of “options” for taking cyber action against foreign adversaries.
One of its other roles is to provide capabilities for protecting US critical infrastructure targets and commercial entities against cyber attacks, if directed to do so by the president. For example, soon after the massive intrusion at Sony Corp. two years ago, the NSA was called in to assist the FBI, the DHS and other domestic law enforcement agencies in investigating the attack.
Rogers’ comments come amid reports of the Pentagon and the intelligence community recommending that the President break up the joint leadership structure that exists today for the NSA and Cyber Command.
Apparently, there is a growing feeling that the missions of the two organizations are different enough to merit a different organizational structure. The argument is that Cyber Command with its offensive mission would do far better as an independent organization than as part of the NSA, whose mission is primarily a defensive one.
Concerns over the dual-hatted role of the NSA director are not new and neither is talk about the need to separate Cyber Command from NSA. Many have previously noted that the NSA director’s obligations to the agency’s signals intelligence mission under Title 50 of the US Code are in direct conflict with his cyberspace obligations under Title 10 authority.
In addressing the issue at the Harvard forum this week, Rogers said Cyber Command was established within NSA seven years ago because it made the most sense to do so at that time.
The US had decided then that cyber was an operational domain in which new capabilities needed to be developed, Rogers said. “We stepped back and asked ourselves ‘how do we build on previous investment and previous expertise’,” in the cyber domain within the defense department.
The NSA, with its cyber capabilities was the obvious choice, he said. “While NSA is an intelligence organization, it is a combat support agency within the DoD” with extensive cyber capabilities, Rogers said. The feeling at the time was that setting up Cyber Command within the agency would give the US a way to leverage that capability, he said.
“It is now seven years later and we are currently, as we often do, stepping back and asking ourselves does that structure still make sense?” Rogers said. “Has seven years of practical experience led us to believe that perhaps some of the assumptions we made are proving to be different than we thought.”
Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year … View Full Bio