Trump administration officials at the Pentagon late last week delivered to the Joint Chiefs of Staff a proposal to split up the leadership of the National Security Agency and U.S. Cyber Command. It is the latest push to dramatically reshape defense policy advanced by a handful of key political officials who were installed in acting roles in the Pentagon after Donald Trump lost his re-election bid.
A U.S. official confirmed on Saturday that Joint Chiefs Chairman Gen. Mark Milley — who along with Acting Defense Secretary Chris Miller must certify that the move meets certain standards laid out by Congress in 2016 — received the proposal in the last few days.
With Miller expected to sign off on the move, the fate of the proposal ultimately falls to Milley, who told Congress in 2019 that the dual-hat leadership structure was working and should be maintained.
Military officials have watched warily as Miller, his chief of staff Kash Patel, and Acting Under Secretary of Defense for Intelligence Ezra Cohen-Watnick — all installed since Election Day — have sought significant policy changes with just over a month remaining in office. Recent outgoing administrations have declined to push through major changes during the transition period.
The post of NSA director and CYBERCOM commander are held by one person — currently, Gen. Paul Nakasone — in a “dual-hat” arrangement. For years, cybersecurity and national security policy leaders have debated how and when to split that job into two positions. The Trump administration’s proposal, if approved, “would mark a significant shift in policy, and without the proper analysis and certification would run contrary to law,” a House Democratic aide said Saturday, calling the potential change “severe.”
The Cyber Command proposal also comes as the United States is grappling with a massive cyberattack on at least a half-dozen federal agencies. Investigators are still working to understand what data may have been taken or compromised. Although Secretary of State Mike Pompeo has publicly linked the attack to Russia, Trump on Saturday attempted to downplay the attack and attribute it to China.
The move may be a signal that Trump might remove Nakasone as the leader of one or either agency amid frustration over the handling of the recent cyberattack, according to some officials speaking on the condition of anonymity because they were not authorized to speak publicly.
An administration official defended the recent spate of changes during the transition.
“Miller is looking to set the department and force up for success in the future,” that person said. “‘Do no harm’ is his motto. He’s here for a short time and isn’t afraid to tackle the issues that would leave a typical secretary open to more baggage over the longer term.”
Col. Dave Butler, a spokesman for Milley, said Saturday that the chairman has not officially reviewed or endorsed the proposed split. Until now, Milley has managed to maintain both his job and a public image of independence from the White House. But if he does buck the effort, it could put the chairman in a fragile position with Trump, who has dismissed multiple cabinet-level national security officials since his loss at the polls, including Defense Secretary Mark Esper.
While the abrupt timing of the proposal to split up the NSA-CYBERCOM leadership structure is unusual, the debate over the policy decision itself is hardly new. Supporters of the split argue that Cyber Command, created in 2009, is able to stand on its own without NSA and is sucking needed resources away from the intelligence agency. Critics of the move argue that Cyber Command isn’t yet ready to stand on its own, and that the relationship between the agency and the command is symbiotic.
“NSA and CYBERCOM are uniquely intertwined and share many of the same resources,” Rep. Adam Smith, D-Wash., the chairman of the House Armed Services Committee, wrote in a letter to Milley and Miller protesting the proposed move that was released Saturday. “Any action to sever the dual-hat relationship could have grave impacts on our national security, especially during a time that the country is wrestling with what may be the most damaging cyber-attack in our country’s history.”
The Democratic House aide said that the House Armed Services Committee “became aware” of the plans this week.
It has long been accepted that Cyber Command and the National Security Agency will eventually separate. They operate out of Fort Meade, in Maryland, under separate legal authorities and are responsible for distinct missions. The NSA is responsible for signals intelligence collection — seen by many as the crown jewels of U.S. intelligence gathering — while Cyber Command is responsible for conducting military operations. Initially, placing the nascent Cyber Command under the same command as the NSA made sense because of the technical similarities of the two missions.
But as Cyber Command matured and rumors of the split began to circulate during the Obama administration, lawmakers laid out a series of recently-updated conditions in the annual 2017 defense policy bill that senior Pentagon leaders would have to certify have been met in order to carry it out. At their simplest, they require both the Joint Chiefs chairman and the defense secretary to certify that neither organization will be harmed by the split. That includes determinations that Cyber Command has the tools it needed to do its job, and that NSA and Cyber Command have “robust command and control systems and processes…for planning, deconflicting, and executing military cyber operations.”
Supporters of the split argue that keeping the two organizations under the dual-hat arrangement creates inefficiencies.
“The missions of NSA and Cyber Command will continue to compete for priority and advocacy under the dual hat,” Andrew Schoka, an active duty Army cyber operations officer assigned to Cyber Command, wrote in War on the Rocks in 2019.
Should Milley and Miller make the necessary certifications to Congress, the practical implications of the move will be neither immediate nor irreversible.
“If anything, I’d imagine a direction of a breakup but with an implementation period of six to twelve months,” the administration official said. “Leaves space to reverse it but puts a marker down for CYBERCOM to get off the NSA teat.”
(c) 2020 Government Executive Media Group LLC
Distributed by Tribune Content Agency, LLC