Plans To Divide US Cyber Command And The NSA

A Pentagon proposal to put the US’s top cyber spy agency under civilian leadership has generated complaints from lawmakers who say the idea is badly timed and against the law.

Outgoing Pentagon officials appointed by President Trump have sent a proposal to the Joint Chiefs of Staff to divide the leadership of the National Security Agency and US Cyber Command.  This would reshape defense policy by a handful of key political officials who are in acting roles in the Pentagon after Donald Trump lost his re-election bid.

A US official has confirmed that Joint Chiefs Chairman Gen. Mark Milley and Acting Defense Secretary Chris Miller have received the proposal.  With Miller expected to sign off on the move, the fate of the proposal ultimately falls to Milley, who said to Congress in 2019 that the combined leadership structure was working and should be kept in place. The post of NSA director and Cybercom commander are held by one person, currently, Gen. Paul Nakasone, in a "dual-hat" arrangement.

Cyber security and national security policy leaders have debated how and when to split that job into two positions for several years. 

The Cyber Command proposal arrives at the same time as enormous cyber hacking attacks have hit a number of federal agencies. Investigators are still working to understand what data may have been taken or compromised. Although Secretary of State Mike Pompeo has publicly linked the attack to Russia, Trump said the attacks came from China. 

White House officials had drafted a statement assigning blame to Russia for the attack and were preparing to release it but were told to stand down, according to people familiar with the plans. 

Many current and former officials say the partnership between the two spy entities is vital to sharing intelligence and resources, but critics have said the arrangement can lead to bureaucratic headaches. Some officials also say the two agencies have dueling missions that are in conflict with one another because Cyber Command focuses on offensive operations while the NSA’s chief goal is intelligence collection. Some supporters of separation think that the two agencies are simply too critical and vast for one leader to manage.

The move may be a signal that Trump might remove Nakasone as the leader of one or either agency amid frustration over the handling of the recent cyber attack, according to some officials speaking on the condition of anonymity because they were not authorised to speak publicly. 

An administration official defended the recent spate of changes during the transition. Supporters of the split argue that keeping the two organisations under dual-leadership creates inefficiencies. Should Milley and Miller make the necessary certifications to Congress, the practical implications of the move are thought to be neither immediate nor irreversible. 

CNN:          Defense One:       Wall Street Journal

You Might Also Read:

The Emerging Domain Of  Cyber War:

 

 

« How To Optimize The DevSecOps Pipeline
You Should Prepare Your Organization For A DDoS Attack »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

LogRhythm

LogRhythm

LogRhythm's security platform unifies SIEM, log management, network and endpoint monitoring, user behaviour analytics, security automation and advanced security analytics.

Exploit Database (EDB)

Exploit Database (EDB)

The Exploit Database is a CVE compliant archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers.

Bloombase

Bloombase

Bloombase is the leading innovator in Next-Generation Data Security solutions for Global 2000-scale organizations

CyberOwl

CyberOwl

CyberOwl builds on cutting-edge research and combines decades of experience in developing, securing and operating large distributed systems.

Secure Decisions

Secure Decisions

Secure Decisions focus on research and product development related to national security including information assurance, computer network defense, cyber security education, and application security.

VMRay

VMRay

VMRay delivers advanced threat analysis and detection that combines a unique agentless hypervisor-based network sandbox with a real-time reputation engine.

Redborder

Redborder

Redborder is an Open Source network visibility, data analytics, and cybersecurity Big Data solution that is scalable up to the needs of enterprise networks and service providers.

A3Sec

A3Sec

A3Sec provides professional solutions in the areas of Cybersecurity, Device Monitoring, Business Intelligence and Big Data.

Two Six Technologies

Two Six Technologies

Two Six Technologies delivers R&D, innovation, productization and implementation expertise in cyber, data science, mobile, microelectronics and information operations.

National Cybersecurity Consortium (NCC) - Canada

National Cybersecurity Consortium (NCC) - Canada

The NCC’s mandate is to keep Canada’s cyber and critical infrastructures and citizens safe while ensuring Canada’s global competitiveness and leadership in cybersecurity.

Gravitee

Gravitee

Gravitee helps organizations manage and secure their entire API lifecycle with solutions for API design, management, security, productization, real-time observability, and more.

HEROIC Cybersecurity

HEROIC Cybersecurity

HEROIC’s enterprise cybersecurity services help improve overall organizational security with industry best practices and advanced technology solutions.

Quod Orbis

Quod Orbis

Quod Orbis are a fast-growing, innovative company providing market-leading expertise in cyber security and Continuous Controls Monitoring (CCM).

ConductorOne

ConductorOne

ConductorOne is building the identity security platform for the modern workforce.

Standard Notes

Standard Notes

Standard Notes is a secure digital notes app that protects your notes and files with audited, industry-leading end-to-end encryption.

Invariant Labs

Invariant Labs

Invariant Labs are a team of technical experts with broad experience ranging from academia to big tech on a mission to unlock the potential of AI systems by making them robust, reliable and secure.