Plans To Divide US Cyber Command And The NSA

A Pentagon proposal to put the US’s top cyber spy agency under civilian leadership has generated complaints from lawmakers who say the idea is badly timed and against the law.

Outgoing Pentagon officials appointed by President Trump have sent a proposal to the Joint Chiefs of Staff to divide the leadership of the National Security Agency and US Cyber Command.  This would reshape defense policy by a handful of key political officials who are in acting roles in the Pentagon after Donald Trump lost his re-election bid.

A US official has confirmed that Joint Chiefs Chairman Gen. Mark Milley and Acting Defense Secretary Chris Miller have received the proposal.  With Miller expected to sign off on the move, the fate of the proposal ultimately falls to Milley, who said to Congress in 2019 that the combined leadership structure was working and should be kept in place. The post of NSA director and Cybercom commander are held by one person, currently, Gen. Paul Nakasone, in a "dual-hat" arrangement.

Cyber security and national security policy leaders have debated how and when to split that job into two positions for several years. 

The Cyber Command proposal arrives at the same time as enormous cyber hacking attacks have hit a number of federal agencies. Investigators are still working to understand what data may have been taken or compromised. Although Secretary of State Mike Pompeo has publicly linked the attack to Russia, Trump said the attacks came from China. 

White House officials had drafted a statement assigning blame to Russia for the attack and were preparing to release it but were told to stand down, according to people familiar with the plans. 

Many current and former officials say the partnership between the two spy entities is vital to sharing intelligence and resources, but critics have said the arrangement can lead to bureaucratic headaches. Some officials also say the two agencies have dueling missions that are in conflict with one another because Cyber Command focuses on offensive operations while the NSA’s chief goal is intelligence collection. Some supporters of separation think that the two agencies are simply too critical and vast for one leader to manage.

The move may be a signal that Trump might remove Nakasone as the leader of one or either agency amid frustration over the handling of the recent cyber attack, according to some officials speaking on the condition of anonymity because they were not authorised to speak publicly. 

An administration official defended the recent spate of changes during the transition. Supporters of the split argue that keeping the two organisations under dual-leadership creates inefficiencies. Should Milley and Miller make the necessary certifications to Congress, the practical implications of the move are thought to be neither immediate nor irreversible. 

CNN:          Defense One:       Wall Street Journal

You Might Also Read:

The Emerging Domain Of  Cyber War:

 

 

« How To Optimize The DevSecOps Pipeline
You Should Prepare Your Organization For A DDoS Attack »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Charlton Networks

Charlton Networks

Charlton Networks provide a complete range of IT infrastructure, network and security solutions aimed at SME companies.

Securely

Securely

Securely Ltd. is an IT consulting and services firm specializing in PKI solutions and products.

Simeio Solutions

Simeio Solutions

Simeio is a complete Identity and Access Management (IAM) solution provider that engages securely with anyone, anywhere, anytime.

SlashNext

SlashNext

The SlashNext Internet Access Protection System (IAPS) provides Zero-Day protection against all internet access threats including Social Engineering & Phishing, Malware, Exploits and Callback Attacks.

Volexity

Volexity

Volexity is a leading provider of threat intelligence and incident suppression services and solutions.

Sigma IT

Sigma IT

SIGMA IT is one of the largest IT services organizations in EMEA region providing a full range of solutions and services including cybersecurity, data protection and business continuity.

KBR

KBR

To help governments and other agencies to combat cyber threats, KBR is safeguarding their most valuable systems with sophisticated tools, hardware and training.

RapidScale

RapidScale

RapidScale’s managed cloud solutions provide reliable, innovative, and secure services, all complete with white-glove service and full management options.

Secured Communications

Secured Communications

Secured Communications has developed the only unified secure communications platform trusted by public safety and counter terrorism professionals around the world.

Guardara

Guardara

Guardara's mission is to help our customers to continuously improve in every aspect of software development.

Help AG

Help AG

Help AG provides leading enterprise businesses and governments across the Middle East with strategic consultancy combined with tailored information security solutions and services.

GovernmentCIO

GovernmentCIO

GovernmentCIO was founded with a single purpose: to transform government IT. We are thought leaders in data analytics, machine learning, cybersecurity and IT transformation.

Josef Ressel Centre for Intelligent & Secure Industrial Automation

Josef Ressel Centre for Intelligent & Secure Industrial Automation

The Josef Ressel Centre for Intelligent and Secure Industrial Automation investigates the fundamentals of digital assistants for industrial machines that enable intelligent and secure operation.

Hive

Hive

Hive is a leading provider of cloud-based AI solutions to understand, search, and generate content, and is trusted by hundreds of the world's largest and most innovative organizations.

Invisily

Invisily

Invisily makes enterprise and cloud computing resources invisible to attackers with zero trust solutions, making them visible only when needed to only those who need them.

Reco AI

Reco AI

Reco is an identity-centric SaaS security solution that empowers organizations with full visibility into every app, identity, and their actions to control risk in their SaaS ecosystem.