Getting a leadership divorce wouldn’t be optimal for NSA, Cyber Command, report suggests
A report delivered to the Pentagon and intelligence community points strongly in favor of retaining the “dual-hat” arrangement by which the National Security Agency and U.S. Cyber Command continue to be led by the same four-star general, according to officials briefed on the matter.
That’s according to reporting from our own Ellen Nakashima, who has a story out this morning about Cyber Command’s operations during the election. (More on that a little later! Back to the “dual-hat” report.)
The report drafted by a small group led by former chairman of the Joint Chiefs of Staff, retired Gen. Joseph F. Dunford Jr., was submitted to Defense Secretary Lloyd Austin and Director of National Intelligence Avril Haines this month. They had requested the review last year.
While it stopped short of making an official recommendation, it found that retaining the “dual hat” came with mutual benefits for both organizations and that keeping it would be a net positive for national security, according to the officials, who spoke on the condition of anonymity because the findings are not public.
Haines and Austin are reviewing the report and are informing Congress, officials said.
The issue over the “dual hat” has stirred debate for as long as Cyber Command, established in 2010, has been in existence.
“It would be hard to see how they could split the dual hats in the near future given the in-depth report done by Gen. Dunford,” one U.S. official said.
In the first years of Cybercom’s existence, the assumption on the part of many was that one day the much smaller command would grow large enough and skilled enough to stand on its own. It still shares the same location as the NSA — Fort Meade, Md. — and for years has depended on NSA, the world’s most powerful electronic spying agency, to help it with the tools and access to overseas networks it needs to conduct operations.
Holding two demanding leadership positions was seen as too much for one person. Some feared that if the hats were split, NSA would deprive Cybercom of resources. Others feared that Cybercom’s dependence on NSA would be a drain on NSA with little in return.
Then came the Russian interference in the 2016 presidential election. In 2018, the new Cybercom-NSA head, Gen. Paul Nakasone, created the “Russia Small Group,” made up of personnel from both agencies and tasked to counter foreign adversaries that might seek to interfere in the midterm elections. Armed with a new authority that granted more latitude to offensive operations, the team carried out a campaign to disrupt a Russian troll farm before it could meddle in the midterms.
Nakasone followed that up with similar operations in 2020 and this year, earning praise from lawmakers. “I’ve long been of the opinion that the dual-hat arrangement is effective and there’s no reason to change it,” said Rep. Jim Langevin (D-R.I.) a leading lawmaker on cybersecurity issues who is retiring this year.
Nakasone, who took the twin-leadership reins in 2018, has made clear he supports the arrangement.
- “Why is the dual hat so important for the nation?” he said at the Reagan National Defense Forum in California earlier this month. “It gives us three things. … It gives us speed. It gives us agility. And it gives us unity of action in a domain that moves so rapidly.”
Now the NSA and Cybercom develop tools jointly, and the command is no longer seen as sucking resources from the spy agency without anything in return, one official said. Cybercom’s “hunt forward” missions in partners’ computer networks overseas often gleans malware that is beneficial to NSA as it seeks to learn how to detect adversaries and turn their tools against them.
The Dunford team interviewed many practitioners from four-stars to top-level civilians, said the officials. They found that even some officers who once supported splitting the hats are now in favor of retaining the arrangement, the people said.
The review “identified substantial benefits of the dual-hat leadership structure of NSA and USCYBERCOM and no significant adverse impacts to intelligence activities, cyber effects operations or cyberdefense that would justify terminating the arrangement, even as additional areas of study were identified that could improve performance under the dual hat,” said Nicole de Haay, spokesperson for the Office of the Director of National Intelligence.
Whatever decision is made, Nakasone told reporters earlier this month, “it should be the best decision for the nation, not what’s best for U.S. Cyber Command, the NSA or the intelligence community — what’s best for the nation.”
Martin Matishak of the Record reported previously on the Dunford review.
Just as it did in 2018 and 2020, Cybercom used offensive cyber actions against specific foreign targets before they could disrupt the election, Ellen reported today.
- In 2018, the target was a Russian troll farm.
- In 2020, the targets were Iranians working for the Islamic Revolutionary Guard Corps.
- This year, Cybercom went after many of the same foreign entities, Ellen reported, citing U.S. officials who spoke on the condition of anonymity.
Nakasone talked about the midterms operations at a media roundtable this month, without naming whom the operations targeted.
“We did conduct operations persistently to make sure that our foreign adversaries couldn’t utilize infrastructure to impact us,” Nakasone said. “We understood how foreign adversaries utilize infrastructure throughout the world. We had that mapped pretty well. And we wanted to make sure that we took it down at key times.”
- “Rest assured,” he said. “We were doing operations well before the midterms began, and we were doing operations likely on the day of the midterms.”
- “This is what ‘persistent engagement’ is,” he added. “This is the idea of understanding your foreign adversaries and operating outside the United States.”
A top cyber official is expected to leave the Biden administration
National Cyber Director Chris Inglis is expected to retire after he leaves his post, CNN’s Sean Lyngaas reports. Since July 2021, Inglis has served as the government’s first national cyber director — a Senate-confirmed role that Congress created last year.
Inglis is expected to leave in the next couple months, but it’s not clear when he’ll announce such a move. It could be after the Biden administration releases its national cybersecurity strategy.
“Reached by phone Wednesday, Inglis did not deny that he was planning to resign, but would not comment further on the move,” Lyngaas writes. “His goal, he told CNN, was always to get the nascent White House office up and running and to leave it in good hands.”
The Guardian, a major U.K. newspaper, is hit in hack
The newspaper’s technology infrastructure and some of its systems were affected in the hack, which the news outlet believes is ransomware, the Guardian’s Jim Waterson reports. The newspaper has continued to publish stories on its website and said it could print its Thursday newspaper.
“We are continuing to publish globally to our website and apps and although some of our internal systems are affected, we are confident we will be able to publish in print tomorrow,” the Guardian Media Group chief executive Anna Bateson and editor in chief Katharine Viner told staff. “Our technology teams have been working to deal with all aspects of this incident, with the vast majority of our staff able to work from home as we did during the pandemic.” They encouraged most staffers to work from home for the rest of the week.
In testimony, Hannity and other Fox employees said they doubted Trump’s fraud claims (New York Times)
How hackers used one software flaw to take down a county computer system (New York Times)
Ukrainian hackers gather data on Russian soldiers, minister says (Bloomberg News)
U.S. slaps sanctions on Iran officials over protest crackdown (Reuters)