Senators consider splitting NSA/CyberCom director position
The Senate Armed Services Committee will this year consider legislation splitting the two-in-one jobs of leading U.S. Cyber Command and running the National Security Agency, both currently held by Adm. Michael Rogers.
The committee held a hearing Tuesday with Rogers to discuss, among other issues, elevating CyberCom to be a unified combatant command, on a par with geographical commands like the U.S. Central Command. CyberCom, co-located with the NSA at Ft. George G. Meade in Maryland, would be the 10th such command — the units in the U.S. military that actually wage war.
Currently, CyberCom — created in 2009 with the intent to be fully operational with a 6,200 member force drawn from all four service branches and the national guard by fiscal year 2018 — is a subordinate command of the U.S. Strategic Command, the military unit that controls America’s nuclear arsenal.
In elevating CyberCom to a unified combatant command, committee members said it would make sense to split Rogers’ current roles, though he demurred.
“I’m finding it harder and harder to justify your holding two jobs given the complexity,” said Sen. Angus King, D-Maine. “I mean this arrangement was created in 2009, which in technological terms is a century ago. I understand the relationship between NSA and Cyber Command, but particularly if we move in the direction, and I think we are, of setting up Cyber Command as its own independent combatant command, to have the same person trying to run those two agencies I just think is impractical and almost impossible.”
Committee Chair Sen. John McCain, R-Ariz., said he and ranking member Sen. Jack Reed, D-R.I., hope to propose the split on an upcoming markup of the National Defense Authorizations Act for fiscal year 2017 “subject to the will of the entire committee,” as they further consider CyberCom as a combatant command.
Rogers, having like his predecessor worked both positions “dual hatted” for the past two years, disagreed there was a need to split them — saying CyberCom was too intertwined with and reliant on the NSA to divide their boss’ job.
“Part of that is the very premise that when we built Cyber Command six years ago, we said we were going to maximize the investment the nation had already made in NSA in terms of infrastructure and capability,” he said. “Because of that, we didn’t have a huge military construction program … we said we were going to take NSA’s existing space as a vehicle to do that.”
Rogers continued: “Based on the very model we created Cyber Command, where we really in many ways tightly align these two organization, that at the current time it would be difficult — not impossible, I’m the first to acknowledge that — or less than optimal in my opinion to try to separate them now. But I’ve also argued that we need to continue to assess that over time.”
All in all, though, he acknowledged the benefit that could come with the elevation of CyberCom as the 10th combatant command.
“A combatant command designation would allow us to be faster, which would generate better mission outcomes,” Rogers said. “I would also argue that the department’s processes of budget, prioritization, strategy and policy are all generally structured to enable direct combatant command input into all of those processes — that’s what they’re all optimized for. And I believe that cyber needs to be a part of that.”
What keeps Rogers up at night?
In addition to his larger concerns about cyberattacks on critical American infrastructure and the growing ability of adversary nations to not only access vital data but also manipulate it, Rogers expressed worry during the hearing about the evolving cyberthreat from non-state actors, like ISIS or other terror groups.
Currently, ISIS uses the digital domain almost purely as a place for recruitment, communications and the spread of propaganda, as well as to generate revenue and move money, Rogers said. But he worries that cyber — what he called “the great equalizer” — could give the terrorist group offensive capabilities, to wage attacks. That the internet could become a “weapon system… a vehicle to inflict pain against the United States and others.”
“That would be a troubling development,” he said.
“I have not seen groups yet make huge investments in this. But I worry that it’s a matter of time, because it wouldn’t take long,” Rogers said. “One of the challenges of cyber is … it doesn’t take billions of dollars of investment, it doesn’t take decades of time and it doesn’t take a dedicated workforce of of tens of thousands of people that you see most nation states work with.”
Correction: April 6, 2016
An earlier version of this story misidentified Sen. Angus King as Sen. Martin Heinrich.