Congress on Thursday passed the National Defense Authorization Act of fiscal year 2017, which includes a provision to separate U.S. Cyber Command from the National Security Agency.
Cyber Command would focus on developing cyber weapons and use them against adversaries online, whereas the NSA would focus on gathering intelligence in the digital sphere.
Cyber Command and the NSA operate as a “dual hat” agency since Cyber Command began in 2010. If President Obama signs this bill into law, U.S. Cyber Command would become equal with other combat units of the U.S. military such as the Central and Pacific Commands, and would be able to tackle cyber challenges around the globe.
Adm. Michael Rogers, who serves as the head of both the NSA and Cyber Command, has been criticized by Defense Secretary Ash Carter and Director of National Intelligence James Clapper Jr. for failing to stop Booz Allen Hamilton contractor Harold T. Martin III from stealing classified government material. Rogers took over the NSA in 2014, after Edward Snowden, another Booz Allen Hamilton contractor, leaked NSA documents. Rogers was tasked with ensuring another massive leak wouldn’t happen and changing the culture of the NSA.
Clapper and Carter notified Rogers that he had to get control over NSA security and improve his leadership style, after hearing complaints from NSA officials that Rogers is aloof, frequently absent, and does not listen to staff input, according to the Washington Post.
Rogers also said that the first cyber troops, operating out of Cyber Command, will be deployed to help fight ISIS on Sept. 30. However, the cyber troops still face preparedness problems, which frustrated defense officials.
When Maryland Democratic Sens. Ben Cardin and Barbara Mikulski proposed an amendment to the 2017 National Defense Authorization Act to upgrade the U.S. Cyber Command in May, the White House criticized it, saying that it would meddle in the affairs of the Department of Defense.
The NSA and U.S. Cyber Command are located in Fort Meade, Md., and could boost the state’s military prestige and bring in more jobs.
Rogers agreed that U.S. Cyber Commands status should be elevated eventually.
“The combatant command designation would allow us to be faster,” Rogers said. “I would also argue that the department’s processes of budget, prioritization, strategy, policy, are all generally structured to enable direct combatant commander input. And I believe that cyber needs to be a part of that direct process.”
Under the new plan, future directors of the NSA and U.S. Cyber Command would be civilians, underscoring the fact that neither agency is subordinate to the other.
The split is criticized by some policymakers, including Rep. John McCain, R.-Ariz., who says the military’s cyber capabilities would be weakened if it can’t rely on NSA equipment and experience.
The provision requires Cyber Command’s weapons and control systems to be capable enough to operate without NSA assistance and the split can’t occur until Cyber Command is fully operational, which is scheduled to be in 2018. The bill also allows the defense secretary to designate cyber experts to secure the personal technology of high-risk Department of Defense officials and enables the defense secretary to create standards for how cyber opposition forces should operate when acting as white hat hackers to find vulnerabilities in DOD systems.