Will Ukraine Wind Up Making Territorial Concessions to Russia?
Foreign Affairs Asks the Experts
As General Keith Alexander prepares to depart from the federal government early next year, it’s important to note that he will be vacating not one job but two. He has earned plenty of attention for his role as director of the National Security Agency (NSA), the United States’ signals intelligence operation. But Alexander has concurrently served as head of Cyber Command, the cybersecurity command that the Pentagon established in 2010. This overlap was not an oversight; in fact, it was quite the opposite. Policymakers assumed that it would be efficient to have the same person run the two organizations, given that they both relied on the same types of technical expertise and operated in the same virtual space (not to mention that they are both physically based in Fort Meade, Maryland).
But if decision-makers at the White House and Pentagon are smart, they will use Alexander’s departure as an opportunity to dissolve the marriage between the two agencies. The past several years have proven that the arrangement is not as mutually conducive as it once seemed. Not only do the organizations have starkly different cultures, their missions are vastly different, even contradictory. There is, indeed, an overlap between military and intelligence missions in cyberspace. But it was a mistake to assume that they would complement, rather than impede, each other.
So long as intelligence collection and military operations are conducted in tandem, their practitioners will fight bureaucratic turf battles against their counterparts to gain priority in operational planning. For example, if a fighter pilot targets a building in support of his military objectives but kills a human intelligence source in the process, the intelligence agent will be sure to blame the pilot for jeopardizing the former’s mission. By contrast, if the presence of a human intelligence source precludes authorization to target the building, the pilot will blame the collector for jeopardizing the former’s mission.
Standard military doctrine tries to overcome this age-old struggle with “an evaluation of the quantity and quality of intelligence lost versus potential gain should a particular target be attacked” -- also known as an “intelligence gain/loss assessment.” An objective arbiter or higher-ranking authority (usually a civilian) adjudicates the position of both parties, who proceed accordingly.
In this respect, operations in cyberspace should not be handled any differently than those in physical domains. But that is precisely the problem with Alexander’s “dual-hatted” authority as the head of Cyber Command and director of the NSA: He is at once an operator and a collector in cyberspace and the arbiter for both. Given his often conflicting obligations to cyberspace operations under Title 10 of the U.S. Code and signals intelligence under Title 50, he is compelled to arbitrate in favor of one or the other, rather than advocate on behalf of either side. This is an unprecedented phenomenon that has created a dizzying conundrum for his staffs in both organizations, who find themselves having to read between the lines to ascertain which hat their boss is wearing at any given time. (And it is only natural that various staff members would pull their punches on occasion to spare their leader the perception of clashing interests across the two organizations.)
The practical result has been that the NSA has ended up dominating Cyber Command in domain-related arbitrations. This should come as no surprise: The NSA is a significantly older, more established institution -- it was founded more than 60 years ago, whereas Cyber Command is still shy of its fourth birthday -- and consequently has a stronger gravitational pull in Washington. In the absence of a high-level advocate offering a full-throated argument on behalf of Cyber Command’s interests, the military organization is likely to find itself on the short end of appropriations, personnel, intellectual capital, and technical capacity.
The solution would be to drop the dual authority. This would clearly benefit Cyber Command, which has suffered from its institutional immaturity relative to its civilian counterpart. But separating the two would also be a boon for the NSA. From a purely managerial perspective, both organizations have an interest in ensuring that their behemoth duties have the undivided attention of a single leader. If nothing else, the recent unauthorized disclosures perpetrated by Edward Snowden, a former NSA analyst, offer a slight glimpse into the breadth and complexity of the NSA director’s portfolio; in today’s digitally dominated and hyperconnected society, the NSA is more vital to U.S. national security than it has been at any other time in its history. Moreover, the importance of a dedicated leadership post will only increase in the coming years as the once secretive agency adjusts to new calls for transparency.
The same logic applies to Cyber Command. The need for an exclusive leadership arrangement is particularly pronounced right now, during its early stages of development. As a new institution with limited resources in a bureaucracy full of skeptical players, the command can hardly afford to compete for its own boss’ attention.
Proponents of dual authorities argue that revising the status quo would foster competition between the NSA and Cyber Command. In his April 2010 confirmation hearings, Alexander was not shy in announcing that “there will be, by design, significant synergy between NSA and Cybercom.” In reality, competition already does exist, and it always will; dropping dual authority will simply foster a healthier environment for it. Indeed, synergy was a worthy goal then and remains so today. But it was a mistake to presume that synergy could be achieved by suppressing the differences between these two organizations by placing them under the leadership of a single person. It would be far more productive to invite each organization, under its own leadership, to pursue its priorities to the fullest.