As General Keith Alexander prepares to depart from the federal government early next year, it’s important to note that he will be vacating not one job but two. He has earned plenty of attention for his role as director of the National Security Agency (NSA), the United States’ signals intelligence operation. But Alexander has concurrently served as head of Cyber Command, the cybersecurity command that the Pentagon established in 2010. This overlap was not an oversight; in fact, it was quite the opposite. Policymakers assumed that it would be efficient to have the same person run the two organizations, given that they both relied on the same types of technical expertise and operated in the same virtual space (not to mention that they are both physically based in Fort Meade, Maryland).
But if decision-makers at the White House and Pentagon are smart, they will use Alexander’s departure as an opportunity to dissolve the marriage between the two agencies. The past several years have proven that the arrangement is not as mutually conducive as it once seemed. Not only do the organizations have starkly different cultures, their missions are vastly different, even contradictory. There is, indeed, an overlap between military and intelligence missions in cyberspace. But it was a mistake to assume that they would complement, rather than impede, each other.
So long as intelligence collection and military operations are conducted in tandem, their practitioners will fight bureaucratic turf battles against their counterparts to gain priority in operational planning. For example, if a fighter pilot targets a building in support of his military objectives but kills a human intelligence source in the process, the intelligence agent will be sure to blame the pilot for jeopardizing the former’s mission. By contrast, if the presence of a human intelligence source precludes authorization to target the building, the pilot will blame the collector for jeopardizing the former’s mission.
Standard military doctrine tries to overcome this age-old struggle with “an evaluation of the quantity and quality of intelligence lost versus potential gain should a particular target be attacked” -- also known as an “intelligence gain/loss assessment.” An objective arbiter or higher-ranking authority (usually a civilian) adjudicates the position of both parties, who proceed accordingly.
In this respect, operations in cyberspace should not be handled any differently than those in physical domains. But that is precisely the problem with Alexander’s “dual-hatted” authority as the head of Cyber Command and director of the NSA: He is at once an operator and a collector in cyberspace and the arbiter for both. Given his often conflicting obligations to cyberspace operations under Title 10 of the U.S. Code and signals intelligence under Title 50, he is compelled to arbitrate in favor of one or the other, rather than advocate on behalf of either side. This is an unprecedented phenomenon that has created a dizzying conundrum for his staffs in both organizations, who find themselves having to read between the lines to ascertain which hat their boss is wearing at any given time. (And it is only natural that various staff members would pull their punches on occasion to spare their leader the perception of clashing interests across the two organizations.)
The practical result has been that the NSA has ended up dominating Cyber Command in domain-related arbitrations. This should come as no surprise: The NSA is a significantly older, more established institution -- it was founded more than 60 years ago, whereas Cyber Command is still shy of its fourth birthday -- and consequently has a stronger gravitational pull in Washington. In the absence of a high-level advocate offering a full-throated argument on behalf of Cyber Command’s interests, the military organization is likely to find itself on the short end of appropriations, personnel, intellectual capital, and technical capacity.