The time has come to split U.S. Cyber Command from the National Security Agency and assign separate leaders to each organization, the nation’s top intelligence official said Tuesday.
James Clapper, the director of national intelligence, said Cyber Command and its military service components have now matured to a point that they no longer require the “dual-hatted” relationship the Defense Department instituted in 2009, when it created the new sub-unified combatant command and named the NSA director to simultaneously serve as its commander.
“I was part of that decision-making process when I was the undersecretary of Defense for intelligence, but it was never intended to be permanent,” Clapper said Tuesday at the Council on Foreign Relations in Washington. “It’s been six years, and we’ve reached the point where each of these responsibilities should be separate.”
Among the reasons, Clapper said both of the organizations are massive entities with distinct, critical national security responsibilities of their own.
“I’ve been in charge of a couple agencies myself as director of the Defense Intelligence Agency and the National Geospatial Intelligence Agency for almost nine years, and running any of these agencies is an all-consuming, 7-by-24 proposition. So for lots of reasons, I think they should be separate.”
Clapper’s views, however, do not control the outcome. He is one of several officials advocating for a split before the end of the Obama administration, but there are dissenting views.
Adm. Michael Rogers, the current NSA director and CYBERCOM commander, said as recently as a month ago that the dual-hatted arrangement is, for now, the right one. On the same day, Sen. John McCain (R-Ariz.), the chairman of the Senate Armed Services Committee, vowed to block the nomination of any CYBERCOM commander unless he or she also served as NSA director.
Clapper’s comments came one day after a key milestone in Cyber Command’s maturation process.
On Monday, officials announced that all 133 of the teams that make up the Cyber Mission Force had reached their initial operating capability, meaning that its 5,000 personnel were ready to perform the fundamental offensive and defensive roles officials set out when they outlined the workforce goals three years ago.
“One of the reasons DoD has done exceptionally well to rapidly train and build this force is that each branch of the military services has come to the conclusion that cyber is a mission set that requires dedicated expertise over time,” Rogers said in a statement. “That wasn’t always the case, and I have to compliment the services, the services’ cyber component leadership and the entire team for all of the extremely hard work to achieve this goal.”
Officials said about half of the teams had already reached full operational capability, but it will take until September 2018 for the remainder of them to do so. Cyber Command expects the total workforce to number about 6,200 at that point.
In the meantime, all 133 are being asked to perform real-world missions, regardless of whether they’ve been designated as “fully operational.”
“Because of the dynamics of cyber, we have needed to apply capacity as soon as we’re generating it,” Rogers said. “And so we find ourselves in a situation — a little unusual in the military arena — wherein as soon as we get a basic framework, we have been deploying the teams and putting them against challenges.”