Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

10/6/2016
03:25 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

NSA Director Not Opposed To Splitting Cyber Command From Agency

In the long run it may make sense to keep nation's cyber offense mission separate from NSA, Michael Rogers says.

Admiral Michael Rogers, the director of the National Security Agency (NSA) this week said he is not opposed to the idea of separating US Cyber Command from the spy agency.

Speaking at a forum organized by the John F. Kennedy Jr. Forum at Harvard University’s Institute of Politics, Rogers said any decision to separate the two organizations would have to be made by the President of the United States. But he would support the idea so long as it did not introduce any new risks.

“Look, in the long run I think it is the right thing to do,” Rogers said. “The only question in my mind is the timing. We have to do it in a way that minimizes risk to Cyber Command and NSA,” said Rogers who as director of the NSA is also the head of Cyber Command.

US Cyber Command was established seven years ago to provide a range of mainly offensive cyber capabilities for the US Department of Defense.

The organization is structured along the lines of a typical military organization. One of Cyber Command’s missions is to provide capabilities for defending weapons systems, platforms and data against cyber attacks. On the offensive side, it is tasked with providing US operational command and policy makers with what Rogers described as a range of “options” for taking cyber action against foreign adversaries.

One of its other roles is to provide capabilities for protecting US critical infrastructure targets and commercial entities against cyber attacks, if directed to do so by the president. For example, soon after the massive intrusion at Sony Corp. two years ago, the NSA was called in to assist the FBI, the DHS and other domestic law enforcement agencies in investigating the attack.

Rogers’ comments come amid reports of the Pentagon and the intelligence community recommending that the President break up the joint leadership structure that exists today for the NSA and Cyber Command.

Apparently, there is a growing feeling that the missions of the two organizations are different enough to merit a different organizational structure. The argument is that Cyber Command with its offensive mission would do far better as an independent organization than as part of the NSA, whose mission is primarily a defensive one.

Concerns over the dual-hatted role of the NSA director are not new and neither is talk about the need to separate Cyber Command from NSA. Many have previously noted that the NSA director’s obligations to the agency’s signals intelligence mission under Title 50 of the US Code are in direct conflict with his cyberspace obligations under Title 10 authority.

In addressing the issue at the Harvard forum this week, Rogers said Cyber Command was established within NSA seven years ago because it made the most sense to do so at that time.

The US had decided then that cyber was an operational domain in which new capabilities needed to be developed, Rogers said. “We stepped back and asked ourselves ‘how do we build on previous investment and previous expertise’,” in the cyber domain within the defense department.

The NSA, with its cyber capabilities was the obvious choice, he said. “While NSA is an intelligence organization, it is a combat support agency within the DoD” with extensive cyber capabilities, Rogers said. The feeling at the time was that setting up Cyber Command within the agency would give the US a way to leverage that capability, he said.

“It is now seven years later and we are currently, as we often do, stepping back and asking ourselves does that structure still make sense?” Rogers said. “Has seven years of practical experience led us to believe that perhaps some of the assumptions we made are proving to be different than we thought.”

Related stories:

 

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/1/2020
Stay-at-Home Orders Coincide With Massive DNS Surge
Robert Lemos, Contributing Writer,  5/27/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: It's the latest version of antivirus.
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13759
PUBLISHED: 2020-06-02
rust-vmm vm-memory before 0.1.1 and 0.2.x before 0.2.1 allows attackers to cause a denial of service (loss of IP networking) because read_obj and write_obj do not properly access memory. This affects aarch64 (with musl or glibc) and x86_64 (with musl).
CVE-2020-7662
PUBLISHED: 2020-06-02
websocket-extensions npm module prior to 1.0.4 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other characte...
CVE-2020-7663
PUBLISHED: 2020-06-02
websocket-extensions ruby module prior to 0.1.5 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other charact...
CVE-2020-12017
PUBLISHED: 2020-06-02
GE Grid Solutions Reason RT Clocks, RT430, RT431, and RT434, all firmware versions prior to 08A05. The device’s vulnerability in the web application could allow multiple unauthenticated attacks that could cause serious impact. The vulnerability may allow an unauthenticated attacke...
CVE-2018-18623
PUBLISHED: 2020-06-02
Grafana 5.3.1 has XSS via the "Dashboard > Text Panel" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099.