Incident & Breach Response , Managed Detection & Response (MDR) , Security Operations
Obama Signs Bill Elevating Cybercom to Full CommandDual-Hat Leadership with NSA to Remain Despite Presidential Objection
President Barack Obama signed Friday the National Defense Authorization Act, legislation that includes a provision he opposes to leave the leader of the newly-elevated U.S. Cyber Command as the head of the National Security Agency as well.
See Also: Live Webinar | Breaking Down Security Challenges so Your Day Doesn’t Start at 3pm
The law elevates Cyber Command to a full combatant command; since its formation in 2010 Cybercom, as it's known, was a subcommand under the U.S. Strategic Command. When Cyber Command was stood up, the director of the NSA was designated as the Cybercom commander. The thought then was that the dual-hat arrangement would enable the fledgling Cybercom to leverage NSA's advances cyber capability and expertise.
"Cybercom has since matured and the current construct should be replaced through a deliberate, conditions-based approach to separating the organizations," Obama said in a statement. "The two organizations should have separate leaders who are able to devote themselves to each organization's respective mission and responsibilities, but should continue to leverage the shared capabilities and synergies developed under the dual-hat arrangement."
Way Open to Eliminate Dual-Hat Approach
The new law would allow the elimination of the dual-hat leadership of both agencies should the defense secretary and chairman of the Joint Chiefs of Staff jointly certify that ending this arrangement would not pose risks to the military effectiveness of Cybercom that would be unacceptable to the national security interests of the United States.
Obama also said that it should be the executive branch's decision alone to create Cybercom and decide how it should be led. "Congress should leave decisions about the establishment of combatant commands to the executive branch and should not place unnecessary and bureaucratic administrative burdens and conditions on ending the dual-hat arrangement at a time when the speed and nature of cyberthreats requires agility in making decisions about how best to organize and manage the nation's cyber capabilities," he said.
Supporters of the dual-hat approach contend Cybercom would continue to need for the next few years the leadership the NSA - the defense department's e-spy agency - to operate efficiently.
Cyber Command is the offensive cyber arm of the military, that's also charged with defending the cyber assets of the U.S. military. With increased attacks from nation-states against American business and the mostly civilian-controlled critical infrastructure, calls have been increasing to use Cybercom to defend civilian IT and, at times, to go on the offense as would the kinetic military against physical attacks on the homeland.
Navy Admiral Michael Rogers will remain head of both organizations.