Should NSA and cyber command have separate leadership?

As World War II began and strategists’ understanding of the strength of airborne weapons developed, the groundwork was laid for separating ground and air power: In a 1941 administrative reorganization of the Army, the renamed Army Air Force became one of three independent commands. In 1947 the split was complete with the creation of the U.S. Air Force that we know today.

We do not want to wait until World War Cyber is upon us to resolve the debate this time. We need to have a fully functional fighting force capable of taking offensive action in the case of potential, and likely, cyberwarfare.

Overlapping technology
Both the NSA and Cyber Command use computers and computer networks. Both use – and seek to break – encryption software as well as tools to hack into networks, such as phishing methods, and various types of malware to extract information.

In the military there are plenty of examples of different units relying on similar tools. For instance, look at aircraft use. In addition to the Air Force, the Army, Navy, Marines and Coast Guard all use planes and helicopters. Some of those aircraft are even identical (or nearly so), such as the C-130 “Hercules” cargo plane and the UH-60 “Black Hawk” helicopter. Just because different groups use the same equipment does not mean they must share a single leader.

Determining relative priority
We can also take a lesson from the corporate world, where responsibilities vary widely. In a panel discussion that I led in May, questions to the audience revealed that in some companies, the head of cybersecurity defense efforts reports to the head of the information technology department. But in other cases the cybersecurity chief reported to the chief financial officer, or even to the head of the company’s legal department. Increasingly we are hearing that cybersecurity leaders report directly to the firm’s CEO.

The panel members viewed cybersecurity as an inherently cautious task, where evaluating risk is important. By contrast, information technology departments often push for rapid innovation and accelerating change. As a result of those conflicting goals, the panelists came to the consensus that those efforts should be managed separately.

Using similar logic, I believe that the NSA and Cyber Command should be under separate leadership, so each can pursue its mission with undivided focus and complete intensity. The NSA can gather intelligence. Cyber Command can defend our military networks and be ready to attack the systems of our enemies.

Stuart Madnick is Professor of Information Technology and Engineering Systems, Massachusetts Institute of Technology. This article is published courtesy of The Conversation (under Creative Commons-Attribution / No derivative).