Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

10/6/2016
03:25 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

NSA Director Not Opposed To Splitting Cyber Command From Agency

In the long run it may make sense to keep nation's cyber offense mission separate from NSA, Michael Rogers says.

Admiral Michael Rogers, the director of the National Security Agency (NSA) this week said he is not opposed to the idea of separating US Cyber Command from the spy agency.

Speaking at a forum organized by the John F. Kennedy Jr. Forum at Harvard University’s Institute of Politics, Rogers said any decision to separate the two organizations would have to be made by the President of the United States. But he would support the idea so long as it did not introduce any new risks.

“Look, in the long run I think it is the right thing to do,” Rogers said. “The only question in my mind is the timing. We have to do it in a way that minimizes risk to Cyber Command and NSA,” said Rogers who as director of the NSA is also the head of Cyber Command.

US Cyber Command was established seven years ago to provide a range of mainly offensive cyber capabilities for the US Department of Defense.

The organization is structured along the lines of a typical military organization. One of Cyber Command’s missions is to provide capabilities for defending weapons systems, platforms and data against cyber attacks. On the offensive side, it is tasked with providing US operational command and policy makers with what Rogers described as a range of “options” for taking cyber action against foreign adversaries.

One of its other roles is to provide capabilities for protecting US critical infrastructure targets and commercial entities against cyber attacks, if directed to do so by the president. For example, soon after the massive intrusion at Sony Corp. two years ago, the NSA was called in to assist the FBI, the DHS and other domestic law enforcement agencies in investigating the attack.

Rogers’ comments come amid reports of the Pentagon and the intelligence community recommending that the President break up the joint leadership structure that exists today for the NSA and Cyber Command.

Apparently, there is a growing feeling that the missions of the two organizations are different enough to merit a different organizational structure. The argument is that Cyber Command with its offensive mission would do far better as an independent organization than as part of the NSA, whose mission is primarily a defensive one.

Concerns over the dual-hatted role of the NSA director are not new and neither is talk about the need to separate Cyber Command from NSA. Many have previously noted that the NSA director’s obligations to the agency’s signals intelligence mission under Title 50 of the US Code are in direct conflict with his cyberspace obligations under Title 10 authority.

In addressing the issue at the Harvard forum this week, Rogers said Cyber Command was established within NSA seven years ago because it made the most sense to do so at that time.

The US had decided then that cyber was an operational domain in which new capabilities needed to be developed, Rogers said. “We stepped back and asked ourselves ‘how do we build on previous investment and previous expertise’,” in the cyber domain within the defense department.

The NSA, with its cyber capabilities was the obvious choice, he said. “While NSA is an intelligence organization, it is a combat support agency within the DoD” with extensive cyber capabilities, Rogers said. The feeling at the time was that setting up Cyber Command within the agency would give the US a way to leverage that capability, he said.

“It is now seven years later and we are currently, as we often do, stepping back and asking ourselves does that structure still make sense?” Rogers said. “Has seven years of practical experience led us to believe that perhaps some of the assumptions we made are proving to be different than we thought.”

Related stories:

 

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19551
PUBLISHED: 2019-12-06
In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the User Management screen of the Administrator web site. An attacker with access to the User Control Panel application can submit malicious values in some of the time/date formatting and time-zone fields. These fields are not b...
CVE-2019-19552
PUBLISHED: 2019-12-06
In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the user management screen of the Administrator web site, i.e., the/admin/config.php?display=userman URI. An attacker with sufficient privileges can edit the Display Name of a user and embed malicious XSS code. When another user...
CVE-2019-19620
PUBLISHED: 2019-12-06
In SecureWorks Red Cloak Windows Agent before 2.0.7.9, a local user can bypass the generation of telemetry alerts by removing NT AUTHORITY\SYSTEM permissions from a malicious file.
CVE-2019-19625
PUBLISHED: 2019-12-06
SROS 2 0.8.1 (which provides the tools that generate and distribute keys for Robot Operating System 2 and uses the underlying security plugins of DDS from ROS 2) leaks node information due to a leaky default configuration as indicated in the policy/defaults/dds/governance.xml document.
CVE-2019-19627
PUBLISHED: 2019-12-06
SROS 2 0.8.1 (after CVE-2019-19625 is mitigated) leaks ROS 2 node-related information regardless of the rtps_protection_kind configuration. (SROS2 provides the tools to generate and distribute keys for Robot Operating System 2 and uses the underlying security plugins of DDS from ROS 2.)