The dual-hat arrangement, where one person leads both the National Security Agency (NSA) and U.S. Cyber Command (Cybercom), has been in place since Cybercom’s creation in 2010. What was once touted as temporary 13 years ago now seems established.

Will the dual-hat arrangement continue? Should it? Experts have discussed the pros and cons of both viewpoints for years. It remains in place for now, but is that likely to change in the future? That remains to be seen, and points of view shift based on the political and geopolitical landscape, as well as the rise and fall of cyber threats.

Who supports the arrangement

Those inside the NSA and Cybercom, as well as key lawmakers, favor keeping the dual-hat leadership. DefenseScoop notes that the initial leadership agreement made sense. Both organizations are inside the same Fort Meade, Maryland, location. At its birth, Cybercom required NSA personnel, experience and infrastructure to grow. The assumption was that Cybercom would eventually grow large and powerful enough to stand alone and justify having its own separate leadership structure.

In practice, however, the dual role enabled faster decision-making, which can be crucial in defeating cyber threats. Rep. Jim Langevin, current chair of the House Armed Services Subcommittee on Cyber, Innovative Technologies and Information Systems, supports the arrangement, saying, “I think the dual-hat arrangement benefits both organizations and provides the infrastructure and expertise that helps both Cyber Command and the NSA achieve success in their individual missions.”

Sen. Mike Rounds, ranking member of the Senate Armed Services Subcommittee on Cybersecurity, voiced similar praise in the article, noting that without the dual-hat arrangement, “You would have two separate bureaucracies who would clash on a daily basis about the use of the tools, about the coordination of efforts, about the protection of their own silos.”

An October 2022 report drafted by a four-person group led by retired Gen. Joseph Dunford Jr., a former chair of the Joint Chiefs of Staff, did not give an official recommendation about keeping the arrangement. However, he argued strongly for the benefits derived from it. A Director of National Intelligence spokesperson noted the report showed benefits of the structure and found no adverse impacts that would justify terminating or splitting the role.

Arguments against the dual-hat role

There’s also opposition to the arrangement and has been since the organization was created. Some feared the combined role was simply too powerful for one person. The same concern exists today as Cybercom’s role becomes larger, addressing wide-ranging societal concerns like election security and ransomware. Those defenses are often made public, which raises another concern: Could Cybercom’s activities reveal too much about the NSA? As a spy agency, the NSA’s activities are meant to stay hidden. If Cybercom uses NSA tools, could that expose espionage activity?

Does a single leader benefit both agencies?

Army General Paul Nakasone currently holds the head role and has since 2018. Obviously, it’s in his self-interest to tout his own abilities, but he detailed the benefits in his Cybercom 2023 posture statement delivered to the U.S. Senate Armed Services Committee in March. His statement quotes the October 2022 report noting “substantial benefits that present compelling evidence for retaining the existing structure.” He also states that “protecting the national security of the United States in cyberspace would be more costly and less decisive with two separate organizations under two separate leaders.”

The statement notes successful collaborations between the NSA and Cybercom, including defense of the 2022 midterm election. Nakasone maintains that “foreign attempts to meddle in our electoral process via cyber means escalated in 2016 and have persisted in every election cycle since.” The goal of this collaboration has been to “render these campaigns inconsequential,” meaning they would have no effect on election outcomes. The result was that the “2022 midterms progressed from primaries to certifications without significant foreign malign influence or interference.”

Nakasone also outlined efforts to hinder state-sponsored cyberattacks from China, Russia, Iran and other cyber criminals. He notes that as a result, the organization “made partner-nation networks more secure; increased our global cybersecurity partnerships; led to the public release of more than 90 malware samples for analysis by the cybersecurity community and ultimately kept us safer here at home.”

Demonstrable successes have to date, prevented splitting this role, but the issue continues to come up.

Will a split still happen? If so, what is the holdup?

Even with general agreement that the dual-hat arrangement works, consensus also seems to be that the split will happen eventually in line with the original vision for Cybercom. In 2016, over concerns that a split was imminent (and also premature), Congress legislated metrics that would have to be met before the split could happen. Among those metrics was that each organization would have its own systems in place to plan, de-conflict and execute military cyber and national intelligence operations. Both organizations also need separate tools for cyber operations, including the ability to acquire or create needed tools.

Cybercom has made gains on those metrics but has not fully achieved them yet. And, as long as the two organizations work successfully together and continue to achieve their separate but complementary missions, it’s unlikely there will be a significant push to change their operations.

What’s next for the NSA and Cybercom?

As required, both organizations continue to make progress toward the legislated metrics. Yet there appears to be no appetite for changing the leadership arrangement in the short term. What is on the short-term horizon? Gen. Nakasone plans to step down from the role sometime this year. The leadership role is generally held for four years, but Nakasone agreed to extend his tenure into 2023.

In May, U.S. Air Force Lt. Gen. Timothy Haugh was nominated as Nakasone’s replacement. Haugh currently serves as deputy commander at Cybercom. He helped spearhead some of the key initiatives at Cybercom, including election protection. The role requires Senate confirmation, but Sen. Tommy Tuberville is currently blocking all military nominations, with 200 nominations currently pending due to his block. Haugh’s appointment and Nakasone’s retirement plans remain in the air until that stalemate ends.

More from Government

How the FBI Fights Back Against Worldwide Cyberattacks

5 min read - In the worldwide battle against malicious cyberattacks, there is no organization more central to the fight than the Federal Bureau of Investigation (FBI). And recent years have proven that the bureau still has some surprises up its sleeve. In early May, the U.S. Department of Justice announced the conclusion of a U.S. government operation called MEDUSA. The operation disrupted a global peer-to-peer network of computers compromised by malware called Snake. Attributed to a unit of the Russian government Security Service,…

How NIST Cybersecurity Framework 2.0 Tackles Risk Management

4 min read - The NIST Cybersecurity Framework 2.0 (CSF) is moving into its final stages before its 2024 implementation. After the public discussion period to inform decisions for the framework closed in May, it’s time to learn more about what to expect from the changes to the guidelines. The updated CSF is being aligned with the Biden Administration’s National Cybersecurity Strategy, according to Cherilyn Pascoe, senior technology policy advisor with NIST, at the 2023 RSA Conference. This sets up the new CSF to…

New Hive0117 phishing campaign imitates conscription summons to deliver DarkWatchman malware

8 min read - IBM X-Force uncovered a new phishing campaign likely conducted by Hive0117 delivering the fileless malware DarkWatchman, directed at individuals associated with major energy, finance, transport, and software security industries based in Russia, Kazakhstan, Latvia, and Estonia. DarkWatchman malware is capable of keylogging, collecting system information, and deploying secondary payloads. Imitating official correspondence from the Russian government in phishing emails aligns with previous Hive0117 campaigns delivering DarkWatchman malware, and shows a possible significant effort to induce a sense of urgency as…

The Pentagon’s 2023 cyber strategy: What you need to know

5 min read - In May 2023, the Department of Defense (DoD) released an unclassified fact sheet detailing its latest cyber strategy. This latest update is another indication of the Pentagon’s intent to combat threat actors, coming fast on the heels of the 2022 National Security Strategy and the 2022 National Defense Strategy. A more complete summary of the strategy will follow in a few months. For now, let’s unpack what we know so far about the Department of Defense’s 2023 cybersecurity strategy. Reinforcing…