Since Cybercom was created a decade ago, it has been co-located with NSA at Fort Meade, Maryland, and shared a leader. At the time, this made sense to help the nascent command grow, relying on the personnel, expertise and infrastructure of the high-tech intelligence agency. The arrangement was initially expected to be temporary.

Severing the dual-hat has been one of the most hotly contested issues in cyber policy. Proponents believe the military can benefit from the unique intelligence insights and resources of NSA, leading to faster decision-making and operational outcomes. Opponents argue the roles of NSA director and Cybercom commander are too powerful for one person to hold and relying on the intelligence community’s tools — which are meant to stay undetected — for military activities poses risks to such espionage activity.

At the end of the first Trump administration, officials made a last ditch effort to sever the dual-hat, but it ultimately was not brought to fruition. Press reports prior to Trump’s inauguration for his second term indicated the administration wanted to end the dual-hat relationship.

There “is renewed speculation about the separation of the ‘dual-hat’ relationship between Cybecom and NSA, a construct that proves its value to our national security every minute of every day. This issue has been studied exhaustively but somehow there are still those who believe they know better,” Rep. Don Bacon, R-Neb., chairman of the House Armed Services Subcommittee on Cyber, Innovative Technologies and Information Systems, said in opening remarks during a hearing Friday. “I’ve spoken to my colleagues on this panel and our friends in the Senate, and on a bipartisan and bicameral basis, the Armed Services Committees are strongly opposed to ending the dual-hat relationship. I want to take this opportunity to make very clear to the Department’s leadership that if they believe they have allies on this issue who sit on the Pentagon’s congressional oversight panels, they do not.” 

Following the firing of Cybercom commander Gen. Timothy Haugh at the beginning of April, there was a feeling that the dismissal prepped the ground to split the dual-hat by nominating a civilian to lead NSA and a military officer to lead the command.

Bacon’s sentiment was shared by the subcommittee’s ranking member, Rep. Ro Khanna, D-Calif., on Friday.

“Let me reaffirm what you said about keeping our Cyber Command and NSA together. That is a bipartisan position, that is a position that we have discussed many times now, and people on this side of the aisle support you in that. It’s bicameral, it’s bipartisan. And you know, I just want to make that clear, because it keeps coming up and … because the support in the Congress is very strong for keeping the — those two departments together,” Khanna said at the hearing.

The issue was addressed on the Senate side over a month ago as well, with Sen. Mike Rounds, R-S.D., voicing support for the current arrangement.

“In wake of the various persistent cyber threats originating from the People’s Republic of China over the last two years, it is my firm conclusion that the importance of the dual-hat is as important today as it has ever been,” Rounds, chairman of the panel’s Cybersecurity Subcommittee, said during an April 9 hearing.

At that hearing, Lt. Gen. William Hartman, acting commander of Cybercom and director of NSA, told Rounds that the relationship between the two organizations allows the command to see what the adversary is doing.

“From my standpoint and senator, I’ve been sitting on the campus of the National Security Agency and Cybercom for most of the last 15 years. I’ve continued to see this partnership evolve. And our ability to execute increasingly more precise operations is fundamentally because the dual-hat allows me, in my current capacity, to move with the speed and agility and unity of effort that is required,” he said. “But it also forces leaders across the organization to collaborate, to do the hard work and to provide the best options for the national security of the country. That’s what I believe is the importance of the dual-hat, and that is really where I believe we’ve evolved.”

Concerned with the prospect of a premature split, in which Cybercom would not be ready to stand on its own, Congress has previously issued a prohibition on a breakup in leadership until certain metrics are met. They include, among others, that each organization have robust command-and-control systems for planning, deconflicting and executing military cyber operations and national intelligence operations — as well as ensuring tools and weapons used in cyber ops are sufficient for achieving required effects and that Cyber Command can acquire or develop these tools, weapons and accesses.

Gen. Dan Caine, chairman of the Joint Chiefs of Staff, told lawmakers at his confirmation hearing for the role in April that he believes the dual-hat should be maintained, agreeing with the findings of a 2022 study that found the role should be strengthened as well.

“The Dual-Hat arrangement provides the ability to look across both organizations and has empowered both USCYBERCOM and NSA to fulfill their missions better than each could do alone. It promotes agility and enables intelligence to be operationalized rapidly,” he wrote in response to advance policy questions from senators. “It also facilitates relationships with key foreign allies and partners in part because the corresponding foreign organizations with signals intelligence (SIGINT) and cyber operations missions are fully integrated, operating under a Dual-Hat leadership structure. The span of control, does however, place a burden on one leader.”

Ahead of his own confirmation hearing in January, Secretary of Defense Pete Hegseth wrote to senators that he would “bring these debates to conclusion, consult with Congress, and make final recommendation for the way ahead.”

The post Members of Congress vow not to split Cyber Command, NSA appeared first on DefenseScoop.

Today, America’s federal cyber establishment faces a similar crisis of fragmentation. Born of disjointed legislation, overlapping executive orders, and competing congressional mandates, our cyber defense infrastructure has evolved into a convoluted maze where organizational boundaries matter more than mission success.

A fragmented cyber battlefield

The U.S. cyber domain’s evolution has occurred with little strategic coordination, creating unclear jurisdictions and mission overlap. The Department of Defense (DOD) and U.S. Cyber Command (USCYBERCOM) oversee military cyber operations, yet their efforts often compete with the National Security Agency’s (NSA) intelligence-driven priorities. The Cybersecurity and Infrastructure Security Agency (CISA) defends civilian networks but lacks sufficient authorities to compel action across the private sector. The Federal Bureau of Investigation (FBI) handles cybercrime investigations, while the Office of the National Cyber Director (ONCD) attempts to provide strategic oversight — all while adversaries exploit the strategic, operational, and jurisdictional seams between these various civilian and military organizations governed by different statutes.

This disjointed approach has led to catastrophic security failures. During the 2020 SolarWinds breach, Russian intelligence services infiltrated government and private networks while exploiting the gaps between our defensive organizations. The sophisticated cyber-espionage operation went undetected for months, with agencies like CISA, NSA, and FBI struggling to coordinate responses within their respective lanes. When the breach was finally discovered, our fragmented cyber ecosystem couldn’t assemble a complete picture of the attack, with each agency holding only pieces of the puzzle.

The 2021 Colonial Pipeline ransomware attack paralyzed fuel distribution across the East Coast, exposing critical weaknesses in public-private cyber collaboration. As federal agencies debated jurisdictional boundaries and response authorities, Americans faced gas shortages and price spikes. The FBI, CISA, Department of Energy, and multiple other agencies worked parallel tracks with limited coordination, demonstrating how our fractured response system fails during crises that cross public-private boundaries.

More recently, China’s SALT TYPHOON and VOLT TYPHOON campaigns methodically targeted our telecommunications infrastructure, maritime ports, and power grid systems. These persistent, sophisticated intrusions established footholds in critical infrastructure while our agencies struggled to share information effectively. Intelligence agencies detected the threats but faced bureaucratic hurdles in disseminating actionable information to defensive agencies and private sector targets.

In each case, multiple agencies responded with competing priorities: some focused on intelligence collection, others on attribution, and still others on defensive measures — often without real-time coordination or information sharing. Our adversaries deliberately target these organizational seams, knowing that our fragmented response system will delay effective countermeasures.

Geopolitical adversaries exploit our fragmentation

America’s cyber vulnerabilities are not hypothetical — they are actively and daily exploited by our adversaries. China’s persistent cyber-espionage campaigns target U.S. defense contractors and critical infrastructure through operations like VOLT TYPHOON. Russian state-backed hackers conduct disinformation and cyber disruption operations, seeking to undermine public trust. North Korean hackers fund their regime through cryptocurrency theft, while Iran grows increasingly aggressive in targeting American executives and government officials.

These nation-states deliberately exploit the seams between our agencies’ jurisdictions. When an attack crosses from intelligence gathering to destructive effects, from foreign to domestic networks, or from government to private infrastructure, our response fractures along organizational boundaries. Each agency follows its own playbook, often with limited visibility into parallel efforts.

Moreover, in the age of artificial intelligence, the scale and sophistication of cyber attacks will increase dramatically, with potential for unprecedented physical damage and even loss of life beyond purely digital impacts. Our adversaries have already unified their cyber operations under centralized command structures that blend military, intelligence, and criminal capabilities, while we remain divided.

The Cyber Council of Nicaea: A unifying solution

A Cyber Council of Nicaea would serve as a permanent, high-level forum backed by executive order and congressional authorization for resolving cyber policy disputes, coordinating national strategy, and setting enforceable standards. Unlike current ad-hoc coordination mechanisms that lack decisive authority, the Council would have the mandate to make and enforce binding decisions. Its core objectives would be:

Doctrinal unity — Establish a national cyber doctrine clearly defining roles, responsibilities, authorities, and response protocols.

Operational deconfliction — Synchronize military, intelligence, law enforcement, and civilian cyber operations.

Information sharing — Establish efficient and secure pathways for information sharing across agencies and with private sector partners.

Crisis response coordination — Develop binding frameworks for responding to attacks on critical infrastructure, including specific playbooks for common scenarios.

Public-private integration — Foster structured engagement with industry leaders through meaningful incentives and mutual benefit arrangements.

Readiness exercise planning — Develop and execute regular cross-sector cyber exercises modeled after nuclear response readiness drills.

Geopolitical cyber strategy — Align cyber operations with broader national security goals.

The Council’s structure would mirror successful national security decision-making bodies while avoiding excessive bureaucracy:

Chair: National Cyber Director with enhanced authorities via executive order, ensuring overarching strategic coherence and direct presidential reporting.

Core members: Leaders from DOD (to include National Guard), Coast Guard, NSA, CISA, FBI, USCYBERCOM, NSC, and the Office of the Director of National Intelligence (ODNI).

Advisory panel: Private sector cybersecurity executives and critical infrastructure representatives with defined incentives for participation, including enhanced threat intelligence access and priority incident response support.

Standing working groups: Composed of subject-matter experts from member agencies and private sector, focused on doctrine development, interagency coordination, and international cyber norms.

Unlike existing coordinating bodies, the Council would have the authority to make binding decisions about roles, responsibilities, authorities, and resources during both steady-state operations and crisis response. Reporting directly to both the Executive Branch and relevant congressional committees would ensure accountability and oversight. The Council would convene regularly for strategic planning and activate immediately during cyber emergencies, with clear lines of authority established in advance.

Learning from successful models

The Goldwater-Nichols Act of 1986 revolutionized the U.S. military by mandating joint operations and forcing inter-service cooperation after failures in Grenada and elsewhere demonstrated the costs of fragmentation. While imperfect, it fundamentally transformed military effectiveness by compelling unity across service boundaries. Nuclear response and readiness provides another successful model, with comprehensive exercises that coordinate military and government agencies, private sector partners, and even international allies.

A Cyber Council of Nicaea could achieve similar transformative effects for the cyber domain, compelling unity where fragmentation currently reigns, while avoiding the pitfalls of excessive centralization that could stifle innovation or create new bureaucratic obstacles.

Addressing the counterarguments

Skeptics may argue that adding another layer of coordination risks bureaucratic inefficiency. However, the status quo — where cyber responsibilities are split across multiple agencies without a unifying authority — has already proven inefficient and dangerous. The Council would not add bureaucracy but rather streamline existing processes by establishing clear decision paths and eliminating duplicative efforts. Recent examples like SolarWinds and Colonial Pipeline demonstrate how our current approach costs precious time during crises when every minute counts.

Concerns over interagency rivalry are valid but not insurmountable. By establishing clear lines of authority for specific scenarios in advance and building regular coordination exercises into agency operations, the Council would reduce friction during crises. The current nominated ONCD leadership may lack the gravitas of the original Council of Nicaea’s Emperor, but enhanced authority through executive order and congressional mandate would provide the necessary power to drive meaningful coordination.

Regarding private sector involvement, the Council would ensure that response measures balance national security with business continuity and civil liberties through meaningful industry participation. Rather than imposing one-way requirements, this approach would provide tangible benefits to participating companies through enhanced intelligence sharing, technical assistance, and coordinated incident response support.

The alternative — allowing China, Russia, and other adversaries to continue exploiting our divisions — is simply unacceptable.

A call to action

Cyberspace is unquestionably the battlefield of the 21st century, yet we continue to defend it with organizational structures designed for the industrial age. The National Security Council and Congress should immediately authorize and convene the first Cyber Council of Nicaea, bringing together key stakeholders to define America’s cyber future.

Implementation will require amendments to existing authorities and potentially new legislation, but the fundamental architecture already exists in the form of existing coordination bodies. What’s missing is decisive leadership with real authority and accountability — gaps the Council would fill.

The recent Executive Order shifting resilience responsibilities to states makes this Council even more critical, as it must establish the frameworks and standards that will guide state-level cyber defense efforts, preventing further fragmentation at the state and local levels.

Without decisive action, we risk continued fragmentation, persistent vulnerabilities, and a strategic disadvantage against adversaries who operate with singular focus. The Cyber Council of Nicaea isn’t just an administrative reform, it’s an urgent national security imperative that must be established before the next major attack forces reactive, chaotic policymaking in its aftermath.

The choice is clear: unify now or remain divided until disaster forces our hand.

Authors’ note: Brad Levine; John Dobrydney, DSc; Hala Nelson, Ph.D., and Ken Kurz were kind enough to lend their knowledge, expertise, and constructive feedback in the development of this Op-Ed.

Daniel Van Wagenen is a retired Army combat infantryman and defensive cyber operator. He is also the co-founder of the Association of the U.S. Cyber Forces (AUSCF), the first dedicated nonprofit to being a voice for the cyber warfighter, and co-founder and COO of Minerva Cyber Technologies, a full-spectrum cyber operations services and products firm.

Kim Irving is a senior cyber executive focused on supporting the warfighter and the national security mission. Co-founder and CEO of Minerva Cyber Technologies, she has 20+ years of experience serving on executive leadership teams and boards. Her experience includes full-spectrum cyber services and capability development for U.S. Cyber Command, Army Cyber Command, Air Force Cyber Command, Navy Fleet Cyber Command, and Marine Corps Forces Cyberspace Command.

The post The Cyber Council of Nicaea: Unifying America’s fragmented digital defense appeared first on DefenseScoop.

At press time, it still remains a public mystery why he and NSA deputy Wendy Noble (who was removed and reassigned) were fired from leading the largest intelligence agency — which produces the majority of the intel for the president’s daily brief — and the government’s main cyber warfare entity, Cybercom.

Chief Pentagon spokesperson released a statement late Friday afternoon that read: “The Defense Department thanks General Timothy Haugh for his decades of service to our nation, culminating as U.S. Cyber Command Commander and National Security Agency Director. We wish him and his family well.”

The websites of Cyber Command and NSA were updated Friday afternoon to reflect that Army Lt. Gen. William Hartman is now in charge of both organizations. Hartman had been the deputy commander of Cybercom. Although the commander is dual-hatted to lead both organizations, the deputy Cybercom commander is not part of NSA.

Those that spoke to DefenseScoop noted how rare it is for a sitting NSA director to be fired mid-term, especially absent any loss in confidence to command or a scandal. For context, the director wasn’t removed after the Snowden leaks came to light during the Obama administration.

Although the president does have the authority to remove officers like this, some observers have indicated it might not be a wise use of that power, and could create morale issues.

“I don’t recall an NSA director in recent memory being removed other than during the normal cycle,” said Jamil Jaffer, founder and executive director of the National Security Institute at the Antonin Scalia Law School at George Mason University, who held positions in the Bush White House, Department of Justice and was senior counsel to the House Permanent Select Committee on Intelligence for the Republican chairman Mike Rogers of Michigan. “When a well-regarded, four-star general is fired for no apparent reason — if in fact that’s what happened and even if it is legally permissible — that can have a massively detrimental impact on both ongoing operations and morale.”

Prior to taking office — and in successive confirmation hearings — Trump administration officials expressed an interesting in taking a more aggressive approach in cyberspace against adversaries in the face of high-profile intrusions of telecom firms and critical infrastructure that some say went beyond traditional espionage to prep the battlefield.

“General Tim Haugh is an outstanding leader and was doing a superb job at Cyber Command and National Security Agency. He was fired with no public explanation. This action sets back our Cyber and Signals Intelligence operations,” Rep. Don Bacon, R-Nebraska, the chairman of the House Armed Services Subcommittee on Cyber, Information Technologies, and Innovation and a former one-star Air Force general, said on X.

A slew of Democrat lawmakers issued statements Friday criticizing the administration’s move.

Sen. Jack Reed, D-R.I., the top Democrat on the Senate Armed Services Committee, expressed alarm and anger regarding the decision to fire Haugh — who was unanimously confirmed by the Senate to his role — and oust Noble.

“As the commander of Cyber Command, General Haugh led the most formidable cyber warfighting force in the world and kept our enemies up at night. President Trump has given a priceless gift to China, Russia, Iran, and North Korea by purging competence from our national security leadership,” he said. “I have long warned about the dangers of firing military officers as a political loyalty test. In addition to the other military leaders and national security officials Trump has fired, he is sending a chilling message throughout the ranks: don’t give your best military advice, or you may face consequences. The President must immediately explain himself to the American people.”

Reed was referring to assertions that political activist Laura Loomer urged President Donald Trump to fire certain officials due to their perceived disloyalty to him and his agenda. She wrote in a social media post Thursday night that Haugh and Noble were fired for being “disloyal” to Trump. In recent weeks, Trump also fired Chairman of the Joint Chiefs of Staff Gen. Charles “CQ” Brown and Chief of Naval Operations Adm. Lisa Franchetti, among other senior defense officials.

“It’s concerning, from a national security perspective, when a 9/11 truther is providing advice to the President on whether a four-star general ought keep his job as the head of the world’s premier signals intelligence agency,” Jaffer said regarding the allegations Loomer had something to do with Haugh’s ouster.

Others agreed with that sentiment.

“If this was tied to Loomer’s action, then preparing for a future war against China is taking a back seat to the fight against DEI and those perceived as not loyal enough to the regime,” said Jason Healey, a senior research scholar at Columbia University’s School for International and Public Affairs with a deep cyber background in the government and military. Healey previously served as a founding member of the Office of the National Cyber Director at the White House and worked at a U.S. military organization that was a precursor to Cybercom.

Sen. Roger Wicker, R-Miss., chairman of the Senate Armed Services Committee and Rep. Mike Rogers, R-Alabama, chairman of the House Armed Services Committee, did not respond to requests for comment.

“Silence, nothing but silence, from my once honorable colleagues in the GOP who just days ago sat with me in meetings on the Armed Services Committee praising GEN Haugh. Cowering before Trump and complicit in letting a lunatic upend their own national security team, they do nothing to stand up for our troops or our country,” Rep. Seth Moulton, D-Mass., wrote on X Friday.

Top Dems on the House Armed Services Committee issued a joint statement citing their concerns.

“Under [Haugh and Noble’s] leadership, the men and women of US Cyber Command and the National Security Agency have been at the tip of the spear in defense of our country against very real cyber threats, including ransomware extortionists and actors like Volt Typhoon and Salt Typhoon. Reports that the dismissals were due not to failure to execute their positions but, rather, being accused of being disloyal by a far-right conspiracy theorist are deeply disturbing,” said HASC ranking member Rep. Adam Smith, D-Wash., Rep. Ro Khanna, D-Calif., ranking member of the CITI subcommittee and Rep. Chrissy Houlahan, D-Penn., who has taken a keen interest in cyber issues.

Houlahan in a separate statement to DefenseScoop called the firing “inexplicable,” adding it “should leave us all feeling less safe today.”

“There have still been no consequences for anyone over the leaking of classified information over Signal – the real threat. This action—meant in some way to distract us from the Signal and gmail fiascos— to summarily remove the four-star General responsible for the National Security Agency and Cyber Command is chilling,” she said. “The American people deserve answers – now including why General Haugh was relieved of his duties. The case is not, in fact, closed.”

The post Firing of top cyber general ‘sets back’ US military and intel operations, makes America ‘less safe,’ lawmakers of both parties say appeared first on DefenseScoop.

However, despite the National Security Agency’s access to a satellite phone Bin Laden had been using, media reports alerted the terrorist leader to that collection, leading to an effective electronic communications collection blackout for the agency. This made collecting on valuable intelligence for future plots and his movements very difficult, forcing the agency and broader intelligence community to have to be more creative. Officials decided to begin collecting on curriers, which ultimately led the intelligence community to pinpoint Bin Laden’s location in Pakistan.   

That is an anecdote from the NSA’s new podcast that’s dropping Thursday. It’s name, “No Such Podcast,” is a play on the “No Such Agency” moniker given to the organization due to its secretiveness.

NSA, a combat support agency serving as the nation’s premier signals intelligence organization and cybersecurity outfit, wants to pull the curtain back on some of its work and highlight its roles and missions in the national security arena.

“For years, the very existence of NSA was classified, leading to the name ‘No Such Agency.’ Now, as NSA has increased its public engagements in the past several years, ‘No Such Podcast’ provides a new channel for people to learn more about one of the country’s most secretive agencies,” according to an agency spokesperson. “NSA believes in showcasing the incredible, dedicated work of our diverse, expert workforce. ‘No Such Podcast’ extends our existing efforts into a new and growing medium.”

According to a transcript provided by the agency ahead of its release, episode one details the long journey to hunt down Bin Laden, the world’s most wanted terrorist, while also delving into the craft of signals intelligence, or SIGINT.

“We did have some interesting collection on [Bin Laden] in the past using a satellite phone. Unfortunately that got published in the media that we were collecting him off that satellite phone. From that moment on, no more electronic communications from him,” Jon Darby, former director of operations at NSA, said in the podcast’s first episode, highlighting the challenge of maintaining secrets and keeping open avenues for intel gathering.

Officials in the past have said that NSA provides nearly a quarter of the intel contained in the president’s daily brief, a summary of top-level national security information.

“In its basic form, a signal is a current or a pulse or a radio wave — something that transmits information and data between systems and between networks. So each signal, think of a phone call, or a text, or even communicating over the internet. These things create a digital footprint that we would call a signal. There are other digital footprints or signals we’re interested in, like weapon signals, radars, missiles,” Natalie Laing, director of operations at NSA, explained. “There has to be a requirement to go after that signal for some reason of national security and importance. So as most basic, that’s what the signal world is, and that’s what signals intelligence is, that data that rides on the signal that we are interested in for national security purposes.”

Podcast guests provided three distinct examples for how signals intelligence has contributed to national-level insights and helped combat malicious activity. First, interviewees said signals collected ahead of Russia’s full-scale invasion of Ukraine provided advance warning of Moscow’s actions, allowing U.S. Cyber Command to send a team of personnel to Kiev to help harden networks — a success largely touted by the U.S. for contributing to Ukraine’s resiliency against digital feints during the early stages of the attack.

Additionally, according to officials, signals intelligence was used to inform the origins of chemicals used to synthesize fentanyl in China, in an effort to help stem the shipment to the United States, where deaths related to the drug have surged to record highs.

Guests also described how signals intelligence collection helped to identify multiple ransomware attacks — some before they occurred — to help protect critical sectors in the U.S. such as the defense industrial base.

When it came to finding Bin Laden, Darby and Laing noted that it was a full-team effort across the intelligence community. They described the long chase that came in fits and starts with lead after lead being investigated. Analysts would pour through collection data and try to discern what was important for senior leaders.

“One of the main things we need to do when we do that collection and processing is make this understandable for the folks that are going to be working this … you might be looking at a signal or a big grouping of signals that are very complicated, highly technical, or encrypted, or all three of those things. So it is our job to not only undo the complexity to get to the meat of the data so that the analysts can use that, but also we have to establish the right thresholds for how to go through that data,” Laing said.

“Jon was talking about the couriers as we were targeting UBL. If we were to go through all this collection and see anything that relates to that courier, obviously that’s something we would discern is of foreign intelligence value. We will keep following up on that. If it was, for example, a signal that was right next to that one, of a local taxi driver near you, okay, that’s not something we would discern we need to follow. So that’s one way that we start to parse out this collection so it’s usable and meaningful because the volume is pretty significant,” Laing added.

On the night of the raid to capture or kill Bin Laden, NSA’s role was to ensure there were no threats to the team, providing indications and warning to the helicopters carrying the SEAL team that carried out the mission.

The rest is history.

Meanwhile, the second episode of the podcast dives into the NSA’s role in cybersecurity.

“Cybersecurity is absolutely critical to national security. So when you think about advanced cyber actors, whether it’s Russia, China, Iran, North Korea, or non-state actors, it’s critically important for our nation to have threat intelligence that helps us navigate all the various aspects of the cybersecurity mission,” Dave Luber, director of cybersecurity for NSA and former executive director of Cybercom, stated.

“When you think about national security systems, you think about all the systems that support the Department of Defense, all the systems that support the intelligence community, and also select portions of our federal civilian agencies and departments, also rely on national security systems capabilities. So whether it’s threat intelligence, whether it’s partnerships, or whether it’s a focus towards key encryption capabilities to protect our most important national security systems, that’s what cybersecurity means to the National Security Agency,” he said.

Driving together themes from the two episodes, officials noted that NSA has started to focus on threat intelligence collected via signals intelligence as a means of improving cybersecurity.

They also highlighted how the U.S. military has changed due to the cyber environment and what the NSA is doing in its role as a combat support agency.

“From a military perspective, in terms of how the landscape has changed over the last decade, I would just reflect on the adversary that we were fighting. And so for the military, for the last 10 years, we were postured for this global war on terrorism. Rightfully so. It was an adversary that was not that sophisticated, did not rely on technology,” then Maj. Gen. Jerry Carter, who was deputy director of cybersecurity for combat support, said. Carter has been promoted to three-star and assumed the role of deputy commandant for information Aug. 2.

“When you look at the world today and out to 2030, I mean, it’s a different environment,” Carter continued. In the past, the focus was on air, land and sea, “but now we add space and cyberspace, which really challenges us.”

Interviewees also noted the partnerships across government and military agencies and the role NSA plays in protecting weapon systems.

“When you look at the changes that have been occurring across our department, especially with the advent and use of proliferated LEO, low-Earth orbit architectures, to support warfighters, it’s been really important for us at NSA to ensure that high assurance cryptography protects all parts of that space ecosystem,” Luber said.

“Whether it’s the ground segment, the user segment, the link segment or the space segment, NSA is there to support the warfighters as they develop those new capabilities to ensure that we have warfighting systems in space. So one of the partnerships that we’ve had over the past three years is with the Space Development Agency,” he said. “Working closely with SDA, Dr. [Derek] Tournear and his team, we’ve ensured that over the last year, we’ve been able to support the launch of 27 low-Earth orbit satellites to support Department of Defense capabilities. And that includes the capabilities to provide secure communications from that ground all the way up to the space segment, but also bring new capabilities online to really enhance warfighting systems.”

The post NSA’s foray into podcasting highlights its role in Bin Laden raid, cybersecurity appeared first on DefenseScoop.

The position is the No. 3 spot at Cybercom and is typically held by an NSA official on loan to the command, which is co-located with the NSA at Fort Meade, Maryland, and shares a leader.

Adamski comes to the role at a pivotal time for Cybercom, in which after developments that have been years in the making, it has officially gained service-like authorities that will allow it greater oversight of its forces that are provided by the services and the capabilities it needs to conduct cyber operations. The organization will be directly overseeing a budget of roughly $3 billion.

She will take over as executive director early next month.

Adamski is currently the director of the Cybersecurity Collaboration Center, an unclassified facility outside NSA’s gates that’s designed to bolster the security of the defense industrial base, help maintain the United States’ global edge in AI and ensure malicious foreign actors can’t pilfer American AI capabilities.

In her new position, Adamski will help lead strategic initiatives to advance Cybercom’s capabilities, talent management and partnerships. Her appointment with her long pedigree in the cybersecurity field underscores the importance of digital security in safeguarding national interests, the command said.

“Over the past four years, I’ve been honored to serve as the Director of the NSA Cybersecurity Collaboration Center. The CCC has changed the narrative on U.S. intelligence sharing with the private sector. We created and proved operational collaboration not once, but thousands of times,” Adamski said in a LinkedIn post. “Our success was simple—partnerships and people. Partners who took a chance on us and the CCC workforce who wanted to do more. This has been one of the most amazing and rewarding jobs of my career.”

She will take over for Holly Baroody, who will head back to the NSA, though it is not immediately clear what role she will take on at the agency.

Baroody has served as executive director of Cybercom since at least late 2022, having previously been the deputy for the Cyber National Mission Force, Cybercom’s sub-unified headquarters that includes its most elite digital warriors charged with defending the nation from significant threats.

“I’m so proud to have led many of our strategic efforts, from helping establish Cyber Command’s first ever Artificial Intelligence Task Force to drive rapid adoption of AI solutions; to strengthening the partnership with DARPA through our Constellation partnership that enables us to overcome the cyber S&T valley of death and bring in the state of the art technologies to our operations; to strategically advancing Cyber Command’s Joint Cyber Weapons Architecture to ensure our cyber warriors have the best capabilities available to them,” she said in a LinkedIn post.

The post US Cyber Command is getting a new No. 3 appeared first on DefenseScoop.

The effort is born out of an AI roadmap that the command developed, which was mandated by Congress as part of the fiscal 2023 annual defense policy bill. The legislation charged Cybercom and the Department of Defense chief information officer — in coordination with the chief digital and artificial intelligence officer, director of the Defense Advanced Research Projects Agency, director of the National Security Agency and the undersecretary of defense for research and engineering — to jointly develop a five-year guide and implementation plan for rapidly adopting and acquiring AI systems, applications, supporting data and data management processes for cyber operations forces.

“U.S. Cybercom has developed an AI roadmap and is working to apply AI in cybersecurity to better identify and close vulnerabilities across Department of Defense networks,” Gen. Timothy Haugh, commander of Cybercom, said in prepared remarks for the Summit on Modern Conflict and Emerging Threats, hosted by Vanderbilt University, on Wednesday.

Last week during a House Armed Services Subcommittee on Cyber, Innovative Technologies, and Information Systems hearing, he noted that the roadmap lays out technologies the command wants to begin to experiment with, pilot and provide to the force.

“AI is a tool that enables our mission. It’s a tool that the talented members of the cyber operations forces have been using for years. Along with support from our partners, especially DARPA, DOD federally funded research-and-development centers, and our university partners, we have implemented machine learning models across our missions and currently use AI for operations,” Haugh said at the conference.

Haugh told the audience that the command established an AI task force “to move us from opportunistic AI application to systematic adoption, again, driven by strategic and tactical objectives.”

He listed three outcomes the task force will be focusing on:

• Delivering AI capabilities for operations by the cyber mission force — the offensive and defensive teams each service provides to Cybercom to conduct cyber ops — and integrating the task force more closely with operations.

• Posturing the command to enable AI adoption by addressing materiel issues such as policy and standards that will be critical for responsible, ethical, assured and secure AI application.

• Countering AI threats.

The organization is part of an integrated approach to addressing artificial intelligence between Cybercom and the NSA, which Haugh also heads.

Last year, the NSA established an AI Security Center, modeled off of and residing inside the Cyber Collaboration Center — an unclassified facility outside NSA’s gates designed to bolster the security of the defense industrial base (DIB), help maintain the United States’ global edge in artificial intelligence and ensure malicious foreign actors can’t pilfer American capabilities.

Haugh said NSA’s artificial intelligence roadmap was created to counter China with the goal of detecting and countering threats, driving and deepening partnerships through the government, industry and academia, and developing, evaluating and promoting best practices.

“AI, like our other tools and authorities, carries risk. By ensuring that we are using them in a carefully controlled, regulated and transparent manner, we can harness them to advance our national interests without threatening the rights of our citizens,” Haugh said. “NSA is uniquely positioned to take on this charge because of our multiple authorities levied by Congress and the president for protection of [national security systems] and the DIB, because of our strong dedication to civil liberties, privacy and transparency, and because of NSA’s cadre of experts working directly on the science of AI.”

Haugh told lawmakers last week that officials plan to learn a lot from the task force when it comes to being optimized in using AI for defensive and proactive purposes against threats.

The post Cybercom establishes AI task force appeared first on DefenseScoop.

In his first two months as director of the Defense Intelligence Agency, Lt. Gen. Jeffrey Kruse, as part of his threefold approach to setting the organization’s course, is addressing new and emerging security and intelligence challenges that include, among others, cyber and AI.

As part of that effort, he has launched a 90-day sprint to address foundational military intelligence for cyber, Kruse told the House Armed Services Subcommittee on Intelligence and Special Operations on Thursday.

DIA is responsible for providing intel on foreign militaries and owning all the intelligence directorates, or J2s, at the combatant commands.

Earlier in the week, Gen. Timothy Haugh, commander of U.S. Cyber Command and director of the National Security Agency, told Congress that he and Kruse are working on pilot efforts to expand cyber intel.

“We think that growing the foundational cyber intelligence of the department is [a] benefit, not just to U.S. Cyber Command — it’s all the other combatant commanders that we partner with every day. For us to do multi-domain integration, it starts with our understanding of our adversaries,” Haugh said at a Senate Armed Services Committee hearing Wednesday.

“When the process normally works for foundational intelligence, that’s our start point, particularly in crisis to generate options. Today that is largely falling on Cyber Command and NSA. We want to see that grow across the defense intelligence enterprise, and Gen. Kruse as the new director and I are kicking off some pilots together to be able to look at how could we begin to expand within DIA’s architecture, the amount of cyber intelligence focused — that focus that is out there to meet the need for not just us, but the other combatant commands as well.”

Cyber intelligence and intelligence support to cyber has often seemed elusive, with officials explaining the inherent differences and challenges associated with it relative to traditional military intelligence, especially since it is also so new.

When it comes to foundational intelligence, much is known about the physical world and the platforms like tanks and airplanes that forces have been using for decades. But that is still lacking in the cyber or network realm where detailed intelligence on foreign computer systems, configurations and architectures are paramount for successful operations. This also extends into the open-source world of social media as well.

For years, dating back to when Cybercom was created, there have been talks about building the capability and capacity for developing organic cyber intelligence within the U.S. military. Relatedly, as cyber has grown in importance, there have been increasing discussions at the Defense Intelligence Agency regarding what constitutes foundational cyber intelligence.

Additional challenges include the relationship between Cybercom and NSA. Despite the close linkage — the two organizations share a boss and are co-located — NSA has a fundamentally different mission focused on foreign intelligence targets. Having a dedicated military cyber intel capability under Title 10 — the part of U.S. law that governs the armed forces — is considered increasingly important.

“For me, understanding how intelligence supports cyber and how cyber supports intelligence — those are really important things for us to do. In the pre-9/11 days, right, you think about targeting and you think about like in the Cold War days, like what our intelligence enterprise would do when it was enough to just identify, ‘Oh, this is my adversary’s airbase or headquarters,’ whatever. Then it’s like, you put munitions on it,” Mieke Eoyang, deputy assistant secretary of defense for cyber policy, said at a Center for a New American Security event in Washington in September. “In the cyber domain, it’s not just enough to identify where that thing is physically located. It’s like, well, what is its network diagram … [and] how do I think about those things?”

DIA and Cybercom have been working together for the last few years to improve cyber intelligence and cyber support to intelligence.

The top officials in front of Congress this week signaled that renewed and continuing partnership in building this out.

Last year, a provision passed the Senate mandating the creation of a dedicated cyber intelligence center. However, that issue was scrapped from final legislation.

“The conferees agree that intelligence support to the planning and execution of cyber operations conducted below the level of armed conflict, for preparation of the operational environment, and at each level of operational art — strategic, operational, and tactical — must be substantially improved. The conferees believe that the causes of, and solutions to, this requirement are complex,” a congressional report stated regarding the dropping of the proposal. “The conferees are not prepared at this time to dictate a specific organizational solution, but expect the Secretary of Defense to generate and implement one.”

The report noted that as a still maturing organization, Cybercom must improve its ability to define and articulate requirements for intelligence support, noting it’s likely the command will still require assistance from the DIA and NSA.

The report further suggested that the cyber mission force — the personnel each military service provides to Cybercom to conduct cyber operations — does not possess sufficient deep technical expertise nor adequate access to data to generate the required level of analysis organically.

Cybercom had begun the process of establishing such a center prior to the proposed congressional mandate.

The 2023 Department of Defense cyber strategy also sought to make intelligence support for cyber ops a priority, expanding on the 2018 version that simply asserted the department “will conduct cyberspace operations to collect intelligence and prepare military cyber capabilities to be used in the event of crisis or conflict.”

“The 2023 DoD Cyber Strategy places renewed emphasis on the role intelligence plays in the planning and execution of cyberspace operations,” Ashley Manning, acting assistant secretary of defense for cyber policy, stated in written congressional testimony this week. “The Office of the Under Secretary of Defense for Policy is working closely with the Office of the Under Secretary of Defense for Intelligence and Security, and through them, the Defense Intelligence Enterprise, to ensure that the intelligence requirements of the cyber warfighter are prioritized. The Department will improve business practices and human capital management processes to expand cyber intelligence production and reduce barriers to information sharing consistent with applicable law, policies, and procedures.”

The strategy notes the DOD will prioritize necessary reforms to meet the intelligence needs of the cyberspace operations community.

The post DOD renewing focus on foundational cyber intelligence appeared first on DefenseScoop.

The Senate earlier this year passed a provision as part of its version of the annual defense policy bill, that would have directed the secretary of defense to establish a new organization to support the requirements of U.S. Cyber Command along with other combatant commands, military departments and agencies. However, in the conference report for the reconciled version of the fiscal 2024 National Defense Authorization Act, House and Senate conferees noted that they took the provision out.

“The conferees agree that intelligence support to the planning and execution of cyber operations conducted below the level of armed conflict, for preparation of the operational environment, and at each level of operational art — strategic, operational, and tactical — must be substantially improved. The conferees believe that the causes of, and solutions to, this requirement are complex,” the report states. “The conferees are not prepared at this time to dictate a specific organizational solution, but expect the Secretary of Defense to generate and implement one.”

For years, dating back to when Cybercom was created, there have been talks about building the capability and capacity for developing organic cyber intelligence within the U.S. military. Relatedly, as cyber has grown in importance, there have been increasing discussions at the Defense Intelligence Agency regarding what constitutes foundational cyber intelligence.

Lawmakers are concerned because, of more than two dozen agencies that focus on intelligence, there isn’t a direct line out of Cybercom’s intelligence shop that focuses on nation-state threats from a military angle. For example, the military intelligence apparatus has very specific knowledge of adversary systems and specifications, but that’s not always the case in cyberspace.

The conference report notes that as a still maturing organization, Cybercom must improve its ability to define and articulate requirements for intelligence support, noting it’s likely the command will still require assistance from the Defense Intelligence Agency and the National Security Agency. The command is co-located and shares a leader with the NSA.

Moreover, the document suggests that the cyber mission force — the personnel each military service provides to Cybercom to conduct cyber operations — does not possess sufficient deep technical expertise nor adequate access to data to generate the required level of analysis organically.

“At the strategic and operational level, there is a clear need for improved foundational intelligence. The conferees are concerned that the Department of Defense will continue to fail to address this persistent shortfall without a legislative mandate and the creation of an organizational element dedicated to the task,” the report states.

“A significant portion of the target systems analysis support that is currently lacking could be provided under a decentralized, federated model based on cooperative teaming among the existing service intelligence centers (and the Department’s foreign material acquisition and human intelligence components). This would obviate the need to establish a new, separate center dedicated to the cyber domain, but making a coalition work effectively on a sustained basis could prove to be very challenging without a committed leadership entity. The conferees urge the Secretary to devise an effective and sustainable organizational solution,” according to the report.

Enduring dual-hat relationship?

The report notes that vital network and systems engineering analysis support for Cybercom likely can only be achieved through NSA partnership. However, NSA’s national intelligence mission and budget cannot be further burdened with the level of tailored support required for military operations, according to conferees.

Rather, the secretary of defense should provide funding for Cybercom, separate from the national intelligence budget, to acquire and sustain the required technical analytical capability and capacity. This should be done in stages, lawmakers say, beginning with a small-scale pilot to develop a practical model that can be replicated.

They also note that the administration reported another favorable review for the dual-hat arrangement, where Cybercom and NSA share a boss and are co-located.

The report notes that the foregoing assessment suggests that this partnership should be extended, with the Pentagon’s independent funding responsibilities clearly delineated.

“Accordingly, the conferees urge the Secretary of Defense to develop an organization, and provide funding, personnel, and a management plan for the intelligence collection and analysis necessary to support the missions of Cyber Command and the other combatant commands in the disciplines of foundational intelligence, target systems analysis, and network and systems engineering analysis,” the document says.

The post Lawmakers nix proposal to create military cyber intelligence capability appeared first on DefenseScoop.

The center will reside within NSA’s Cybersecurity Collaboration Center, an unclassified facility outside NSA’s gates designed to bolster the security of the defense industrial base, and is designed to help maintain the U.S.’s global edge in AI and ensure malicious foreign actors can’t pilfer American AI capabilities.

“The AI Security Center will become NSA’s focal point for leveraging foreign intelligence insights, contributing to the development of best practices, guidelines, principles, evaluation methodology and risk frameworks for AI security with an end goal of promoting the secure development, integration and adoption of AI capabilities within our national security systems and our defense industrial base,” Gen. Paul Nakasone, director of the NSA, said at a National Press Club event Thursday. “The AI Security Center will also help the industry understand the threats against their intellectual property and collaborate to help prevent and eradicate threats. The AI Security Center will work closely with U.S. industry, national labs, academia, across the IC and Department of Defense and select foreign partners.”

In response to congressional direction, the NSA recently concluded an in-depth AI study.

One of the key findings, Nakasone said, was a need for AI security. This is squarely within the NSA’s lane as the national manager for national security systems and support to the defense industrial base.

“AI security is about protecting AI systems from learning, doing and revealing the wrong thing. It is a set of practices to protect AI systems and life cycles from digital attacks, theft and damage,” Nakasone said. “National security system owners and the defense industrial base are increasingly acquiring, developing and integrating AI capabilities into defense systems, cybersecurity and mission capabilities. Concurrently, adversaries are moving quickly to develop and apply their own AI and we anticipate they will begin to explore and exploit vulnerabilities in U.S. and allied AI systems … We must build a robust understanding of AI vulnerabilities, foreign intelligence threats to these AI systems.”

Given AI security is a cybersecurity responsibility, Nakasone said it made sense to place the new center within the Cybersecurity Collaboration Center.

He added that NSA’s expertise makes it well-positioned to meet the challenge.

“NSA is uniquely well positioned to bring its unique talent, expertise, threat insights and authorities as national manager for national security systems and its work with the defense industrial base to support this whole of government effort in conjunction with the private sector to ensure U.S. enduring advantage in artificial intelligence,” he said. “AI security is fundamental to that effort.”

The post NSA opening AI Security Center appeared first on DefenseScoop.

“Fracturing the current USCYBERCOM-NSA command arrangement would degrade flexibility, adaptability, and speed of action now provided through close and interconnected processes; ultimately impacting mission outcomes,” Lt. Gen. Timothy Haugh wrote to members of the Senate Armed Services Committee in a questionnaire as part of his confirmation process.

The phrase “dual hat” refers to Cybercom and NSA sharing a boss. When Cybercom was first created a decade ago, it was co-located with NSA at Fort Meade, Maryland to help the nascent command grow, relying on the personnel, expertise and infrastructure of the NSA. The arrangement was initially expected to be temporary.

Opponents say the dual-hat arrangement is too much work for a single person and relying on the intelligence community’s tools — which are meant to stay undetected — for military activities poses risks to such espionage activity.

Haugh said the demands of each position are effectively managed and aren’t excessive for one individual.  

There has been a burgeoning consensus in Washington that the two organizations have grown closer and might never split as officials have maintained the critical intelligence NSA provides helps feed Cybercom’s operations. Haugh noted in his confirmation hearing before the Senate Intelligence Committee July 12 that “the overlap between activities in cyberspace and within signals intelligence, those things are inextricably linked.”  

To date, many officials — including the findings of a conducted by a Defense Department and intelligence community steering group, led by former Chairman of the Joint Chiefs Joseph Dunford — have simply noted that the dual-hat arrangement is in the best interest of the United States.

However, Haugh, who is currently Cybercom’s deputy commander, went further, telling lawmakers that severing NSA and Cyber Command leadership would be problematic.

“The signals intelligence and cyber operating environments substantially overlap. Eliminating the dual hat would reduce relevant visibility and understanding across both mission sets, increasing risk to intelligence sources and operational activities,” Haugh wrote. “It would reduce the speed and effectiveness of cybersecurity collaboration in the protection of National Security Systems (NSS), the [DOD Information Network], and the [defense industrial base] by slowing and complicating information sharing and work with overlapping partners. Finally, ending the dual hat would complicate relationships with Allies and partners that conduct their own signals intelligence and cyberspace operations.”

Haugh told senators Thursday during his confirmation hearing before the Senate Armed Services Committee that having worked on each side of both organizations, “how we partner and be able to take the guidance from a single leader becomes effective in our response so we can move with the speed and agility today” — and it “would be very difficult to replicate [that] in a different configuration.”

‘Call balls and strikes’

One of the biggest arguments for keeping the current arrangement is having a single person at the top of both organizations that has oversight over the operations and activities of each.

Given the sensitivities and competing interests involved between espionage — which aims to burrow into systems and avoid detection for continued intel collection — and warfighting — which involves disrupting or destroying systems — some have argued for the need of a single person to weigh in on these equities.

“I think if you did not have a dual-hat arrangement … you would have two separate bureaucracies who would clash on a daily basis about the use of the tools, about the coordination of efforts, about the protection of their own silos,” Sen. Mike Rounds, R-S.D., ranking member of the Senate Armed Services Subcommittee on Cybersecurity, has said. “I think you have to have a person on top who can call balls and strikes between the two separate organizations.”

This so-called intelligence gain/loss, some argue, is essentially why there needs to be a single person in charge of each organization, rather than risk reducing speed of action and oversight by splitting leadership roles and adding more bureaucracy.

“This is perhaps the most critical advantage of the dual hat — a single decision maker, responsible and accountable for the mission outcomes of both organizations, is best equipped to protect critical intelligence equities while executing national priorities, as directed. It ensures fully informed tradeoff decisions are made under accountability to both the Secretary of Defense and Director of National Intelligence,” Haugh wrote.

“The most positive aspect of the dual hat is the ability of a single decision maker, responsible for the separate and distinct mission outcomes of both organizations, to allocate resources, set priorities, and execute complementary actions to produce critical outcomes for the nation. It ensures that a single, fully informed decision maker is able to protect our nation’s most sensitive signals intelligence equities and ensure both organizations are aligned with the nation’s priorities,” he added.

It is unclear when Haugh might be confirmed and take over for the retiring Gen. Paul Nakasone because Alabama Republican Sen. Tommy Tuberville has put a blanket hold on senior military officer confirmations in protest of the DOD’s abortion policies.

The post Cybercom-NSA nominee argues severing dual hat would be ‘time consuming, more complex and less effective’ appeared first on DefenseScoop.