Russia hack requires new cybersecurity paradigm
As the full extent of the damage of Russia’s hack into private sector and government computer systems continues to be investigated – with the recent revelations that Russian cyber operators may have stolen the source code for pervasive Microsoft products – there has been little effort to bring various stakeholders together to determine what long-term and strategic technical and policy solutions are needed.
There are various options to pursue, including decoupling the leadership and organizational structures of the National Security Agency (NSA) and U.S. Cyber Command (USCC), which we have already advocated as a prudent, albeit contentious step.
Load Error
We recognize that there are valid concerns about the timing of such a move, including from congressional leaders who have highlighted the dangers of doing so during an unprecedented cybersecurity crisis. We do not disagree that the rash implementation of such a split could cause significant harm to ongoing national security efforts. But we believe that this moment presents an opportunity for a deliberate path to splitting the two agencies’ leadership that will enhance not only each organization’s abilities to conduct their missions but also cybersecurity and cyber operations efforts writ large.
Such a path requires concerted efforts across both executive agencies and congressional overseers over the next few months to develop, execute and manage processes in three distinct areas: internal decoupling, interagency coordination and rigorous oversight. Clearly defining the necessary outcomes and the processes that will lead to them will minimize mission disruption, enhance national security outcomes and avoid the can-kicking on an NSA-USCC split that has characterized the dialogue over the past decade.
The process for the internal decoupling of NSA and USCC should focus on the most critical issues and personnel impacted. General Paul Nakasone – like his predecessors, dual-hatted as both the NSA director and USCC commander – should be tasked with developing a list of the 3-5 most critical challenges that will arise because of the split in consultation with…