The move comes as the administration is focused on deterring Russian efforts to disrupt the November election and, more broadly, to undermine U.S. democracy. Although Trump has sent mixed signals on the issue, his administration, from Vice President Pence on down, has warned Russia that it will not tolerate foreign interference in American politics.
The new directive, first reported by the Wall Street Journal, comes as Gen. Paul Nakasone, who heads both the National Security Agency and U.S. Cyber Command, has recommended to Pentagon leaders that the two organizations remain under one head for at least two years. The call to end this “dual-hat” arrangement dates to the Obama administration, but the effort was delayed, and when Nakasone took over he gave the matter a fresh look.
Nakasone, who submitted his recommendation Aug. 5, believes the nine-year-old CyberCom still needs intelligence support from the NSA, according to people familiar with his thinking, and that separate leadership would hinder that effort. This would keep in place the structure that has existed since CyberCom’s launch. At the same time, Nakasone has set up a “small group” comprised of people from both organizations to work together to detect and thwart Russian interference in the midterm elections.
Taken together, these moves show a strengthened focus on military cyber capabilities — and reflect a mounting concern on the part of senior security officials about the severity of the threat from foreign adversaries, especially Russia.
Director of National Intelligence Daniel Coats recently warned that the “lights are blinking red” and “the digital infrastructure that serves this country is literally under attack.”
The NSA declined to comment on Nakasone’s recommendation, but confirmed that he had provided it to Defense Secretary Jim Mattis and Gen. Joseph F. Dunford Jr., chairman of the Joint Chiefs of Staff, for their review. Dunford is expected to make his recommendation to Mattis as early as next week.
Trump’s cyber order replaces one issued by President Barack Obama in 2012, called Presidential Policy Directive 20, which laid out a framework for undertaking offensive and defensive cyber actions. Many military cyber operators saw it as needlessly constraining.
The new order also applies to other agencies, although the Pentagon is the primary focus, said a senior administration official who spoke on the condition of anonymity to discuss a nonpublic document. Some officials have advocated such a move for years. When Trump’s national security adviser, John Bolton, arrived at the White House, he spearheaded a new push for the policy, the official said.
Former acting deputy assistant secretary of cyberdefense policy Kate Charlet said “it makes sense” for the defense secretary to have authority for certain operations. “Say you wanted to stop Russia from going after our critical infrastructure — if we have an opportunity to prevent something like that, then we should be able to act on that quickly,” Charlet said.
Under the Obama-era order, such an operation would be vetted by agencies including the State Department and intelligence agencies, in a National Security Council-led process. Final approval lay with the president. “There was always pushback,” recalled Aaron Hughes, another former senior Pentagon official. “We were hamstrung for so many things we felt were benign.”
Former State Department cyber coordinator Christopher Painter said he supports using cyber capabilities, “but at the same time, you need to make sure you’re looking at other national equities.” It’s important, he said, to ensure that a cyber operation does not compromise intelligence collection, law enforcement investigations and diplomatic relations.
Nakasone’s recommendation to maintain one head over both the NSA and CyberCom is rooted in a determination that CyberCom does not yet have the level of intelligence support it needs to operate effectively on its own. To conduct offensive or defensive operations, it relies primarily on intelligence collected and analyzed by the NSA, which is much larger. Both are located at Fort Meade, Md.
Nakasone has said that even if the two organizations have different leaders, they will always need to work together closely. But the two have different missions. CyberCom’s is to disrupt and destroy adversaries’ networks when directed. The NSA’s is to gather foreign intelligence as required by policymakers, as well as to support military commanders.
“CyberCom needs tactical intelligence on military targets,” said Hughes, which he said is generally not what NSA is collecting. So CyberCom, although it will always rely to some extent on the NSA, needs to develop its own collection capability to be effective, he said.
While senior officials understand the need for the NSA to share technical intelligence with CyberCom, it has not always worked smoothly at the operational level, said people familiar with the matter, who spoke on the condition of anonymity to discuss a sensitive issue. To alleviate that, Nakasone has set up a cryptologic support group within CyberCom to serve as a hub for intelligence sharing.
Several cyber experts and former senior government officials say the two organizations should have their own heads.
“The military and intelligence missions are related but they’re fundamentally different,” said Michael Daniel, White House cyber coordinator in the Obama administration. “So for CyberCom to be truly and fully functional in the way the nation needs, it needs to be its own separate organization.”
Alice Crites contributed to this report.