If the National Security Agency and Cyber Command were to split, NSA Executive Director Corin Stone explained that any disagreements between the agencies would be decided by the secretary of defense and the director of national intelligence, to ensure fair judgment.
There have been conflicting opinions on the decision on whether to split the NSA from U.S. Cyber Command, which have traditionally operated as separate agencies under a dual-hat system with the same head. Stone said that Cyber Command is tasked with protecting Department of Defense networks, and the NSA conducts foreign signals intelligence and protects other national security systems, which are already separate jobs.
“If the dual hat splits, it won’t make a huge difference, frankly,” Stone said in the Steptoe Cyberlaw Podcast last week.
Stewart Baker, former National Security Agency general counsel and partner at Steptoe & Johnson, questioned what would happen if the two agencies disagreed on a course of action. For example, how would the situation be resolved if Cyber Command wanted to take down an enemy’s network but the NSA wanted it to remain open because it was collecting useful intelligence information from the network.
“It makes it more sensible to have a civilian head,” Baker said, referring to the current head of both the NSA and Cyber Command, Adm. Michael Rogers.
Baker said that it would be unfair if the military branch, Cyber Command, received more authority from a leader with a military background.
Stone said that this wouldn’t be the case because in the event of a disagreement between the different agencies, the two would voice their reasoning to the secretary of defense and the director of national intelligence, who would then make a decision together.
The NSA is also trying to monitor what information goes in and out of the agency without alienating employees.
The NSA has suffered from security leaks due to employees Edward Snowden and Harold Martin, which has forced the agency to focus more on what data is leaving Fort Meade. The NSA has also had to consider intimidating its trustworthy employees during the dip in morale following these security leaks.
“It’s about defeating the enemy and making sure we’re not doing anything to enable [them],” Stone said.
Snowden and Martin, both NSA contractors, were charged with stealing classified government information. Stone said that monitoring the movement of information has become more difficult with the use of flash drives and other technology that makes data mobile.
“Any leaks, any unauthorized disclosures has an impact on morale,” Stone said. “We’ve got a dedicated workforce. They’re extremely sophisticated technical experts working very long hours on tough, tough problems, sometimes for years at a time and when someone is a peer or a colleague or someone they knew or someone they didn’t know decides to break trust with the U.S. government, with the American people, and with their peers and colleagues, that’s something that does deal a blow to morale.”
Stone said that there has to be some layer of trust between the agency and employees because carrying flash drives has become commonplace and the agency can’t inspect every one. Stone also said that the employees at NSA especially care about protecting citizen information.
The NSA is also working to increase transparency following these leaks by encouraging employees to discuss its mission with the public to be less of a mystery. This method also helps with hostile audiences, according to Baker.
“If somebody is standing there and they’re talking like you, and they sound like you, and they’re just an ordinary person like you, it’s hard to hate them,” Stewart said.
The NSA’s current organizational system, which was revamped in 2016 under the name NSA21, integrates offensive and defensive cyber operations. Stone said that she believes that the focus on each side is balanced and allows the agency to tackle threats faster.
“We have already seen more agility based on that integration,” Stone said.
NSA has updated its goals in other ways, including fostering creativity and providing more support to its personnel throughout their careers. Stone said that the NSA has been supporting its employees by focusing on diversity efforts.
The NSA runs free GenCyber camps for students from elementary through high school to learn about cybersecurity. The NSA has also been reaching out to students at Historically Black Colleges, such as Morgan State University and Howard University, to consider careers at the agency.
Stewart said that the NSA already has some level of diversity because of the many different military and civilian backgrounds of its employees. Stone said there was more that could be done, but agreed in that respect.
“We do have a level of diversity that’s extraordinary,” Stone said.