9 January 2018

Agency Transformed, NSA Chief Rogers Set for Spring Departure

The Cipher Brief

The Cipher Brief spoke with its former NSA and cyber experts on their reactions to the news that NSA and Cyber Command chief Adm. Michael Rogers would be retiring in the spring. In his four years in the post, Rogers presided over a controversial reorganization of NSA that some hailed as rendering the top code-breaking agency as more efficient, but that roiled the workforce. Rogers was also central to the maturation of U.S. Cyber Command as it grew into its first unclassified mission against ISIS but encountered a number of damaging leaks of highly classified information over at NSA.

He also interviewed with then President-elect Donald Trump for the post as Director for National Intelligence while still serving as NSA chief to President Barack Obama, but has also been steadfast to his role of NSA director in publicizing Russian efforts to influence the 2016 elections.

Lt. Gen. James Clapper, former Director of National Intelligence:

I believe he completes four years in both jobs in April, so this would be “normal,” in the absence of another extension, if this information is, in fact, valid.

To me, the important thing is using the occasion of his retirement, to split NSA from CYBERCOM, and civilianizing the position of Director of NSA.

Lt. Gen. Kevin McLaughlin, former Deputy Commander of U.S. Cyber Command, who worked for Rogers:

First, I don’t think people should jump too quickly as to whether this has anything to do with him being out of favor with President Donald Trump or anybody else. What I think may be going on is simply that before I left, the Secretary of Defense and the Chairman [of the Joint Chiefs] may have recommended that we use the decision to elevate Cyber Command become a full combatant command as an opportunity to also separate the dual-hat.

In terms of what we know as facts, we know that in August 2017 the president announced we would elevate Cyber Command to be a full combatant command on par with PACOM, CENTCOM and EUCOM.

Today, Cyber Command is a subordinate under U.S. Strategic Command. But there has not be any discussion at all about that since then, it has been quiet. So what I think has been happening, is that they have been trying to get all their planning in place to actually elevate U.S. Cyber Command and at the same time separate the dual-hat – Mike Rogers is both the Director of NSA and the Commander of Cyber Command today.

What I think you will see happen here relatively soon, what I would expect is to see, is a nomination of a four-star to become the Commander of U.S. Cyber Command as an elevated command, and a separate nomination of a senior leader to be the Director of NSA in a separate capacity.

What will the effect be?

On one hand, I think it will maybe let both organizations grow more naturally without having any burden caused by the dual-hat, which there are some limitations and drawbacks.

The 2017 NDAA contains language that makes it difficult to split the dual-hat unless the Defense Secretary and Chairman jointly certify that certain steps have been taken to ensure such a split could be undertaken without causing unacceptable risks to either organization.

The concern was that U.S. Cyber Command was still heavily dependent on NSA – it has not yet invested sufficient money and people to let them stand on their own two feet. So they actually put restrictions in the law…that said to not separate the hats until the Secretary of Defense and the Chairman certified to the Congress that they had made the necessary investments in order to keep the risk manageable by splitting the hats.

Assuming a dual hat split is going to happen in the near term, it will be interesting to see if the joint certification was made and what it contained.

Remembering Admiral Rogers’ achievements

On the positive side, I think taking U.S. Cyber Command from its very infant organization with really no real facility or structures and I think he will be remembered for guiding the command to where it has the whole cyber mission force exists, it is doing complex offensive and defensive operations globally. We have acknowledged and unclassified that we are conducting our first offensive actions against ISIS. The command really has matured significantly and it has gotten to the point where separating it from NSA is actually plausible to think about where it wouldn’t have been several years ago.

We should also look to see what type of official is named as the new Director of NSA if they do separate the hats now. Prior to the establishment of U.S. Cyber Command and the promotion of Keith Alexander as the first 4-Star commander of Cyber Command, the Director of NSA had traditionally been a 3-Star military officer. Some have suggested that a separate Director (after separating the dual-hat) should be a 4-Star military officer or a 4-Star equivalent civilian. There are pros and cons of all approaches and it will be interesting to see what the eventual decision inside the Executive Branch is and how the Congressional oversight committees react.

Rhea Siers, former Deputy Associate Director for Policy, NSA:

It’s a pretty challenging job to stay in and he unfortunately has had some pretty considerable challenges to deal with, some of which are his own, and others which come externally.

He’s dual hatted, so it’s NSA and Cyber Command, and I know that Cyber Command is slated to become a full unified command, but that deal is not finished. One has to wonder if the final separation is one of the signals for him that it’s time to move on.

In all honesty, for any human, it’s a huge job, and I think they have to be honest and say, how could anybody do this job? I was always amazed by the breadth of issues and just daily transactional things that the Director of NSA has to deal with just on the NSA side of the house.

NSA needs to be focusing on its workforce, its intelligence mission, its morale, and its internal security. That would probably be better done by a separate director at this point.

It’s pretty clear that internally there have been issues at NSA, in terms of attrition…Security issues, personal security issues are also of great concern. He’s also dealing with an agency that’s still reeling from [the leaks of former NSA contractor Edward] Snowden, and now is dealing with a Commander-in-Chief who has a “Deep State” fixation, and certainly says things which I would say can’t contribute to positive morale in any intelligence agency.

The other piece for him—he’s already been on the chopping block in the previous administration, although that did not occur. Of course, I don’t have inside information on why he was on the chopping block, except it appears to be an issue related both to his internal management style and NSA21, the latest reorganization, as well as the capabilities and progress made by Cyber Command.

To me it seems like—certainly if I were him I think I would have had enough, but beyond that it’s really the right time to start looking at who the director of NSA should be in the future, whether it’s time to move to a civilian or not.

Can we go back to comments on NSA21 and Rogers’ involvement in that?

It’s a catalyst, and I think it’s easy to criticize a reorganization plan from the outside. I’m sure that it was based on some things that needed to change, but there seem to be continuous problems in the way the workforce was receiving it—at almost all levels. It’s hard to know what went wrong there, but—and there’s always harping about a reorganization. I went through several myself there [at NSA]. But this one seemed to be particularly deep-seated.

I don’t know if that was partially a product of all the other things that were going on post-Snowden at the agency, but there certainly seemed to be a great deal of resentment among people who would verbalize it. And you’re not necessarily getting a clear sample from across the agency. You’re hearing from the people who are leaking their feelings and probably tend to be in the “anti-Rogers camp.”

Michael Sulmeyer, the Director of the Belfer Center’s Cyber Security Project at Harvard University:

On the one hand, he came into the job with two very important things underway. The first was dealing with the fallout from Snowden. So immediately, he came into sort of an organization in crisis on the NSA side. On the CyberCom side, he came into an organization that had agreed on what its force posture and what the cyber mission force was going to look like—now it just needed to implement it.

He inherited both of those two issues. One: deal with keeping secrets secret, and two: build Cyber Command. I think on the former, the issue of keeping secrets secret, it has gone from bad to worse. On the latter, in terms of maturing Cyber Command, we don’t have a lot of external evidence of the cyber mission force being decisive in terms of national security, but if you look at sort of Ash Carter’s recent report on the campaign to defeat ISIS, he’s extremely critical of DoD cyber forces being able to accomplish anything. So, I’d say on both accounts it actually is not overwhelmingly positive.

With Rogers’ departure, so may end the dual-hatted leadership of Cyber Command and NSA.

I think it’s time to separate the two jobs. I think there was a time when keeping them together was the right thing to do, but that time has now elapsed, and it’s time to really empower a Cyber Command Commander to fight for his own priorities and his own resources. And it’s time for NSA to really focus on how the signals intelligence collection mission is going to work going forward given all the recent unauthorized disclosures. Those are two really, really big jobs, and they’re both really different.

About low morale at NSA—I don’t see anybody coming out and arguing the other side of that. And that’s telling. So, whomever comes in to replace Adm. Rogers needs to really think about what they’re going to do to rebuild morale and focus on the workforce and core competencies there.

No comments: