Members of Congress have eliminated a proposed directive that the Department of Defense establish a dedicated cyber intelligence center.
The Senate earlier this year passed a provision as part of its version of the annual defense policy bill, that would have directed the secretary of defense to establish a new organization to support the requirements of U.S. Cyber Command along with other combatant commands, military departments and agencies. However, in the conference report for the reconciled version of the fiscal 2024 National Defense Authorization Act, House and Senate conferees noted that they took the provision out.
“The conferees agree that intelligence support to the planning and execution of cyber operations conducted below the level of armed conflict, for preparation of the operational environment, and at each level of operational art — strategic, operational, and tactical — must be substantially improved. The conferees believe that the causes of, and solutions to, this requirement are complex,” the report states. “The conferees are not prepared at this time to dictate a specific organizational solution, but expect the Secretary of Defense to generate and implement one.”
For years, dating back to when Cybercom was created, there have been talks about building the capability and capacity for developing organic cyber intelligence within the U.S. military. Relatedly, as cyber has grown in importance, there have been increasing discussions at the Defense Intelligence Agency regarding what constitutes foundational cyber intelligence.
Lawmakers are concerned because, of more than two dozen agencies that focus on intelligence, there isn’t a direct line out of Cybercom’s intelligence shop that focuses on nation-state threats from a military angle. For example, the military intelligence apparatus has very specific knowledge of adversary systems and specifications, but that’s not always the case in cyberspace.
The conference report notes that as a still maturing organization, Cybercom must improve its ability to define and articulate requirements for intelligence support, noting it’s likely the command will still require assistance from the Defense Intelligence Agency and the National Security Agency. The command is co-located and shares a leader with the NSA.
Moreover, the document suggests that the cyber mission force — the personnel each military service provides to Cybercom to conduct cyber operations — does not possess sufficient deep technical expertise nor adequate access to data to generate the required level of analysis organically.
“At the strategic and operational level, there is a clear need for improved foundational intelligence. The conferees are concerned that the Department of Defense will continue to fail to address this persistent shortfall without a legislative mandate and the creation of an organizational element dedicated to the task,” the report states.
“A significant portion of the target systems analysis support that is currently lacking could be provided under a decentralized, federated model based on cooperative teaming among the existing service intelligence centers (and the Department’s foreign material acquisition and human intelligence components). This would obviate the need to establish a new, separate center dedicated to the cyber domain, but making a coalition work effectively on a sustained basis could prove to be very challenging without a committed leadership entity. The conferees urge the Secretary to devise an effective and sustainable organizational solution,” according to the report.
Enduring dual-hat relationship?
The report notes that vital network and systems engineering analysis support for Cybercom likely can only be achieved through NSA partnership. However, NSA’s national intelligence mission and budget cannot be further burdened with the level of tailored support required for military operations, according to conferees.
Rather, the secretary of defense should provide funding for Cybercom, separate from the national intelligence budget, to acquire and sustain the required technical analytical capability and capacity. This should be done in stages, lawmakers say, beginning with a small-scale pilot to develop a practical model that can be replicated.
They also note that the administration reported another favorable review for the dual-hat arrangement, where Cybercom and NSA share a boss and are co-located.
The report notes that the foregoing assessment suggests that this partnership should be extended, with the Pentagon’s independent funding responsibilities clearly delineated.
“Accordingly, the conferees urge the Secretary of Defense to develop an organization, and provide funding, personnel, and a management plan for the intelligence collection and analysis necessary to support the missions of Cyber Command and the other combatant commands in the disciplines of foundational intelligence, target systems analysis, and network and systems engineering analysis,” the document says.