December 1, 2016 / by emptywheel

 

CYBERCOM versus NSA: On Fighting Isis or Spying on Them

I keep thinking back to this story, in which people in the immediate vicinity of Ash Carter and James Clapper told Ellen Nakashima that they had wanted to fire Admiral Mike Rogers, the dual hatted head of CyberCommand and NSA, in October. The sexy reason given for firing Rogers — one apparently driven by Clapper — is that NSA continued to leak critical documents after Rogers was brought in in the wake of the Snowden leaks.

But further down in the story, a description of why Carter wanted him fired appears. Carter’s angry because Rogers’ offensive hackers had not, up until around the period he recommended to Obama Rogers be fired, succeeded in sabotaging ISIS’ networks.

Rogers has not impressed Carter with his handling of U.S. Cyber Command’s cyberoffensive against the Islamic State. Over the past year or so, the command’s operations against the terrorist group’s networks in Syria and Iraq have not borne much fruit, officials said. In the past month, military hackers have been successful at disrupting some Islamic State networks, but it was the first time they had done that, the officials said.

Nakashima presents this in the context of the decision to split CYBERCOM from NSA and — click through to read that part further down in the piece — with Rogers’ decision to merge NSA’s Information Assurance Directorate (its defensive wing) with the offensive spying unit.

The expectation had been that Rogers would be replaced before the Nov. 8 election, but as part of an announcement about the change in leadership structure at the NSA and Cyber Command, a second administration official said.

“It was going to be part of a full package,” the official said. “The idea was not for any kind of public firing.” In any case, Rogers’s term at the NSA and Cyber Command is due to end in the spring, officials said.

The president would then appoint an acting NSA director, enabling his successor to nominate their own person. But a key lawmaker, Sen. John McCain (R-Ariz.), the chairman of the Senate Armed Services Committee, threatened to block any such nominee if the White House proceeded with the plan to split the leadership at the NSA and Cyber Command.

I was always in favor of splitting these entities — CYBERCOM, NSA, and IAD — into three, because I believed that was one of the only ways we’d get a robust defense. Until then, everything will be subordinated to offensive interests. But Nakashima’s article focuses on the other split, CYBERCOM and NSA, describing them as fundamentally different missions.

The rationale for splitting what is called the “dual-hat” arrangement is that the agencies’ missions are fundamentally different, that the nation’s cyberspies and military hackers should not be competing to use the same networks, and that the job of leading both organizations is too big for one person.

They are separate missions: CYBERCOM’s job is to sabotage things, NSA’s job is to collect information. That is made clear by the example that apparently irks Carter: CYBERCOM wasn’t sabotaging ISIS like he wanted.

It is not explicit here, but the suggestion is that CYBERCOM was not sabotaging ISIS because someone decided it was more important to collect information on it. That sounds like an innocent enough trade-off until you consider CIA’s prioritization for overthrowing Assad over eliminating ISIS, and its long willingness to overlook that its trained fighters were fighting with al Qaeda and sometimes even ISIS. Add in DOD’s abject failure at training their own rebels, such that the job reverted to CIA along with all the questionably loyalties in that agency.

There was a similar debate way back in 2010, when NSA and CIA and GCHQ were fighting about what to do with Inspire magazine: sabotage it (DOD’s preference, based on the understanding it might get people killed), tamper with it (GCHQ’s cupcake recipe), or use it to information gather (almost certainly with the help of NSA, tracking the metadata associated with the magazine). At the time, that was a relatively minor turf battle (though perhaps hinting at a bigger betrayed by DOD’s inability to kill Anwar al-Alwaki and CIA’s subsequent success as soon as it had built its own drone targeting base in Saudi Arabia).

This one, however, is bigger. Syria is a clusterfuck, and different people in different corners of the government have different priorities about whether Assad needs to go before we can get rid of ISIS. McCain is clearly on the side of ousting Assad, which may be another reason — beyond just turf battles — why he opposed the CYBERCOM/NSA split.

Add in the quickness with which Devin Nunes, Donald Trump transition team member, accused Nakashima’s sources of leaking classified information. The stuff about Rogers probably wasn’t classified (in any case, Carter and Clapper would have been the original classification authorities on that information). But the fact that we only just moved from collecting intelligence on ISIS to sabotaging them likely is.

CYBERCOM and NSA do have potentially conflicting missions. And it sounds like that was made abundantly clear as Rogers chose to prioritize intelligence gathering on ISIS over doing things that might help to kill them.

Copyright © 2018 emptywheel. All rights reserved.
Originally Posted @ https://www.emptywheel.net/2016/12/01/cybercom-versus-nsa-fighting-isis-spying/