Congress Should Stop Pretending Cyber Command Can Fight With One Hand Tied

The Legal Seams Behind Every Breach

U.S. Cyber Command was built under Title 10 as a warfighting combatant command, which means its teams operate under the law of armed conflict and presidential military orders, while the National Security Agency and CIA hunt foreign spies and terrorists under Title 50 intelligence statutes and Executive Order 12333. The seams are not academic. They decide who can touch a router inside a foreign power's infrastructure, what paperwork must precede the touch, and whether the action leaves fingerprints a court can later review.

That seam is where adversaries live. A Chinese Ministry of State Security group parks inside a U.S. internet service provider for months. Under current rules, Cyber Command may need a Title 10 order to act outside declared hostilities, while the National Security Agency's discovery sits in an intelligence channel governed by FISA and Section 702. The clock runs. The House Armed Services Committee is marking up the FY2027 NDAA this month, and the Authorization Act should address this gap rather than fund another PowerPoint campaign about integrated deterrence.

The dual-hat arrangement was supposed to solve this. Since 2014, the same four-star officer has led both NSA and CYBERCOM from Fort Meade, Maryland. The idea was to marry signals intelligence with military cyber effects in real time. It worked for theater operations in Iraq and Syria. It does not work when the threat is a state-sponsored group pre-positioning inside American critical infrastructure without ever crossing a declared threshold of war.

Section 702 of the Foreign Intelligence Surveillance Act is set to expire on December 31, 2026. Lawmakers will spend the summer pretending the deadline is distant. It is not. Renewal fights have already begun, and the surveillance reform lobby is loud. But Section 702 governs the collection that lets NSA see the foreign side of the traffic. Without it, the foreign intelligence foundation of cyber defense crumbles, no matter how many operators CYBERCOM hires.

Why Title 50 Authority Is the Lesser Risk

Moving persistent cyber operations to Title 50 does not erase the military's role; it places the mission under intelligence statutes, attorney general guidelines, and the oversight committees that already monitor the CIA and the National Security Agency, rather than leaving it to combatant command orders alone. That is a narrower, older, and more audited box than most civilians assume. Executive Order 12333, signed in 1981, already requires agencies to conduct intelligence activities only under specific presidential approvals, attorney general procedures, and congressional notification regimes.

Congressional oversight is already bifurcated. The House and Senate Armed Services Committees handle CYBERCOM's Title 10 budget and doctrine, while the Intelligence Committees handle NSA and CIA under Title 50. That split means a single operation can be claimed by two committees, audited by two inspectors general, and briefed to two different sets of staff directors. Title 50 consolidation would not eliminate oversight. It would place it where the statutes already live.

The alternative is worse. Under Title 10, every network action risks being characterized as a use of force under the United Nations Charter and the law of armed conflict. That forces lawyers into the loop for actions that are, in truth, intelligence collection and disruption. Adversaries know this. They route operations through civilian infrastructure and wait for the American side to argue with itself about which title applies.

Congress created U.S. Cyber Command in 2009 and elevated it to a unified combatant command in 2018. That growth was necessary. But growth without authority reform creates the very workforce cynicism that leads good operators to leave Fort Meade for contractors who pay more and complain less. Title 50 is not a magic wand. It is a recognized legal lane that lets skilled people do the job they already trained to do.

What the Workforce Needs From the NDAA

The FY2027 NDAA should direct the Secretary of Defense and the Director of National Intelligence to produce a joint framework that assigns persistent engagement, hunt-forward operations, and pre-positioned access to Title 50 agencies, while reserving Title 10 for declared cyber effects in armed conflict. The workforce does not need another study. It needs clear lanes.

Second, the bill should fund cyber personnel at rates that match the private market, not the General Schedule fantasy that pretends a cloud security architect is worth the same as a paper pusher at the Department of Agriculture. CYBERCOM has roughly 6,200 authorized personnel. The private sector will absorb that many qualified engineers in a single quarter if Congress keeps treating technical talent as interchangeable.

The NDAA should also end the fantasy that cyber operators can be hired, cleared, and trained on the same timeline as infantry officers. A junior network exploitation analyst needs years of technical schooling, certification, and mentorship before producing reliable effects. The current personnel system treats that arc as a luxury. It is not. It is the price of admission for a fight that runs at machine speed.

Third, lawmakers should renew Section 702 cleanly and on time. The intelligence community does not need new powers. It needs stable authorities. If 702 lapses, operators will spend 2027 building collection workarounds instead of hunting adversaries. That is a gift to the Ministry of State Security, the Islamic Revolutionary Guard Corps, and every ransomware affiliate watching this debate from a safe house.

Leadership will resist because clear authority means clear accountability. Bureaucracies prefer ambiguity. But the workforce is tired of briefings that substitute buzzwords for orders. Give them a statute, a budget, and a chain of command that matches the threat. The rest is execution.