Split Command: Why NSA and Cyber Command Still Cannot Agree on a Firewall

The dual-hat arrangement tying NSA director to Cyber Command chief was supposed to clarify cyber authorities. It has instead buried operational decisions under a pile of Title 10 and Title 50 turf battles that leave the workforce guessing who owns the mission.

What broke the dual-hat model?

The arrangement that puts one four-star officer in charge of both the National Security Agency and United States Cyber Command made sense in 2010 when the military needed to borrow signals intelligence infrastructure just to get off the ground. It does not make sense in 2026. The workforce now spends more time adjudicating authorities than running operations, and the confusion starts at the top. The dual-hat was always a temporary fix. Temporary fixes become permanent when no one wants to pay for the real solution.

Title 10 gives Cyber Command the authority to conduct military operations, including offensive cyber strikes against declared adversaries. Title 50 covers the intelligence activities that NSA performs under the National Security Act of 1947, the Foreign Intelligence Surveillance Act, and Executive Order 12333. The same network, the same operators, the same targets, but two entirely different legal regimes. When a target sits on infrastructure that touches U.S. persons, or when a foreign server routes through a domestic provider, the lawyers take over and the mission clock keeps running.

This is not a theoretical problem. The Government Accountability Office reported in 2023 that the Department of Defense had not fully defined roles and responsibilities between Cyber Command and NSA in cyberspace. Two years later, the Pentagon’s own cyber strategy acknowledged that command and control relationships need clarification. Yet the 2026 posture statements delivered to Congress still describe the dual-hat arrangement as a source of strength. Ask anyone in a joint operations center whether strength is the right word.

How does Section 702 make the boundary fuzzier?

Section 702 of FISA authorizes NSA to collect the communications of non-U.S. persons located overseas without an individual warrant, and that same authority becomes a legal thicket when Cyber Command operators want to use the resulting intelligence to plan or assess a Title 10 military operation. The collection is upstream, it is broad, and it is invaluable for foreign intelligence. It is also a constant source of friction that slows targeting cycles and invites oversight disputes no operator wants to explain twice.

The rules are not hidden. The Foreign Intelligence Surveillance Court publishes redacted opinions. The Privacy and Civil Liberties Oversight Board has issued detailed reports on Section 702 implementation. The problem is implementation inside a command that wears two hats. A Section 702 database query by an NSA analyst is governed by minimization procedures overseen by the Attorney General and the FISA Court. A Cyber Command operator pulling similar information for a targeting cycle needs to know whether the query is for intelligence or for military action, because the answer determines which overseer reviews it.

That distinction collapses in practice. Operators do not wake up and choose one hat. They follow a target, develop a package, and pass it through multiple review cells. Every handoff introduces delay. Every classification difference creates a seam that adversaries exploit. Russia’s GRU, China’s Ministry of State Security, and Iran’s Islamic Revolutionary Guard Corps do not pause their campaigns while American lawyers sort out which color folder a target file belongs in. The Russians ran pre-positioning operations inside U.S. critical infrastructure for years. The Chinese did the same. Legal ambiguity did not stop them.

What would a clean split actually fix?

Separating the NSA director and Cyber Command commander would not solve every problem. It would solve the most expensive one: the pretense that two organizations with different legal authorities, different oversight chains, and different cultures can be run as one without friction. The dual-hat arrangement worked when Cyber Command was small and borrowed everything. It fails now that Cyber Command has 133 Cyber Mission Force teams and its own acquisitions, training, and operations tempo.

The intelligence community needs NSA focused on collection, analysis, and foreign intelligence dissemination. The military needs Cyber Command focused on lethality, readiness, and the defense of critical systems. Each organization would keep its relationships with U.S. Cyber Command’s service cyber components, with Cyber Mission Force teams, and with combatant commanders. Each would answer to its own oversight committees and inspectors general. That clarity costs money in duplicated staff and facilities, but it costs less than a missed operation or a violated statute.

The workforce would notice immediately. Cyber operators joined the mission to impose costs on adversaries, not to navigate a maze of approvals. Intelligence analysts joined to produce foreign intelligence, not to worry that a tip they passed to a military customer might end up in a Title 10 strike package reviewed under the wrong standard. Splitting the hats is not a purge. It is an honest accounting of what the job already is.

Why leadership keeps postponing the decision

The official reason for keeping the dual-hat arrangement is unity of command. The unofficial reason is that splitting it requires an act of Congress, new appropriations lines, and a fight over which committee owns which piece of the cyber budget. No one in the Pentagon or Fort Meade wants to spend political capital on reorganization when they can spend it on operations. That is understandable. It is also how organizations rot from the inside.

That calculation is short-sighted. The 2024 National Defense Authorization Act directed the Secretary of Defense to report on cyber command and control. The 2025 authorization continued the study. Studies are useful for generating briefing charts. They are less useful for fixing a structure that predates the current threat environment. China’s Volt Typhoon activity in U.S. critical infrastructure, first disclosed publicly in 2023, should have settled the question. A military command responsible for defending the homeland needs a chain of command that matches the mission.

Congress should set a date-certain for separation, fund the transition, and require annual public reporting on authority disputes resolved by lawyers rather than commanders. The operators have done their part. They built a cyber force from nothing, deployed it to combatant commands, and executed campaigns against real adversaries. The least civilian leadership can do is give them an org chart that matches the law. The country cannot afford another decade of pretending one person can be both spy chief and warfighter without the job descriptions bleeding into each other.

Split Command: Why NSA and Cyber Command Still Cannot Agree on a Firewall

What broke the dual-hat model?

How does Section 702 make the boundary fuzzier?

What would a clean split actually fix?

Why leadership keeps postponing the decision

More in Defense

The NDAA's Trillion-Dollar Promise Forgets the Enlisted Ranks

Israel's Strikes on Iran Prove Deterrence Must Be Backed by Force, Not Words

The Navy's 313-Ship Goal Is a Fantasy Without Industrial Base Reform

You May Also Like

The Stablecoin Bill Means More Surveillance, Not More Freedom

Certificate of Need Laws Are a Protection Racket Dressed Up as Healthcare Policy

The Supreme Court Should Stop Letting Bureaucrats Write the Laws