Splitting NSA and Cyber Command Would Weaken Both Missions

Why the Dual Hat Still Exists

The same person leads the National Security Agency and U.S. Cyber Command because the two organizations hunt the same adversaries across the same networks using overlapping legal authorities and shared infrastructure. That arrangement is not a historical accident. It reflects the reality that signals intelligence and offensive cyber operations both require access to foreign infrastructure and legal frameworks that resist clean separation.

NSA traces its roots to 1952. Cyber Command became a full unified combatant command in 2018. The dual-hat commander reports to the Secretary of Defense for military operations and to the Director of National Intelligence for signals intelligence. That awkward chain of command is a feature, not a bug. It forces lawyers, operators, and analysts to sit in the same room and decide whether a particular action should run under Title 10 military authority or Title 50 intelligence authority.

Title 10 covers armed forces. Title 50 covers intelligence activities. The distinction matters because each title carries different approval processes, oversight rules, and notification requirements. A Title 10 cyber operation against a foreign power might require presidential authorization and congressional notification. A Title 50 collection task under Section 702 of the Foreign Intelligence Surveillance Act requires Attorney General and Director of National Intelligence certifications reviewed by the Foreign Intelligence Surveillance Court. Splitting the roles does not make those distinctions go away. It just adds a layer of coordination between two four-star headquarters.

The workforce feels this every day. Analysts who support both missions rotate through joint task floors. Operators move from collection to effects and back again. Splitting the hat would mean duplicating targeting cells, legal review teams, and infrastructure access agreements. It would also mean two leaders with competing budget claims, competing promotion priorities, and competing views of the same threat. That is a recipe for the exact kind of interagency friction that slows response time.

What Section 702 Has to Do With It

Section 702 expires in 2027 unless Congress reauthorizes it, and the debate over that reauthorization is already shaping how policymakers think about the NSA-CYBERCOM relationship. Section 702 allows the Attorney General and the Director of National Intelligence to jointly authorize the targeting of non-U.S. persons reasonably believed to be located outside the United States. That collection feeds military cyber planning, threat hunting, and attribution.

Without 702, NSA loses access to a large share of the foreign communications it uses to warn network defenders and cue offensive operators. Cyber Command loses the targeting data it needs to plan operations against adversary infrastructure. The two missions are not merely adjacent. They are chained together by the same intercepts, the same selectors, and the same foreign intelligence justifications.

Critics of 702 raise legitimate privacy concerns. The FBI has been chastised repeatedly for querying 702 data involving U.S. persons. The FISA Court documented those abuses in public opinions. But fixing the FBI's query procedures is a different problem from severing the NSA-CYBERCOM relationship. Conflating the two lets lawmakers pretend they are reforming surveillance when they are actually degrading operational capability.

The technical reality is stubborn. Foreign hackers do not organize themselves according to American legal titles. A Russian intelligence service that compromises a U.S. water utility is simultaneously a signals intelligence target, a law enforcement case, and a potential military target. The dual-hat commander can move that information across Title 10 and Title 50 lanes without waiting for two separate bureaucracies to compare notes. That speed matters when defenders are racing to patch systems before ransomware detonates.

The Workforce Does Not Trust This Conversation

Career operators have watched this debate recycle through Washington before, and the 2023 review ordered by the Secretary of Defense concluded that the dual-hat arrangement should continue, with conditions. That conclusion was based on operational need, not on any sentimental attachment to the current command structure. Now, three years later, the same arguments are resurfacing with less technical detail and more political packaging. That pattern breeds cynicism among the people who actually run the networks.

The proposed split is usually sold as a way to give Cyber Command its own identity. The command already has its own service component, its own budget line, and its own culture. It does not need a separate four-star leader to prove it matters. What it needs is sustained access to NSA's global signals intelligence enterprise. That access is worth far more than a dedicated headquarters.

There are also serious risks in the transition. Dual-hat relationships take years to build. Access agreements with foreign partners, commercial providers, and domestic agencies are signed under specific legal authorities with specific oversight arrangements. Ripping the structure apart would force every agreement to be renegotiated. Allies who share intercepts with NSA under one set of rules would have to decide whether those rules still apply when the data flows to a standalone combatant command.

Congress should be skeptical of any reorganization that promises clarity and delivers silos. The intelligence community and the Defense Department already have enough of those. What they need is a structure that lets operators move at the speed of the threat. The dual hat is imperfect. It is also the least bad option on the table.