Opinion: How NSA reorganization could squander remaining trust
Adm. Michael Rogers, director of the National Security Agency, wants to combine the agency's cyber defenders and its architects of espionage. While that may streamlines processes at the agency, it won't create more openness and trust when it's needed most.
The coming reorganization of the National Security Agency may be a smart move for the agency but it'll hurt America's long-term national security interests.
At a recent talk at the Washington think tank Atlantic Council, NSA director Adm. Michael Rogers said he wanted to better integrate the agency's Information Assurance Directorate – its defensive arm that protects US systems and information – and the Signals Intelligence Directorate – the offensive branch that carries out spying operations.
The reorganization is needed, he said, because with these two separate divisions "we created these two amazing cylinders of excellence and then we built walls of granite between them."
As a veteran of the NSA, I suspect this reorganization will be good for the agency. But it is unlikely to create an agency that is more open, more trusted, or more able to work with America's true cyber defenders in the private sector.
There are significant reasons to believe that what may help the NSA will be bad for the US – or actually anyone who uses the Internet.
The NSA's cyberdefense team, widely seen the best in the US government (and maybe the world), needs to work publicly, openly, and internationally. But if further integrated with NSA's spies, it will be forever compromised.
The Information Assurance Directorate is respected for its technical skills, but many critics and observers see it as tainted because of what Edward Snowden – a former NSA contractor who turned government leaker – revealed about the agency's signals division.
The clearest example of that tarnish is evidence that the NSA intentionally weakening a cryptographic standard, handicapping all of our security for a better chance to breach adversaries. That meant that the needs of the spies were prioritized over those meant to defend the rest of us. And that's something that will likely continue in the reorganized agency.
Who in Silicon Valley or Europe will be able to trust that kind of organization?
Even with a separate information division, many companies and privacy advocates were convinced the newly passed information sharing act was simply another vector for passing along data to NSA's digital spies. With the two parts of the agency more integrated, such concerns will be even harder to dismiss.
Likewise, if a multinational company calls NSA now for technical help, as Google and Sony have done in the past, can executives really assure their boardrooms that their corporate data won't end up in a spy's database?
Gen. Michael Hayden, one of Rogers's predecessors, specifically kept the Information Assurance Directorate separate, as he "needed an organization that was, and was seen to be, committed to defense."
The separation within the agency, from this perspective, isn't about creating stovepipes but building a firewall to protect our privacy and the information division's independence.
In fact, the technologists and cyberdefenders in Information Assurance have long needed to be integrated less with secretive the agency's spies, and more with other parts of the government and the private sector. A better option would have been splitting off Information Assurance as the core of a truly independent and robust cyber department or agency.
That option is now closed. Once the cards are shuffled into the deck, they will be all but impossible to separate.
Jason Healey is senior research scholar at Columbia University’s School of International and Public Affairs and senior fellow at the Atlantic Council. He began his career as a US Air Force signals intelligence officer in Alaska, NSA, and the Pentagon. Follow him on Twitter @Jason_Healey.