Cyber Command, NSA, and General Keith Alexander’s ‘cybersecurity cul-de-sac’
About a month ago, I had the privilege of sitting in on a class with a particularly natsec-savvy professor who shall remain nameless out of sensitivity to the personal politics of the DC national security community.
This professor was beside her/himself*: “I just don’t get it. People are scrutinizing the amount of power that the NSA has accumulated, and yet no one is talking about Keith Alexander’s dual roles as head of the NSA and Cyber Command, at the same time. It is a stunning violation of the separation-of-powers principle. But somehow, no one notices it.”
Roughly a month later, it seems this professor is no longer alone in their concern:
The same military officer — General Keith Alexander — is the Director of the National Security Agency, the top intelligence officer plugging the cyber threat and leading cyber policy advocate, while also the head of U.S. Cyber Command, the cyber commander ready to combat those same threats. For this latter job, he was promoted to four-star general, a rank that gives his voice more punch than other intelligence officials.
In other words, Alexander effectively defines the scope of his own mission, and then executes it–meaning there is, at least theoretically, some danger that order could be reversed. One might imagine such a remarkable accumulation of power at least would have been mitigated by a degree of transparency to facilitate post hoc remedies for improprieties in the decisionmaking process. But one would be wrong:
The General also has significant power to decide who is allowed access to what information, either as the original classification authority or as godfather for a system his direct predecessors have called “horribly overclassifed.” This concentration of power has allowed one single view of America’s cyber power to lead policymakers into a cul-de-sac.
I think it is important to note, as Jason Healey does in this article, that none of these observations, in themselves, make Alexander a bad person. But power corrupts even the best of us, and as a nation that values civil liberties, we ought to be skeptical of any regime that stacks power upon power so precariously. Our system of government comprises a series of checks and balances on this very rationale. The founders’ admonition that “[a]mbition must be made to counteract ambition” is a mere fools errand when one party may both define and execute his authority on a unilateral basis.
Last word here goes to Healey, who opens his piece with this illuminating analogy:
Imagine if the commander of U.S. Pacific Command were the leading source of information on the Chinese military threat, had the ear of Congress on China policy, ran covert military operations against China, and could decide what information on China was classified.
This perverse concentration of power is similar to where the United States has found itself on cyber policy. To restore balance, Congress and the president must ensure that new initiatives to control surveillance are more than just cosmetic by reforming America’s current national security cyber organizations.
*Here I am paraphrasing, because I did not write down the exact language he used. I considered writing a post on his concerns at the time, but alas, the insanity that is 2L year got the better of me.