The Department of Defense must improve its monitoring of cyber security guidelines and make a decision regarding the splitting of the current dual-responsibility leadership of the National Security Agency (NSA) and Cyber Command, according to a report released August 1 by the Government Accountability Office (GAO).
In its report, the GAO recommends the DoD modify its criteria for completing tasks under the 2015 cyber strategy plan and must establish a final time-frame for transition commander-driven operational risk assessments for cyber security readiness.
The GAO also assessed DoD officials’ confidence in the currently dual-hat leadership role that encompasses both the NSA and Cyber Command. A potential split between the organization has been discussed recently, with a possible announcement arriving in the next couple weeks.
In order to mitigate the possible risks associated with dividing the dual-hat leadership role, the report suggests formalizing agreements to continue full collaboration between NSA and Cyber Command prior to any split, as well as developing comprehensive training environments to ensure both organization have full cyber capabilities.
Officials interviewed in the report identified the faster pace of decision-making and efficient use of resources as reasons for maintaining the current dual-hat leadership role. However, concerns were raised over preferences given to Cyber Command priorities, as well as the potential for NSA operations and tools to be more openly exposed.
The report also points to the potential for a broad span of control limiting effective leadership, which officials believe could lead to increased tension between the two staffs and mismatched resource allocation.