How synced can (and should) NSA and CIA be on cyber?

NSA and the CIA have revamped themselves in the past year. FCW asked officials how well Fort Meade and Langley are collaborating in cyberspace in pursuit of their separate missions.

world map

In the past year, the United States' two best-known intelligence agencies have undertaken ambitious reorganizations to better adapt to a hyper-digitized world.

The National Security Agency further integrated its Signals Intelligence and Information Assurance directorates while also establishing several new directorates covering research and acquisition, among other activities. The CIA created the Directorate for Digital Innovation (DDI) -- its first new directorate in over half a century -- to handle cyber operations and the agency's IT enterprise, among other tasks.

With those reorganizations still taking effect, FCW asked former CIA and NSA officials how the agencies should collaborate in cyberspace in pursuit of their missions.

David Shedd, a former CIA official who also served as acting director of the Defense Intelligence Agency, said he would like to see the CIA, NSA and other intelligence agencies more closely coordinate their work in cyberspace.

For Shedd, that means integrating NSA's Threat Operations Center, which detects and helps mitigate cyberthreats, with CIA cyber operations, which are now handled by DDI.

"I just see the problem being so enormously big for our nation, that the more collaboration, the more integration that you can get," the better, he told FCW, while stressing that specific mission requirements should not get lost in that consolidation.

However, retired Gen. Michael Hayden, former director of the CIA and NSA, said it is better to keep the two agencies' main cyber organizations at arm's length from each other. Drawing an analogy with traditional airspace, Hayden said NSA was the equivalent of the Air Force and the CIA's Information Operations Center (the cyber center that preceded DDI) was akin to Marine Corps aviation. In other words, they have distinct roles that should not be blended too much.

CIA Director John Brennan said recently that in establishing DDI, the CIA was not trying to replicate what NSA does.

"We do a lot of partnering with NSA, and we have benchmarked against them and FBI and others," Brennan said July 13 at the Brookings Institution. "And there are a fair amount of groups that are multi-agency in terms of their efforts. So as we grow, we need to take a fresh look at how the government cyber and digital-related entities are interoperating with one other."

Cultural differences pose challenges

President George W. Bush established the National Counterterrorism Center in 2004 to knock down the walls to intelligence sharing that the 2001 terrorist attacks made evident. In a similar vein, President Barack Obama ordered the creation of the Cyber Threat Intelligence Integration Center in February 2015 to connect the dots on cyberthreat intelligence.

CTIIC comprises specialists from NSA, the CIA, the FBI and other intelligence agencies. The center has a limit of 50 employees (NCTC is many times larger), and Director Tonya Ugoretz said in a recent interview that there are no plans to expand.

Shedd said he would like to see a much larger multi-agency cyber center that is commensurate with the threat. "I would argue that you would be better off before a big [cyber]attack comes to plan around an NCTC model," he said.

Absent an expansion of CTIIC, there are other avenues for the CIA and NSA to collaborate in cyberspace.

Chris Inglis, a former deputy director at NSA, said the CIA is now sending more of its employees to NSA to better understand how it approaches cyberspace. "That's a good thing," he said. "That creates familiarity; that creates an interaction and a mutual dependence that is needed."

"I think between [NSA Director Adm. Michael] Rogers and Brennan, there's a much stronger agreement to collaborate," Inglis added.

But cultural differences between the agencies might limit how much they can collaborate on some operations, he said. NSA officials often think about the trade-offs of deploying, say, a software exploit, while CIA officials' overriding concern might be the physical safety of operatives in the field.

"So that drives a different response in terms of the degree of the willingness to share," Inglis said. "I think culturally it's difficult to get over…. You'll never have them completely simpatico."

Although NSA's cyber capabilities get more attention, both Inglis and Hayden said the CIA has plenty of expertise, too, and the agency is more than capable of contributing to joint missions.

"I don't think they are that dramatic," Hayden said of the differences in the skills of the two agencies' cyber specialists. "What's dramatically different is the scale of resources that NSA puts into this kind of effort as opposed to what CIA puts into it."

Given the shifting digital landscape in which the two spy agencies operate, the CIA's and NSA's reorganizations could be anything but final. The transience of software and other IT building blocks suggests updates will be constantly needed.