China’s cyber targeting took a dangerous turn in 2024. No longer content with espionage, Beijing has started laying the foundation for destructive cyberattacks on American networks. And yet, the new Trump administration is renewing an effort to break apart its greatest asset for counterstriking: the “dual hat” arrangement between U.S. Cyber Command (USCYBERCOM) and the National Security Agency (NSA). Under this arrangement, one individual simultaneously serves as military cyber commander under the Defense Department and the nation’s top signals intelligence chief. Splitting this leadership structure would greatly damage U.S. cyber effectiveness.
Having one individual responsible and accountable for both USCYBERCOM and the NSA has been the United States’ most critical advantage in cyberspace. Although this setup predates the 2010 creation of USCYBERCOM by six years, the military command’s formal establishment spurred debates over separating organizational leadership. Many talking points against a dual hat have not changed, and the Trump administration seems set on moving forward with an outdated view.
Operating in cyberspace is far more complex than it once was. Fighting today’s digital threats requires the fluid setting and resetting of network security through continuous cyber operations to sustain long-term initiative. In this environment of persistent engagement, the technical and operational requirements for military and intelligence efforts have largely converged. With similar lines of code used for network access and exploiting vulnerabilities, intelligence collection has become nearly indistinguishable from planting disruptive malware. Adversaries have long recognized this by blending military and intelligence activities in cyberspace.
Increased alignment between USCYBERCOM and the NSA also marks a significant change, and the dual hat has evolved to manage the resulting synergy. When USCYBERCOM initially gained footing, the arrangement managed the military’s reliance on the NSA and capability borrowing (i.e., vulnerabilities, exploits, and personnel) across organizations to meet separate operating pictures. That relationship looks very different today. The dual hat now balances overlapping resource requirements and the intermingling of military disruption with secretive intelligence collection. As USCYBERCOM and the NSA have become more symbiotic, the dual hat has adapted to leverage operational integration and enhance the organizations’ independent and joint effectiveness.
In grappling with these changes, dual-hatted leadership has created inter-organizational processes to increase effectiveness in cyberspace. For example, the Integrated Cyber Center and Joint Operations Center (ICC/JOC) launched in 2018 literally broke down walls. Previously, NSA and USCYBERCOM had operations centers in different classified rooms physically separated by a secure door. The ICC/JOC introduced a common operations floor with dedicated spaces for USCYBERCOM and NSA personnel. By eliminating barriers, the ICC/JOC created more communication at the operator level to achieve greater awareness, speed and impact.
Operational success has followed organizational change. Leveraging enhanced coordination from unified leadership, the joint USCYBERCOM-NSA Election Security Group task force has effectively combatted foreign interference in U.S. elections. Formed in 2020, it grew directly out of the dual hat’s Russia Small Group that disrupted Russian cyber meddling during the 2018 U.S. midterm elections. Pooling resources for greater impact, while advocating for and protecting the distinct contributions of USCYBERCOM and the NSA, would be far more difficult under split leadership.
Separate leaders risk prioritizing their own organizational outcomes at the expense of operational speed and combined effectiveness. It is true that the dual hat does not eliminate all interagency competition over cyber operations. For instance, the Central Intelligence Agency (CIA) delayed USCYBERCOM’s 2016 offensive against the Islamic State with objections over the military’s interagency reporting and update requirements. The CIA and USCYBERCOM had already agreed on communication measures, so the delay was really about preserving bureaucratic influence. But it is equally true that, because the preponderance of cyber operations originates from Fort Meade, centralized authority preserves speed by preventing turf disputes and operational delays between independent USCYBERCOM and NSA heads.
Without the dual hat, USCYBERCOM-NSA coordination and dispute resolution become more cumbersome and subject to an unpredictable working relationship between chiefs with differing ranks. A four-star officer must lead USCYBERCOM; the NSA only requires a three-star chief. Currently, one four-star commander reports to both the defense secretary (as USCYBERCOM commander) and to the national intelligence director (as NSA director). With both military and intelligence roles, the dual hat efficiently balances tradeoffs in cyber operations while subjecting NSA activities to the law of armed conflict. With two different leaders, disputes would escalate to the White House for resolution, and the NSA faces greater risks of politicization in the process. A return to laborious interagency reviews would also negate the legacy of the first Trump administration, which reduced decision times for cyber operations.
The cost of splitting USCYBERCOM-NSA leadership would also create a nightmare for the Trump White House. Cyber Command lacks sufficient resources to operate fully independently from the NSA. Dividing authority will require duplicated efforts for USCYBERCOM to secure its own cyber resources in an already resource-scarce environment. Duplication would be particularly costly given declining budgets and spending power that demand better use of existing resources. It would also be a significant misstep for an administration focused on greater government efficiency.
Unwinding America’s military-intelligence leadership for cyber operations would be a gift to hackers in Beijing, Moscow, Tehran and Pyongyang. These adversaries will not wait for the U.S. to devise a new bureaucratic architecture. Instead, the new administration should build on the success of the dual hat. It has aligned USCYBERCOM and NSA effectiveness for combined impact with a unity of effort crucial for achieving the operational speed and scale needed to secure U.S. interests in cyberspace. The dual hat has been a defining feature of U.S. cyber operations, not a bug. The Trump administration should be wary of throwing away another 20 years of USCYBERCOM-NSA success.
Jason Blessing, Ph.D., is a research analyst at the Potomac Institute for Policy Studies. His research expertise focuses on cybersecurity as well as international partnerships. All views are his own and do not represent the views of the Institute. Follow him on LinkedIn and on X/Twitter @JasonABlessing.
