Imagine if the commander of U.S. Pacific Command were the leading source of information on the Chinese military threat, had the ear of Congress on China policy, ran covert military operations against China, and could decide what information on China was classified.
This perverse concentration of power is similar to where the United States has found itself on cyber policy. To restore balance, Congress and the president must ensure that new initiatives to control surveillance are more than just cosmetic by reforming America's current national security cyber organizations.
The same military officer -- General Keith Alexander -- is the Director of the National Security Agency, the top intelligence officer plugging the cyber threat and leading cyber policy advocate, while also the head of U.S. Cyber Command, the cyber commander ready to combat those same threats. For this latter job, he was promoted to four-star general, a rank that gives his voice more punch than other intelligence officials.
The General also has significant power to decide who is allowed access to what information, either as the original classification authority or as godfather for a system his direct predecessors have called "horribly overclassifed." This concentration of power has allowed one single view of America's cyber power to lead policymakers into a cul-de-sac.
The official and public U.S. policies on cyberspace emphasize peace and security, but the cyber "deep state" led by NSA and Cyber Command have essentially overridden that policy by changing the facts on the ground, in the network, through aggressive collection and covert actions.
Cyberspace makes it far easier to spy on others and attack them anonymously. When I first got involved in military cyber operations in the late 1990s, this was a bad thing. But no more; the combination of NSA and Cyber Command has seized on these characteristics for short-term gain and even apparently subvertedmany of the technologies that were supposed to make cyberspace more resilient and secure.
It is very difficult for outsiders to have any influence on such policies because in the more than eight years General Alexander has held the position, discussion on cyber policy has become increasingly stifled and chilled, both inside and outside government. For example, fifteen years ago it was common to have unclassified discussions of U.S. offensive doctrine and options in cyberspace -- but now that NSA has the lead, any debates only take place behind secure vault doors. Few outside voices can temper an increasingly militarized policy that has led to the Stuxnet attacks on industrial control systems and surveillance programs so broad the president himself has had to very publicly backtrack.
Congressmen who are supposed to question the program have felt NSA's classification has driven oversight to be "inadequate" while the CIA "jokingly referred to him as Emperor Alexander ... because whatever Keith wants, Keith gets." Forget Congress; if even the Central Intelligence Agency feels he has unstoppable power, what chance do the rest of us have to influence cyber policy? The President must continue to tear down the walls of classification that have stifled discussions, but to restore balance to US cyber policy, he must go further and reduce this concentration of power.
NSA must be split from U.S. Cyber Command to create separate leadership with physically distinct headquarters. This will of course create tensions and increased costs, but cyberspace is too important to grant one person have a near-monopoly on threat intelligence while simultaneously conducting active espionage, directing military force, and advising on policy.
General Alexander must step down earlier than his planned 2014. Regardless of whether his views and priorities have been right or wrong, he has become a distraction to U.S. cyber efforts and eight years is too long for any director of an intelligence collection agency.
Yes, General Alexander is a cyber expert and an intelligence hero whose work has saved hundreds of American lives. But this does not make him irreplaceable. The U.S. military has had generals in charge of combined offensive and defensive joint cyber commands since 1998; fifteen years should be enough time to develop a sufficient bench.
The president may find that just as he has to backtrack away from NSA's cyber espionage programs, he will soon have to do to the same for U.S. Cyber Command's cyber warfare programs as well. Cyberspace isn't primarily a domain for military operations but the most liberating technology since the printing press, driven by American companies, artists, and citizens and already responsible for 4.7 precent of our GDP.
This is America's true cyber power, but it is under threat from the unprecedented concentration of military cyber and a culture of classification that smothers outside opinions. As Congress reviews NSA's surveillance programs this week, they should seize the chance to restore balance to American policy to ensure the cyberspace we hand to our children and grandchildren will be at least as free and open as that which we have today.
Jason Healey is the Director of the Cyber Statecraft Initiative at the Atlantic Council of the United States and the editor of the first military history of cyberspace, A Fierce Domain: Cyber Conflict, 1986 to 2012. You can follow his comments on cyber cooperation, conflict and competition on Twitter, @Jason_Healey.