WASHINGTON — While largely agreeing with the Defense Department’s more proactive approach to cyberspace in the last few years, President Joe Biden’s nominee for the No. 2 spot at the Pentagon has key questions about the defend forward concept.

“I am supportive of the approach. I think, if confirmed, what I would like to understand better is exactly how the authorities are being executed, what kind of oversight is involved, how we are consulting with allies and partners, whose systems we might operate on,” said Kathleen Hicks at her deputy defense secretary confirmation hearing Feb. 2 before the Senate Armed Services Committee.

The DoD’s 2018 cybersecurity strategy charges U.S. Cyber Command to defend forward in cyberspace by getting as close to adversaries as possible to see what they’re planning, so the department can take action or inform others to prepare.

The approach is a response to continued adversary activity in cyberspace under the threshold of armed conflict that undermines national security.

Hicks recognized that the U.S. has been forced to become more forward leaning in its posture.

“China and Russia’s malicious cyber campaigns seek to diminish U.S. military advantages and economic security. The department must be proactive to understand an adversary’s cyber operations and capabilities,” Hicks wrote in a prehearing questionnaire. “It must ensure we have better defenses against those capabilities, and when necessary, take action to disrupt an adversary’s malicious activities. The department should work with U.S. interagency, industry and international partners to counter adversary cyber actors.”

To prevent and deter these types of malicious activity, within which Hicks included the recent government hack attributed to Russia, the U.S. government must be “living in systems” to provide warnings and the indicators of a potential imminent attack.

She wants to work with Congress to ensure the right authorities to conduct these operations are in place so that DoD can perform its mission effectively, she noted.

Secretary of Defense Lloyd Austin also supported the paradigm shift in his confirmation hearing last month.

What to do about Cyber Command and NSA?

Hicks was also asked to weigh in on the decade-long debate surrounding splitting Cyber Command and NSA.

At the time of its creation, it made sense to create a dual-hat arrangement in which Cyber Command and NSA shared a leader, personnel, expertise and infrastructure to help the command grow.

While she offered no “disposition of the dual-hat arrangement,” she said Cyber Command is not mature enough to make an immediate split wise.

While thought to be temporary, officials at Cyber Command and even members of Congress in recent years have spoken about the benefits such an arrangement affords.

“I had originally come in thinking that it would be appropriate to split them up rather quickly. I’ve changed my mind,” Sen. Mike Rounds, R-South Dakota, who chairs the Cybersecurity Subcommittee, said during Hicks’ hearing. “I think that the dual hat with the unity of command it provides is working very well for the current and likely for future CYBERCOM commander and separating the two organizations could create some real problems with regard to the assets that would have to be acquired in addition to what we have today.”

At the same time, many experts outside government are voicing opposition to the continued arrangement.

“I’ll go so far as to say it’s almost un-American to have that much power in one place,” said Jay Healey, senior research scholar the School for International and Public Affairs at Columbia University, during a Jan. 29 webinar hosted by the Hoover Institution. “If you say, well that’s more efficient, well so is tyranny. We set up our system of government to not give too much power in one place.”

Mark Pomerleau is a reporter for C4ISRNET, covering information warfare and cyberspace.

More In Cyber