That the leaders failed to prepare would be worrisome enough if the NSA’s leadership team was only responsible for signals intelligence. But General Alexander also heads Cyber Command, the new 4000-strong military force responsible for protecting military networks, and attacking the networks of others, the most advanced cyber force in the world. (US cyber capabilities, incidentally, also require cooperation of private firms.) Decisions made about cybersecurity operations will have massive repercussions not only for our immediate defense interests, but the how we and other countries treat cyberspace. If we are seen as being careless, or overly aggressive, it could undermine American technical leadership, harm vital economic interests, and destabilize this new domain.
The solution, for both the immediate NSA context and the longer term concerns about Cyber Command, is to take advantage of the process of contingency planning. Rather than simply having lawyers explore the legal ramifications, contingency planning incorporates some of the adversarial approaches already common to war-gaming and other military planning procedures. Instead of focusing on the tactical alternatives, however, contingency planning in the cyber world involves bringing in voices from other aspects of the president’s agenda, including the Departments of State, Commerce, and the United States Trade Representative, to understand the consequences of the disclosure of classified operations. Incorporating these voices into the planning stage avoids the trap of a program approval by the Congress and the White House framed as a choice between security and our other national interests.