Do We Need a National Policy on Cybersecurity?

Some people in the technology field are calling for a Department of Cybersecurity. Why? Part of the reason is increasing evidence that countries throughout the world are hacking the United States government and information essential to it. The Russian hacking of the 2016 U.S. election is only the most visible and known of these attacks, but there is evidence that governments in China, North Korea, and Iran also have major hacking operations.

Cybersecurity is increasingly important to physical security as well as digital security.

National Security Increasingly Depends on Cybersecurity

The other part, though, is that it is increasingly obvious that cybersecurity is as important to national security as physical security — having a standing army, navy, and air force — is. In fact, it may be crucially bound up with physical security; physical security may rely on cybersecurity.

As the U.S. Cyber Command puts it in a document entitled Achieve and Maintain Cyberspace Superiority: Command Vision for U.S. Cybercommand, “Military superiority in the air, land, sea, and space domains is critical to our ability to defend our interests and protect our values. Achieving superiority in the physical domains in no small part depends on superiority in cyberspace.”

A recent article in TechCrunch, however, claims that the U.S. Cyber Command’s document doesn’t go far enough, and calls for the creation of an official Department of Cybersecurity, a cabinet-level organization on a par with the current Department of Homeland Security and Department of Defense.

Why create a specific department when there already are multiple government organizations responsible for cybersecurity? Well, according to the author, the multiplicity may be part of the problem.

Currently, cyberdefense and cybersecurity functions are split between the Department of Homeland Security, the Department of Justice (under which the FBI operates), and the Department of Defense. The split causes duplicative efforts.

More importantly, the split may impede the development of concerted efforts to fight cyber attacks on the U.S. effectively. TechCrunch points out that physical defense often involves multiple responses, ranging from diplomacy through sanctions through war-like missions aimed at stopping the capacity to do harm.

The author feels, in addition, that a department-level authority could most effectively coordinate the development of cyberdefense. The U.S., thanks to its leadership in technology, was once dominant. However, the rest of the world has caught up to some degree — to the point where superiority has to be carefully cultivated and aimed toward as a goal. Too many areas in the government having cyber authority means that these attempts could be diluted and duplicative.

The author indirectly acknowledges that the creation of a Department of Cybersecurity might kick off a huge turf battle among those departments not responsible for cybersecurity, but ultimately feels that the integration would be worth it.

Is a Department of Cybersecurity an idea whose time has come? It’s an issue that the U.S. government, its citizens, and the multiple businesses who are also affected by cybersecurity policies need to grapple with. Because attacks are likely to only increase and become more sophisticated as time goes on.