The US Desperately Needs of a Department of Cyber Security

April 29, 2019
Paul Vancea

Exploring Cryptocurrency, Blockchain, and Cybersecurity Trends

This blog advocates for the establishment of a dedicated Cyber Security Department within the U.S. government to address the growing threats in digital spaces. It highlights the vulnerabilities of critical infrastructure and the increasing sophistication of cyber-attacks. The narrative supports a centralized approach to enhance national cyber defense capabilities, streamline responses to threats, and coordinate efforts across government agencies and private sectors.

As the world is turning digital, warfare is following suit in a very rapid and devastating way. Countless organizations in all sectors (Target, Equifax, DNC, IRS) are continuously reporting data hacks. According to the Government Accountability Office (GAO), federal civilian agencies reported 35,277 cybersecurity incidents, such as web-based attacks, phishing and loss or theft of computing equipment in 2017.

The public and private sectors in the US have not adapted to cyber threats. Instead of presenting a unified front for defending against these attacks, and have a plan to go on the offensive when necessary, most organizations are busy doing damage control by themselves, without any real long-term plan. This is done despite the fact that countless studies show year after year, that cybersecurity is the number one priority for all IT leaders.

A recent survey of government organizations, private sector and citizens in the U.S., China, Russia, and India found that more than 88% of participants believe that cyberspace threats are significant.

In the United States alone, state and local government IT leaders have maintained for years that cybersecurity needs to be the government’s priority. A 2018 Digital Cities Survey of city government IT leaders put cybersecurity as the top priority. The same survey of county government IT leaders placed cybersecurity at the top of the list for the past 5 years in a row. Lastly, the National Association of State Chief Information Officers (NASCIO) published their top 10 policy and technology priorities for 2019, and cybersecurity was named number 1.

The conventional literature throughout our country claims that cybersecurity is everyone’s problem, and that it needs to be dealt with on multiple levels within the government, private sector, as well as individual citizens. While it is true that cybersecurity needs to be fought for on multiple levels, this fight is extremely inefficient when everyone does their own thing, without a leading organization to set the policy and bear full ownership of outcomes.

The reality is that our nation’s current organization for dealing with cyber-attacks is doomed to fail. Responsibilities, skills and talent are spread across too many different parts of the government, which creates confusion, and most importantly, a lack of leadership and ownership.

For example, the Department of Defense, through its US Cyber Command arm, is responsible for national defense. The FBI is responsible for investigating and enforcement. The Department of Homeland Security oversees damage control and recovery for cyber-attacks. Lastly, every military branch has their own individual cyber units. Lack of communication and too much bureaucracy makes our cyber security efforts extremely inefficient, putting our nation at risk with each second that passes. Each one of these organizations have many other responsibilities and are stretched too thin to give cybersecurity the focus and resources it desperately needs.

President Trump is trying to rectify this situation by further centralizing the management and oversight of federal civilian cybersecurity through the National Cybersecurity Strategy of September 2018. This strategy will enable the Department of Homeland Security to secure all federal department and agency networks, with the exception of national security systems, the Department of Defense and the Intelligence Community. This is a step in the right direction, but it needs to be taken further.

There needs to be a department that is one hundred percent responsible for our nation’s cyber security, in the same way our military is responsible for our physical security. This department could be called the “Department of Cyber Security” (DCS) and it should set the policy, provide the proper organizational structure, and work with all other parties (government, private sector, and citizens) to gain control of our nation’s cyber security.

The new Department of Cyber Security’s top priorities should be to:

I. Request and maintain adequate funding – this is a top national security priority.

II. Mobilize our country’s best talent and resources to operate under a single umbrella and a single coherent policy.

III. Fill in the talent gap by promoting cybersecurity workforce, training, economic development. According to the “Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure,” there is an estimated 299,000 shortfall in cybersecurity professionals across all industry sectors.

IV. Incentivize research, contests, hackathons – it must adopt and encourage ways of unconventional warfare.

V. Collaborate with the private sector to share threat intelligence on an ongoing basis, as well as new advances in the digital world.

VI. Outline liabilities, reporting requirements, and course of action for the other organizations to follow.

The United States must treat the issue of Cybersecurity with the same seriousness it treats the military. It must be organized from top down, it must be prepared to defend our networks and to attack at a moment’s notice. Not prioritizing cybersecurity policy leaves federal, state and local agencies, U.S. critical infrastructure, businesses and citizens extremely vulnerable to attacks that could be absolutely devastating.

Creating a new Department of Cyber Security that is one hundred percent in charge and responsible for our nation’s Cybersecurity is the only solution that allows our country to gain control of the cyber space, successfully defend our networks and be ready to go on the offense when necessary.

RESOURCES:

Tech Crunch
Armed Forces Communications & Electronics Association
Bluefin News
Security Intelligence
GovTech

Disclaimer: This article discusses certain companies and their products or services as potential solutions. These mentions are for illustrative purposes only and should not be interpreted as endorsements or investment recommendations. All investment strategies carry inherent risks, and it is imperative that readers conduct their own independent research and seek advice from qualified investment professionals tailored to their specific financial circumstances before making any investment decisions.

The content provided here does not constitute personalized investment advice. Decisions to invest or engage with any securities or financial products mentioned in this article should only be made after consulting with a qualified financial advisor, considering your investment objectives and risk tolerance. The author assumes no responsibility for any financial losses or other consequences resulting directly or indirectly from the use of the content of this article.

As with any financial decision, thorough investigation and caution are advised before making investment decisions.