The United States needs a Department of Cybersecurity
-Ted Schlein: Tech Crunch Contributor
This week more than 40,000 security professionals will attend RSA in San Francisco to see the latest cyber technologies on display and discuss key issues. No topic will be higher on the agenda than the Russian-sponsored hack of the American 2016 election, with debate about why the country has done so little to respond and what measures should be taken to deter future attempts at subverting our democracy.
For good reason. There is now clear evidence of Russian interference in the election with Special Counsel Mueller’s 37-page indictment of 13 Russians, yet the attack on U.S. sovereignty and stability has gone largely unanswered. The $120 million set aside by Congress to address the Russian attacks remains unspent. We expelled Russian diplomats, but only under international pressure after the poisoning of a former Russian spy and his daughter.
Recent sanctions are unlikely to change the behavior of the Putin administration. To put it bluntly, we have done nothing of substance to address our vulnerability to foreign cyberattacks. Meanwhile, our enemies gain in technological capability, sophistication and impact.
Along with the Russians, the Chinese, North Koreans, Iranians and newly derived nation states use cyber techniques on a daily basis to further their efforts to gain advantage on the geopolitical stage. It is a conscious decision by these governments that a proactive cyber program advances their goals while limiting the United States.
We were once dominant in this realm, both technically and with our knowledge and skill sets. That playing field has been leveled, and we sit idly by without the will or focus to try to regain the advantage. This is unacceptable, untenable and will ultimately lead to potentially dire consequences.
In March of this year, the US Cyber Command released a vision paper called “Achieve and Maintain Cyberspace Superiority.” It is a call to action to unleash the country’s cyber warriors to fight for our national security in concert with all other diplomatic and economic powers available to the United States.
It’s a start but, a vision statement is not enough. Without a proper organizational structure, the United States will never achieve operational excellence in its cyber endeavors. Today we are organized to fail. Our capabilities are distributed across so many different parts of the government that they are overwhelmed with bureaucracy, inefficiency and dilution of talent.
The Department of Homeland Security is responsible for national protection, including prevention, mitigation and recovery from cyberattacks. The FBI, under the umbrella of the Department of Justice, has lead responsibility for investigation and enforcement. The Department of Defense, including US Cyber Command, is in charge of national defense. In addition, each of the various military branches have their own cyber units. No one who wanted to win would organize a critical capability in such a distributed and disbursed manner.
How could our law makers know what policy to pass? How do we recruit and train the best of the best in an organization, when it might just be a rotation through a military branch? How can we instantly share knowledge that benefits all when these groups don’t even talk to one another? Our current approach does not and cannot work.
What is needed is a sixteenth branch of the Executive — a Department of Cybersecurity — that would assemble the country’s best talent and resources to operate under a single umbrella and a single coherent policy. By uniting our cyber efforts we would make the best use of limited resources and ensure seamless communications across all elements dealing in cyberspace. The department would act on behalf of the government and the private sector to protect against cyberthreats and, when needed, go on offense.
To view full article: https://techcrunch.com/2018/04/16/the-united-states-needs-a-department-of-cybersecurity/