Federal cybersecurity agency on the way?

As human activity migrates into the online space, keeping the bad guys from mucking it all up becomes paramount. Does that mean it’s time for a federal cybersecurity agency?

The departments and agencies within the United States government have evolved over time to address modern-day problems and meet the changing needs of citizens. For example, the Department of Homeland Security was created in the aftermath of the September 11th attacks as a measure to improve domestic safety and handle threats of terrorism.

Jumping forward to today, cybersecurity has become a center of focus across the globe for both governments, private companies, and individual citizens. When a hacker launches an attack and is able to create a data breach at a major company, it can affect millions of people.

It's not even that far-fetched to imagine a future (or classic Star Trek episode) where nations go to war with each other in a purely digital manner.

As governments try to tackle the breadth of cybersecurity, the question becomes how best to manage threats and organize defenses. In this article, we'll explore the possibility of a new federal cybersecurity agency that would maintain control over the U.S's digital landscape.

Cybersecurity in today's government

Today, every facet of the U.S. government is dependent on the internet and data networks. That means individual agencies and departments have to consider their own cybersecurity and how a single leak or outage could impact a nation of citizens.

But spreading out the responsibility for cybersecurity is not an efficient strategy. It becomes hard to keep groups organized and focused on emerging threats. Time is wasted when multiple teams of people are working in silos instead of collaborating together to solve problems.

Experts believe that the US is vulnerable to cyberattack because the government lacks central leadership on defense mechanisms and strategies. Currently, there are cybersecurity divisions within various agencies, including the Federal Bureau of Investigation, the Department of Defense, the Department of Homeland Security, and various intelligence groups such as the CIA and the NSA.

The single agency model

Legislators from both political parties see the need to streamline the U.S. government's approach to cybersecurity. In fact, a new effort was recently launched called the Cyberspace Solarium Commission (CSC). It aims to be a taskforce that will develop a unifying cybersecurity strategy for the near-future.

With this idea, individual government agencies would still need to keep cybersecurity as one of their top priorities, but the new federal group would be responsible for creating the overall strategy and enforcing policies and procedures across different agencies.

The single agency model would also become responsible for leading the national response to all emerging or anticipated attacks. Instead of each agency having to scramble for defenses, the central leadership would issue directives on how to react and mitigate the digital threats.

Benefits of centralized cybersecurity

As discussed, a centralized body responsible for all government cybersecurity matters would result in a more organized and efficient form of leadership. The hope would be for more threats to be blocked right away and prevent them from becoming damaging incidents to infrastructure, networks, and data.

Ideally, a federal cybersecurity agency could also represent a boost in terms of international relations. The new group could partner with allies on other continents to develop global strategies for securing technology. We already see this type of collaboration in the private sector where individuals working in far-flung offices pool their resources and end up with a better mousetrap 

It remains to be seen how a centralized cybersecurity group would be structured within the hierarchy of the U.S. government. The group would likely pull from experts in other agencies as well as the private sector. It could well fall under the umbrella of the U.S. military, as hacking can be seen as a threat to national security and an act of war. In fact, some believe that in the future the U.S. government might actually draft cybersecurity experts into agencies to use their knowledge and skills to protect the nation.

This protection might initially take the form of a focus on education and recommendations to the public in regard to online safety tools and tactics: use a search engine that doesn’t track you (eg Brave or TrustNav), encrypt and anonymize your online connection with a virtual private network (VPN) install a malware-blocking firewall. All are perfect candidates for widespread promotion by a federal agency. They are proven to work but need a “bully pulpit” to increase awareness.

For example, around 25% of internet visitors use a VPN online, which leaves three-quarters of us living dangerously. A federal level cybersecurity agency could also put money and brains towards new iterations of this type of security tool by incorporating emerging artificial intelligence (AI) and machine learning (ML) techniques.

Outlook for citizen security

A single federal cybersecurity agency would be an overall win for citizens as a whole. Positions within the department would not be determined by elections. In theory, the group would be a non-partisan department focused on safeguarding the data and rights of Americans.

It's likely that this new federal agency would be responsible for declaring regulations on how private information is stored and transmitted on the internet. In the European Union, the passing of its General Data Protection Regulation (GDPR) has changed how web companies operate. The same thing could happen in the U.S.

Under GDPR, organizations are responsible for being transparent about how they manage user data and share it with third parties and advertisers. In addition, the legislation dictates how a company must respond to a data breach and notify people of the incident. Failure to meet those standards will result in fines and other penalties.

The bottom line

The importance of cybersecurity has become of prime importance, when so much of our daily activities take place online. Hackers are constantly looking to attack individual users, while similar tactics are being used on a global scale to create the potential for digital wars.

While a certain percentage of citizens cringe at the idea of yet another federal agency, chatter has already started in the halls of Congress. Expect that it will happen eventually, hopefully before World War III springs into existence from servers spread around the world. Throw the politics out of it. For our own sake, it might be time for a comprehensive national cybersecurity agency to call the shots.

This article is published as part of the IDG Contributor Network. Want to Join?

Copyright © 2019 IDG Communications, Inc.

Get the best of CSO ... delivered. Sign up for our FREE email newsletters!