By John Ubaldi
Columnist, In Homeland Security
The United States faces a national security threat unlike anything we have faced in our history. It’s a threat from hostile foreign governments and nefarious non-state actors abroad who have the potential to severely cripple our infrastructure. They can do this not with weapons, but by instigating a cyberattack against our vital computer networks.
In short, the U.S. is more vulnerable than ever to cyberattacks from foreign adversaries who attempt to penetrate vital American companies and steal intellectual property.
China Continues Cyberattacks on US Companies to Steal Intellectual Property
For example, one of the key components of the U.S.-China trade confrontation is Beijing’s continued strategy of cyberattacks on American companies to gain vital intellectual property which previous administrations failed to stop.
In recent years, China’s hacking of U.S. companies has included tech giant Google. China was responsible for the two reported 2015 cyber breaches of the Office of Personnel Management. The first breach resulted in the exposure of 4.1 million personal records, and second resulted in a hack of 21.5 million records.
For most of our history, the United States has been able to protect the homeland by controlling its land, air, maritime and space domains. Today, however, cyberspace gives adversarial state and non-state actors the ability to wage campaigns against American political, economic, and security interests without ever physically crossing our borders.
The 2019 National Intelligence Strategy details the cyber threats that are already challenging public confidence in our global institutions, governance and norms. The growing cyber capabilities of our adversaries pose an increasing threat to U.S. security – including critical infrastructure, public health and safety, economic prosperity and stability.
Establish a Department of Cybersecurity?
Many experts suggest the creation of a Department of Cybersecurity. This new federal agency would be modeled after the Department of Homeland Security (DHS) – which was formed shortly after the 9/11 terrorist attacks. Similarly, the Department of Energy (DOE) came into being in 1977 after the energy crisis of the mid-1970s caused by the oil embargo by Arab nations belonging to the Organization of the Petroleum Exporting Countries (OPEC).
Ted Schlein, a partner at Kleiner Perkins and NSA Advisory Board member, favors a cabinet-level Department of Cybersecurity. He recently was quoted in the Wall Street Journal noting that “a unified cybersecurity agency also would gather all the legal authority to act against cyber threats and attacks under one roof.”
Schlein said the DHS, Department of Justice, FBI, CIA and NSA, among others, “all have different authority to act in the realm of cybersecurity. And they don’t always cooperate fully.”
Sometimes they talk to each other and sometimes they don’t, he adds. Sometimes it isn’t even clear what information they can legally share with one another. “This inefficiency impairs our ability to respond quickly to cyberattacks or to prevent attacks. A single cybersecurity agency would solve that problem,” Schlein maintains.
A Different Opinion on Cybersecurity
Other security experts are not so sure a new cabinet department is the right approach. In the same Wall Street Journal article Suzanne Spaulding, a former DHS undersecretary who now directs the Defending Democratic Institution’s project at the Center for Strategic and International Studies, calls such a department a mistake.
A new cabinet department would either pull current cyber activities out of existing departments or replicate existing activities and expertise, she says. That would increase costs, complicate coordination and exacerbate private-sector confusion.
Spaulding wonders how the FBI, NSA and the U.S. Cyber Command would respond to this change. After all, they would not want to lose their current responsibilities or have them transferred into a new department. Whether or not that would involve standing up a new Department of Cybersecurity remains to be seen.
Either way, cyberattacks are now the go-to method for foreign adversaries, criminal organizations and other groups to attack the United States. After considering the cyberattacks of the past few years and expected cyberattacks in the future, the U.S. needs to re-think how it responds to and defends against these attacks on its vital infrastructure inside and outside of government.