Dec 22, 2018

Why there won't be a Department of Cybersecurity anytime soon

American flag behind pillars

Photo: Justin Tierney/EyeEm via Getty Images

The idea that the United States needs a centralized, federal Department of Cybersecurity has long bounced around D.C.

The argument for a separate department is pretty simple. Cybersecurity is an issue of growing importance, and it's one that many other nations, including Israel and England, consolidate under one roof. But don't expect to see one anytime soon, said Suzanne Spaulding, former head of the Department of Homeland Security's National Protection and Programs Directorate (now called the Cybersecurity and Infrastructure Security Agency).

For one, the United States is, however, much bigger than either England or Israel (or both combined). And in a new paper for the Center for Strategic and International Studies, Spaulding argues that a centralized system might weaken security for agencies and the organizations they protect.

  • "A significant piece of risk management is understanding the impact of cyberattacks to a business beyond its computer networks," said Spaulding. "Creating a cyber department, you separate IT people from missions people."
  • The Department of Homeland Security, she believes, is better equipped than a third-party agency to work on security standards for the critical infrastructure it is tasked with protecting.

The bottom line: Spaulding isn't saying that there's no use for centralized services. DHS provides many cybersecurity services across the government.

  • But granting regulatory or advisory authority to a new agency would sacrifice the institutional understanding the current agencies already have of their charges.
Go deeper