Expand U.S. CYBERCOM to better secure American Infrastructure
According to McAfee, over $1 trillion was lost to cybercrime in 2020. Some estimate if governments do not secure the cybersphere, this number will continue to skyrocket and reach over $10 trillion annually by 2025. Even cybersecurity firms are at risk. For example, FireEye, a government contract cybersecurity company, was recently a victim of a state-sponsored attack targeting its assessment tools.
Currently, the United States has no whole-of-government approach to secure its cyber vulnerabilities. Private companies maintain most of the control, with little to no oversight, and the Department of Defense (DOD) focuses almost exclusively on military cyber vulnerabilities. The United States needs to take definitive action to secure its systems to avoid further loss. By expanding the Department of Defense’s Cyber Command (USCYBERCOM), the U.S. can create a whole-of-government approach to improve resiliency and consolidate cyber expertise and resources.
USCYBERCOM is one of the commands of the Department of Defense. It has three points of focus: defending the DOD’s network, offering mission support, and strengthening U.S. networks against cyber-attacks. Expanding USCYBERCOM’s focus beyond military capabilities to include other U.S. Government Departments, allies, and private companies will lead to more effective policy.
First, expanding USCYBERCOM increases resiliency against internal and external threats, against both state and non-state actors. By adapting preexisting infrastructure, more of these threats can be easily assessed and rectified. USCYBERCOM methods can be easily expanded to encompass more critical infrastructure.
Second, consolidating resources means more effective work. The number of qualified personnel is relatively small and spread through different government agencies and private companies. By fusing the specialized workforce, the government can implement more innovative ideas and decrease vulnerability. Furthermore, merging budgets provides more extensive protection. The United States government spends between $18-19 billion per year on cybersecurity. Instead of having this money spent across various agencies and departments, collective action would be more easily achieved by combining them.
Finally, expanding USCYBERCOM leads to a whole-of-government approach. As it currently stands, private companies work separately on their systems, the US government employs them, and there is little oversight. USCYBERCOM works on military cyber capacities with congressional oversight. An expanded USCYBERCOM would involve more government agencies, include private companies’ input, and generate even more robust oversight from the Congress. This extensive involvement creates a well-rounded approach to cyber vulnerabilities and a timely response to discovered weaknesses.
For some, the dual-hat arrangement that the commander of CYBERCOM is also the Director of the National Security Agency (NSA) is controversial. Established in 2009 under the Obama Administration, USCYBERCOM was a small operation, and under the agreement, USCYBERCOM and NSA shared staffing and information resources. Following the Snowden leaks, different leaders have suggested the separation of the two. But this is not in the interest of national cybersecurity as, without this agreement, the NSA would not be compelled to share information or manpower. Without formal information-sharing agreements, U.S. agencies may be simultaneously working to address the same vulnerabilities. Expanding CYBERCOM will reduce duplication and lead to a more effective government response to cyberattacks and cyber vulnerabilities.
Expanding the responsibilities and members of USCYBERCOM gives the United States the ability to stand against malicious actors by implementing comprehensive and unified cyber policy. Decisive action will enable us to address vulnerabilities and reduce monetary and property losses. As the internet continues to expand, CYBERCOM can protect and promote American security and prosperity.