Let’s say that you choose your entree from the restaurant on the 1st floor, but before sitting down to eat you get a side dish from the rooftop grill, but the elevator is broken in this building with 63 floors so you take the stairs, only to go all the way back down and across the street for your beverage, finally sitting-down for your meal in the park four blocks around the corner.
You are either an incredibly picky eater with plenty of time on your hands, or dealing with the United States government, because few others could invent such disorder in a meal order. The federal cyber defense structure works similarly, only the “restaurants” aren’t even necessarily in the same state, no, they do not have delivery.
Against this chaotic backdrop, other nations, like China, may have a large army unit of hackers. How can the US keep up?
The Current Structure
When it comes to cyber security for entire United States, of course you rightly think of the NSA. When President Harry S. Truman formed the National Security Agency in 1952, they were the communications decoders of World War II and known as the Signal Security Agency (SSA). Signals have changed a bit since then, but the NSA is still primarily responsible for signal (digital) communication espionage as opposed to the human espionage of the CIA (Central Intelligence Agency).
Then there’s the Department of Homeland Security (DHS), which began as the Office of Homeland Security (OHS) after the attacks of September 11th, 2001 as a cabinet department of the federal government responsible for national security (like cybersecurity) as well as such myriad activities as U.S. Customs, Immigration, Federal Emergency Management, the U.S. Coast Guard and even some plant and animal responsibilities such as the Animal and Plant Health Inspection Service.
The DHS is also responsible for cybersecurity, but not the same part of the government as the NSA.
The NSA falls under the Department of Defense (DoD), which is the department of the federal government responsible for military strategic action. (The same goes for the intelligence branches of the Army, Air Force and Marine Corps).
Then there’s the FBI (Federal Bureau of Investigation), which, unlike the NSA, has the jurisdiction to investigate and prosecute against U.S. citizens. They too have a cyber crime division, so they can investigate identify theft or send you to prison for hacking. That is, they can if you are a U.S. citizen. If you are not, who does that leave? The CIA?
While the CIA (Central Intelligence Agency) reportedly has a cyberespionage division and undoubtedly use digital means to conduct their “business,” they are not specifically tasked with what would be deemed cybersecurity, particularly on U.S. soil.
Then you have the Federal Communications Commission (FCC), you know the ones that put warning labels on your devices, about compliance with FCC rules? Yeah, those guys are the same people responsible for cybersecurity for small businesses in the United States. They give you helpful little tips, but do they communicate with the NSA? Who knows.
Even though the NSA falls under the Department of Defense, as recently as August the White House was announcing plans to expand the military’s cyber role by creating a Cyber Command, separate from the NSA, likely at the Pentagon, which would be responsible for “both offensive and defensive cyber tools.”
Would that make them the CC? The NSA from the SSA, under the DoD, not the DHS or the OHS, or the FBI nor the CIA or the FCC—could our heads swim in any more acronyms? Well, they could—it’s been nearly 7 years since The Washington Post reported these figures, but in 2010 there were 1,271 government organizations and 1,931 private companies in 10,000 locations within the United States working on counterterrorism, homeland security or intelligence.
While it sounds like everyone wants a slice of the pie, the full course meal—the big picture of cybersecurity—might be better served with a more uniform approach. Cyber divisions may have emerged within every department of the U.S. federal government, and the very nature of intelligence work may involve compartmentalizing data, but a new structure, combined federal cyber operations, might make for a better plan.