If the Center for a New American Security (CNAS) has its way, the government will create a whole new agency to spearhead the efforts to protect the cyber infrastructure.
CNAS released a two-volume study called, "America's Cyber Future: Security and Prosperity in the Information Age," and one of the issues it explores is how the federal government should deal with the many issues that surround cyber security. Some of the recommendations include:
- Enhance oversight of U.S. government cyber security activities
- Harness the private sector's innovative power for cyber security
- Forge an international agenda for cyber security
- Prepare for the future of the Internet
- Build the institutional capacity necessary to coordinate U.S. government responsibilities for cyberspace
Under that last recommendation came the suggestion to create the Office of Cyber Security Policy, which would fall under the Executive Office of the President.
While I am all for the government taking a stand for improved cyber security and while I totally understand that this is not going to be an easy undertaking (think about how difficult it has been for individual companies to handle security issues), I'm not sure we need another agency. The Pentagon and the Department of Homeland Security already play a role in cyber security issues. Do we really need to add another layer?
CNAS anticipated my concerns, explaining:
The office should remain small and nimble, maintain close links to the National Security Council (NSC) and National Economic Council, and avoid duplicating functions already performed by other agencies. The U.S. government also should continue to strengthen DHS's cyber security efforts,which are increasingly respected (if still far from sufficient) according to experts in the government, military and private sector.