Cyberattacks have evolved as the major perpetuators have changed from thrill-seeking teens to entire nation-states, as well as the victims. Where should leadership for dictating cybersecurity policy lie? Power vested in the White House, either through an single individual or through a Cabinet department would have little regulatory contingencies, while the Department of Home Security has little power on its own to enact changes.
Cybersecurity policy in the United States began with President Clinton on the physical infrastructure of cyberspace, and throughout the years, this physical infrastructure and cyberspace itself had differing amounts of focus. However, while international policies are well outlined, domestic action needs addressing, with many laws stuck in Congress, mostly due to the difficulty in coordinating actions between agencies.
One option is to appoint one “czar” in the executive office, overseeing and coordinating all cybersecurity policies. While it provides a centralized authority on policy, this option comes with multiple difficulties, especially in convincing the different departments to work together and in culpability. Another alternative is to appoint a Cabinet department in charge, ranging from existing departments to creating a whole new department targeting cybersecurity in particular.
None of the suggested options are perfect, and yet policy on cybersecurity goes along slowly. Leadership for cybersecurity policy is needed in order to get cybersecurity policy to a more acceptable state. With power vested in an entity, leadership can utilize Congressional budget and human capital in order to further domestic security.
