On Tuesday, former Maryland representative and 2020 presidential candidate John Delaney announced a plan to create an independent agency to address national cybersecurity threats.
The proposed Department of Cybersecurity would be led by a cabinet-level secretary who would be in charge of implementing the United States’ cybersecurity strategy. The proposal is the first major cybersecurity push from any presidential candidate so far this cycle.
In a press release, Delaney argued that the US’s cyber authorities are spread too thin across too many agencies. This new agency would work to streamline the country’s current approach. “Securing our cyber-infrastructure is not only a national security priority, it is an economic one as well,” Delaney said. “In light of the many recent and continued cyberattacks on our country, we need to establish a cabinet-level agency to focus on protecting our cyberspace.”
Currently, the cybersecurity responsibility is scattered across a number of agencies, with Homeland Security handling threats to civilian agencies, US Cyber Command dealing with military cyberattacks, the FBI prosecuting federal and international cybercrime, and a string of ISACs coordinating private sector actors alongside government agencies. In the past, the White House has appointed a cybersecurity coordinator, or “czar,” to work across those agencies, but President Trump eliminated the position in May 2018, leaving no single person or agency in charge of leading the country’s cybersecurity efforts.
The idea of a new federal agency on cybersecurity has split national security experts for years, particularly in the wake of the 2016 election. Former CIA director David Petraeus endorsed a similar proposal to establish an independent National Cybersecurity Agency in an op-ed for Politico last year. Former DHS cyber and infrastructure protection undersecretary Suzanne Spaulding has opposed the idea, saying that the creation of a new agency would only impede on the “holistic” approach the DHS, FBI, and other bodies engage in already.
Other major presidential candidates, including Sens. Elizabeth Warren (D-MA), Kamala Harris (D-CA), and Amy Klobuchar (D-MN), have also discussed cybersecurity along the campaign trail, but mostly as a reaction to ensure election security in the fallout of the 2016 election cycle.
Harris and Klobuchar have previously co-sponsored bills like the Secure Elections Act that would give DHS the primary responsibility to address cybersecurity threats posed throughout elections. Sen. Kirsten Gillibrand (D-NY) worked alongside Sen. Lindsey Graham (R-SC) to push legislation to investigate Russian election interference. Warren introduced a bill that would establish harsher penalties for civilian cyberthreats following the Equifax breach along with other measures regarding data privacy. Still, all of these efforts would address civilian, military, and private sector cybersecurity threats separately, unlike the unified approach proposed by Delaney.
“These threats undermine our security, hurt the economy, and can threaten democracy itself,” Delaney’s campaign said in a press release.