“Bad news from the cyber world keeps piling up: election security, disinformation, data breaches, ransomware and even the threat of cyber-warfare from the likes of Iran, Russia or China. A growing number of officials, inside and outside the government, are arguing that as a country we need to get better organized to address this complex threat, and that the best way is to create a stand-alone cyber security agency. It’s an option already under consideration by the commission Congress created to address cyber threats, as well at the National Security Council, which has a small directorate working on a national cyber strategy.

I wish this problem could be solved that easily. There’s no question that the federal government needs enhanced resources, oversight, accountability, coordination and leadership on cybersecurity. But I spent 15 years at the FBI working on strategy and interagency governance, often in the context of cyber, and have devoted my academic career to studying how bureaucracies work, and I think creating a new stand-alone cybersecurity agency is the wrong way to go.”

The article: We don’t need a separate cybersecurity agency