According to McAfee, over $1 trillion was lost to cybercrime in 2020. By some estimates, if governments do not do more to secure the cybersphere, this number will continue to skyrocket and reach over $10 trillion annually by 2025. Even cybersecurity firms are at risk. For example, FireEye, a government contract cybersecurity company, was recently a victim of a state-sponsored attack targeting its assessment tools.

Currently, the United States has no whole-of-government approach to secure its cyber vulnerabilities. Private companies maintain most of the control, with little to no oversight, and the Defense Department focuses almost exclusively on military cyber vulnerabilities. The United States needs to take definitive action to secure its systems to avoid further loss. By expanding the Defense Department’s Cyber Command (USCYBERCOM), the U.S. can create a whole-of-government approach to improve resiliency and consolidate cyber expertise and resources.

USCYBERCOM is one of the commands of the Defense Department. It has three points of focus: defending the DoD’s network, offering mission support, and strengthening U.S. networks against cyber-attacks. Expanding USCYBERCOM’s focus beyond military capabilities to include other U.S. departments and agencies, allies, and private companies will lead to more effective policy.

First, expanding USCYBERCOM increases resiliency against internal and external threats, against both state and non-state actors. By adapting preexisting infrastructure, more of these threats can be easily assessed and rectified. USCYBERCOM methods can be easily expanded to encompass more critical infrastructure.

Second, consolidating resources means more effective work. The number of qualified personnel is relatively small and spread through different government agencies and private companies. By fusing the specialized workforce, the government can implement more innovative ideas and decrease vulnerability. Furthermore, merging budgets provides more extensive protection. The United States spends close to $19 billion per year on cybersecurity. Instead of having this money spent across various agencies and departments, collective action would be more easily achieved by combining them.

Finally, expanding USCYBERCOM leads to a whole-of-government approach. As it currently stands, private companies work separately on their systems, the U.S. government employs them, and there is little oversight. USCYBERCOM works on military cyber capacities with congressional oversight. An expanded USCYBERCOM would involve more government agencies, include private companies’ input, and generate even more robust oversight from Congress. This extensive involvement creates a well-rounded approach to cyber vulnerabilities and a timely response to discovered weaknesses.

For some, the dual-hat arrangement that the commander of CYBERCOM is also the Director of the National Security Agency is controversial. Established in 2009 under the Obama administration, USCYBERCOM was a small operation, and under the agreement, USCYBERCOM and the National Security Agency shared staffing and information resources. Following the Edward Snowden leaks, different leaders have suggested the separation of the two. But this is not in the interest of national cybersecurity as, without this agreement, the NSA would not be compelled to share information or manpower. Without formal information-sharing agreements, U.S. agencies may be simultaneously working to address the same vulnerabilities.

An expanded USCYBERCOM will reduce duplication and lead to a more effective government response to cyberattacks and cyber vulnerabilities. Expanding the responsibilities and members of USCYBERCOM gives the United States the ability to stand against malicious actors by implementing comprehensive and unified cyber policy. Decisive action will enable us to address vulnerabilities and reduce monetary and property losses. As the Internet continues to expand, USCYBERCOM can protect and promote American security and prosperity.