The State Department has sent to Congress a long-awaited plan to reestablish a cybersecurity-focused bureau it says is key to supporting U.S. diplomatic efforts in cyberspace.
The State Department’s new plan, obtained by CyberScoop, would create the Bureau of Cyberspace Security and Emerging Technologies (CSET) to “lead U.S. government diplomatic efforts to secure cyberspace and its technologies, reduce the likelihood of cyber conflict, and prevail in strategic cyber competition.”
The new bureau, with a proposed staff of 80 and projected budget of $20.8 million, would be led by a Senate-confirmed coordinator and “ambassador-at-large” with the equivalent status of an assistant secretary of State, who would report to the Undersecretary of State for Arms Control and International Security. The idea comes nearly two years after then-Secretary of State Rex Tillerson announced he would abolish the department’s cybersecurity coordinator position and put its support staff under the department’s economic bureau.
CSET would “unify the policy functions and align national security responsibilities related to cybersecurity and emerging technologies with the department’s international security efforts,” and “promote the department’s long-term technical capacity in these areas,” states the document, which the State Department submitted this week to the House Foreign Affairs Committee.
In February 2018, after disbanding the cybersecurity coordinator position, Tillerson proposed a Bureau for Cyberspace and the Digital Economy headed by a Senate-confirmed assistant secretary, but that plan was never implemented.
Some lawmakers and former U.S. officials strongly criticized Tillerson’s handling of the department’s cyber portfolio, saying the U.S. signaled to allies and adversaries a reluctance to shape global cyber norms.
After Tillerson effectively downgraded the coordinator’s office, Deputy Assistant Secretary Robert Strayer served as State’s top cyber diplomat, continuing State’s work on issues such as international cyber norms and building the cybersecurity capacity of allies. Strayer has rejected any notion of U.S. disengagement on international cybersecurity issues. Recently, amid steady reports of state-sponsored hacking, the State Department has to looked to restart talks on global cybersecurity norms at the United Nations.
The new State Department plan also calls for the existing Bureau of Economic and Business Affairs to increase its focus on the digital economy, global internet governance, and privacy issues. Some former officials, like Christopher Painter, who was State’s cybersecurity coordinator when Tillerson axed the position, said issues like internet governance should be included in the new bureau’s mandate rather than be kept separate.
Painter said the new plan for CSET was a “missed opportunity” because it did not consolidate cybersecurity-related issues under the department’s portfolio.
“It’s great that State is finally seeking to re-elevate vital cyber issues after nearly two years of limbo,” Painter told CyberScoop. “Unfortunately, rather than take a coordinated approach to these cross-cutting issues, the department has adopted a balkanized one that will only lead to turf battles within the department and confusion outside and international partners.”
A State Department representative confirmed to CyberScoop a plan had been submitted to Congress.
The State Department’s new cybersecurity bureau has been in the works since at least last summer, when Secretary of State Mike Pompeo signed a memo that would have established it, Foreign Policy reported in January.
Politico was first to report on the congressional notification.