Secretary of State Rex Tillerson has a plan to create a new “cyber bureau” within the State Department that would focus on building relationships with foreign governments to coordinate on international cybersecurity priorities, according to a letter sent Tuesday to the chairman of the House Foreign Affairs Committee.
The proposition first surfaced publicly during a committee hearing Tuesday on the state of U.S. cyber diplomacy. Former State Department Cybersecurity Coordinator Christopher Painter and former Pentagon cybersecurity adviser Michael Sulmeyer criticized Tillerson for shuttering one such office, which Painter previously oversaw, last year during a myriad other cuts.
“The Department of State must be organized to lead diplomatic efforts related to all aspects of cyberspace,” says Tillerson’s letter to committee Chairman Edward Royce, R-Calif.
Since Tillerson took the helm, the State Department’s cyber diplomacy mission had been consolidated and wrapped into the Bureau of Economic Affairs’ Office of International Communications and Information Policy. The decision was widely denounced by Democrats and Republicans. Under the Obama administration, there was a separate Office of the Cybersecurity Coordinator with its own independent staff and structure. This office previously met with leaders from China and Russia as well as allied nations to discuss common ground when it came to the boundaries and limits of cyber-operations.
The Tillerson proposal would combine elements of the defunct Office of the Cybersecurity Coordinator and the current Bureau of Economic Affairs’ Office of International Communications and Information Policy to introduce a new “Bureau for Cyberspace and the Digital Economy.”
It also would require the selection and congressional confirmation of a new position titled the “Assistant Secretary for Cyberspace and Digital Economy,” with more direct access to Tillerson.
“The combination of these offices in a new Bureau for Cyberspace and the Digital Economy will align existing resources under a single Department of State official to formulate and coordinate a strategic approach necessary to address current and emerging cyber security and digital economic challenges,” Tillerson wrote in his letter to Royce.
A bill recently passed in the House and co-sponsored by Royce would independently recreate Painter’s office via statute. It’s not clear how the legislation and Tillerson’s plan overlap, if at all.
Broadly speaking, either plan would result in a dedicated, singular effort to engage with foreign governments on various topics, including the establishment of international norms for cyberspace and controls on the export and import of so-called cyberweapons.
The proposed new bureau also would reportedly be involved in developing a cyber-deterrence policy for the government, a known desire of the Trump administration. It could be used as a general framework for when and how to respond to cyberattacks against the U.S. and private American companies.
While Tillerson’s announcement about a renewed focus on the diplomatic mission is encouraging to some experts, others say the proposal appears to have only been spurred by outright criticism.
In an interview with CyberScoop, Painter said he was happy about the idea of empowering State Department employees working on cyber diplomacy, but Tillerson’s plan left various unanswered questions.
“The biggest macro issue in this proposal is that it reports to the Undersecretary for Economic and Business Affairs and that is far too narrow a window or perspective for important security and human rights issues that increasingly predominate in this space,” Painter said.
Painter also said Royce’s plan to have the cyber office report to the Undersecretary for Political Affairs “makes much more sense and is a much more effective approach” because issues such as international cyber norms and cybercrime response might get neglected in a reporting structure that puts the cyber office under the department’s economic policy leadership.”