The State Department’s new bureau focused on cyberspace is expected to elevate the issue’s place in international affairs as the U.S. looks to join forces with other nations to stem a rising tide of hacks.
The Bureau of Cyberspace and Digital Policy will likely play a role in the White House’s enlistment of other countries to counter increasingly common and costly ransomware attacks, former government officials say. Cyber diplomats also could add to U.S. efforts to press Russia to take responsibility for ransomware groups that continue their attacks despite sanctions imposed by the Biden administration, they said.
Another item on the horizon is upcoming United Nations talks toward a cybercrime treaty. The talks are set to raise thorny issues for defining and exchanging information on allegedly criminal behavior online, said Duncan Hollis, a former State Department official who’s now a professor at Temple Law School.
“Those negotiations will require a pretty savvy diplomat,” Hollis said. He added that the talks are likely to draw a lot of attention as the U.S. and its allies confront countries like Russia and China that so far have objected to international cyber agreements.
A Senate-confirmed ambassador will lead the State Department bureau, with a purview over cybersecurity as well as economic and human rights issues related to the internet, according to an Oct. 25 briefing from agency spokesman Ned Price. Its structure and scope represent a step up from past iterations of the department’s work on cyber.
The State Department installed its first cyber diplomat during the Obama administration. Under the Trump administration, the department started a cyber bureau narrowly focused on security.
The latest bureau’s aim is to prevent cyberattacks while protecting digital freedoms such as free speech online, U.S. Secretary of State Antony Blinken said in Oct. 27 remarks to the Foreign Service Institute. The bureau’s work also is planned to include other digital policy issues like promoting trusted telecommunications systems, according to a State Department spokesperson.
It’s significant that the planned bureau’s scope is broader than just cybersecurity, according to Suzanne Spaulding, a senior adviser for homeland security at the Center for Strategic and International Studies, a think tank.
“Security is one aspect and a very important one,” said Spaulding, a former Department of Homeland Security official. “But digital policy and our vision for what the internet should be is an important part of that.”
Alongside the cyber ambassador, the State Department is creating a new special envoy for critical and emerging technology. The envoy will oversee topics including artificial intelligence, quantum information science, and biotechnology, according to a State Department spokesperson.
Both positions will report to Deputy Secretary Wendy Sherman for at least the first year, Blinken said.
Christopher Painter, who was previously the top cyber diplomat in the U.S., said it will be important for the State Department to have a stronger voice in deterring nation-state threats and establishing norms for cyberspace, like keeping critical infrastructure off limits from hackers.
After the U.S. created Painter’s cyber role in 2011, other countries followed suit by setting up a similar cyber office in their foreign ministries.
“There’s this whole area of cyber diplomacy that wasn’t there 10 years ago,” Painter said. “This gives us an opportunity to continue to take a leadership role” as U.S. cyber diplomats partner with their counterparts in other countries, he said.
Congress could use legislation to make the State Department’s current cyber structure more permanent.
The Cyber Diplomacy Act, H.R. 1251, would create a similar bureau tasked with overseeing cyberspace, and it would require the department to develop a strategy for countering international cyber threats. A previous version of the bill passed the House in 2018, though it hasn’t yet passed the Senate.
Enacting a law to maintain the bureau would institutionalize the department’s emphasis on cyber diplomacy, said Erica Lonergan, a senior fellow at the Carnegie Endowment for International Peace.
The push to strengthen cyber diplomacy at the State Department is also reflected in a recommendation from the Cyberspace Solarium Commission, a bipartisan commission that Congress created to develop a strategy for defending the U.S. from cyberattacks.
A bureau would help bring attention and resources to U.S. engagement on cyberspace norms and other issues, the commission said in a recent report evaluating progress toward its recommendations from 2020.
Lonergan, a senior director on the commission, said there’s some skepticism about the value of cyber diplomacy, given the magnitude and pace of attacks. Cyber diplomacy’s history has shown a mixed record of success, she said, with a gap between what nation-states agree to on paper and what they practice.
Hacks linked to Russia continue even after U.S. President
Even during the Cold War between the U.S. and the then-Soviet Union, “we had diplomatic relations with our primary adversary,” Lonergan said.
“It would be a mistake to neglect diplomacy” in cyberspace, she said.