The Department of State has launched a bureau that creates a layer of international diplomacy to the government's cyber defense landscape.
The newly-created Bureau of Cyberspace Security and Emerging Technologies (CSET) was last week approved by Secretary of State Mike Pompeo.
The launch of CSET comes amid an increase in nation state cyberthreats, with ever evolving threats coming from cyber adversaries including China, Russia, Iran, North Korea among other actors.
The bureau will lead U.S. diplomatic efforts on a wide range of international cyberspace security policy and emerging technology issues that affect U.S. foreign policy and national security. Its focus will include securing cyberspace and other critical technologies, reducing the likelihood of cyber conflicts and prevailing in strategic cyber competition, according to the State Department.
"The State Department has always worked closely with all relevant government agencies on a broad range of cyber policy issues, and it continues to do so as part of an effective and well-coordinated interagency process," a State Department spokesperson said.
Industry officials see the launch of CSET as an important step in helping to develop a cooperative effort between the federal government and private sector in responding to a growing number of threats facing companies in the global economy.
"In the past, being able to coordinate the multinational orchestration of law enforcement and legal work to shut down attacker infrastructure placed globally was elusive to all but the largest multinational corporations," said David Klein, Field CTO at Guardicore. "This new bureau will be able to protect a larger subset of U.S. enterprises by not only expediting coordinated responses to global cyberattacks, but also through the establishment of best practices."
The bureau was created following the recommendations of the Cyberspace Solarium Commission, which saw it as a means of increasing the role of diplomatic "norms" in the fight against international cyberthreat activities.
The new bureau faces pushback. The four legislative members of the Cyberspace Solarium Commission, Sen. Angus King, I-ME; Sen. Ben Sasse, R-NE; Rep. Mike Gallagher, R-WI; and Rep. Jim Langevin, D-RI, issued a statement urging a delay in the implementation of the bureau when President-elect Joe Biden takes office.
"We are concerned the State Department has moved forward with a misguided cyberspace reorganization in the waning days of the Trump administration despite objections from Congressional leaders," the officials said in a statement. "In our report, we emphasize the need for a greater emphasis on international cyber policy at State."
The officials said that unlike what was in the bipartisan Cyber Diplomacy Act, the bureau as it's currently planned "will reinforce existing silos and hinder the development of a holistic strategy to promote cyberspace stability on the international stage."
CSET will be a step in the right direction in shaping important international policies with other countries, Steve Horvath, vice president of strategy & cloud at Telos Corp. Many of the threats industry faces in cyberspace today are targeted at U.S. government agencies as well as corporations.
"With the majority of U.S. government and private sector activities occurring online, having a focus solely on policy implications internationally related to cybersecurity and emerging technology will keep policy on the cutting edge of both domains," he said.
However, Rick Tracy, CSO at Telos, had concerns about just how much coordination there would be between the CSET and other cybersecurity agencies within the Department of Homeland Security and other entities. Cross-agency sharing has been an issue in the past and any new agency would benefit from full collaboration, he said.
The real value of such a bureau may depend on how closely coordinated it works with other agencies in the cyber defense arena, according to Michael O'Hanlon, a senior fellow at The Brookings Institution
"So this seems like it has a more narrow purpose of encouraging best practices internationally and perhaps using social media tools for promotional/messaging purposes," he said. "Unless linked to and buttressed by corresponding expansions of effort elsewhere, my first instinct is to view it a useful, but relatively minor initiative."
Editor's note: This piece has been updated with statements from the Cyberspace Solarium Commission.