The State Department is establishing a Bureau of Cyberspace and Digital Policy (CDP), to address diplomatic stressors in cybersecurity.
With a Senate-confirmed ambassador, the new bureau will have three divisions, including:
- International cybersecurity focusing on deterrence, negotiations and capacity building
- International digital policy for internet governance and trust in global telecom systems
- Digital freedom in regards to human rights and engagement between the private sector and society.
Secretary of State Antony Blinken announced the changes Oct. 27. "This isn't just a new list of priorities by a new administration," he said. "It reflects a significant reorientation of U.S. foreign policy that focuses on the forces that most directly and consequentially affect Americans' lives," and will be a central focus for alliances.
As the U.S. becomes more intertwined with allies and adversaries in cyberspace, the Biden administration is formalizing cyber diplomacy. Though cybercriminals are relying on safe havens, the U.S. and international law enforcement is still pursuing them. By establishing the CDP, State will help streamline coordination and eliminate the simultaneous — and sometimes redundant — efforts of global partners.
Former Secretary of State Mike Pompeo moved to launch the Bureau of Cyberspace Security and Emerging Technologies (CSET) in January 2021 by, but watchdogs and legislators criticized the State Department restructuring.
The U.S. Government Accountability Office (GAO) found State had not demonstrated "that it used data and evidence to develop the proposal," in a report published shortly after Pompeo approved the bureau.
Congress objected to State's intent, as it wanted to "focus more narrowly on cyberspace security and the security aspects of emerging technologies," the GAO said. Congress criticized the CSET, suggesting the silos a State cyber bureau was meant to break would only be increased.
In addition to the CDP, State plans to establish a new Special Envoy for Critical and Emerging Technology, tasked with leading technology diplomacy and partnerships, particularly for AI, quantum computing and biotechnology.
"We want to promote cooperation, advancing this agenda tech by tech, issue by issue, with democratic partners by our side," Blinken said. The CDP and the envoy will report to Deputy Secretary Wendy Sherman for at least the first year.
Creating cyber policy domestically and abroad
The addition of the bureau and envoy comes on the heels of President Joe Biden's 30-nation ransomware summit, where allied countries agreed to collaborate on information sharing; prosecute cybercriminal gangs; trace and disrupt illegal cryptocurrency transfers; and isolate safe-haven countries for ransomware gangs.
Within the White House, National Cyber Director (NCD) Chris Inglis maintains that the roles of agencies involved in cyber — including CISA, the Office of the NCD, Biden's National Security Council (NSC) — have concurrent responsibilities, not hierarchical, Inglis said during a House Homeland Security Committee Wednesday.
The NSC "applies instruments of power that are outside of cyberspace to bring about desired conditions inside cyberspace," such as assets in intelligence, diplomacy, legal and finance, Inglis said. The same is true for other interagency coordination.
While the U.S. works with international allies in cyberspace, Inglis is cautious of the U.S. engaging in offensive cyber strategy.
"It is important to bring transgressors to justice. I would offer that the set of tools we should bring to bear is considerably larger than simply finding and shooting at them using cyber activities in and through cyberspace," Inglis testified.
While offensive measures cannot be ruled out, the U.S. should focus more on resilience and robustness, particularly in cyber talent. "We're talking a lot today about how do we collaborate, as opposed to achieving simply a division of effort such that these transgressors have to beat all of us to beat one of us," Inglis said.