State Department Creates a New Cybersecurity and Emerging Technologies Bureau

The Secretary of State, Mike Pompeo, recently announced the creation of the Cyberspace Security and Emerging Technologies Bureau (CSET) at the U.S. Department of State, following through on the department’s notification to Congress in June 2019 of its plans to create the Bureau. “The need to reorganize and resource America’s cyberspace and emerging technology security diplomacy through the creation of CSET is critical, as the challenges to U.S. national security presented by China, Russia, Iran, North Korea, and other cyber and emerging technology competitors and adversaries have only increased...,” the statement read.

The new Bureau is charged with leading U.S. government diplomatic efforts in “international cyberspace security and emerging technology policy issues that affect U.S. foreign policy and national security, including securing cyberspace and critical technologies, reducing the likelihood of cyber conflict, and prevailing in strategic cyber competition.”

So why now? The creation of CSET comes just days before Pompeo and others at the State Department transition leadership to the incoming Biden Administration. A State Department spokesperson told Nextgov the Bureau’s launch was “not in response” to the recent SolarWinds backdoor breach, in which State has been named among the victims. State’s move to stand up CSET started months before the attack.

Even so, State’s CSET plans have met with less than roaring approvals. In September, the GAO negatively reviewed State’s plans for how it would establish CSET. While “State’s rationale for establishing CSET included the need to improve coordination with other agencies working on national security issues, and … engage more effectively with interagency stakeholders,” GAO was critical that the department “has not informed or involved these agency partners in the development of its reorganization plan for establishing a new Bureau…” Further, GAO concluded that “with multiple agencies involved in cyber diplomacy efforts and supporting similar goals, the potential for negative effects from fragmentation, overlap, and duplication in these efforts exists.” GAO took issue with State’s assertion that “its current coordination processes avoid fragmentation, overlap, and duplication, and is not proposing to change these processes,” concluding that “State has provided no evidence to support its assertion that its current processes avoid fragmentation, overlap, and duplication, or that its reorganization plan will mitigate any risks.”

Now, just days after Pompeo’s announcement several lawmakers in Congress have called on President-elect Joe Biden to halt the Bureau’s creation once he takes office. Senators Angus King (I-ME) and Ben Sasse (R-NE) and Representatives Mike Gallagher (R-WI) and Jim Langevin (D-RI) – members of the congressional Cyberspace Solarium Commission that published numerous federal cybersecurity recommendations last year – released a joint statement criticizing the Bureau’s creation. “In our report, we emphasize the need for a greater emphasis on international cyber policy at State. However, unlike the bipartisan Cyber Diplomacy Act, the State Department’s proposed Bureau will reinforce existing silos and hinder the development of a holistic strategy to promote cyberspace stability on the international stage.”

The focus on cybersecurity at the State Department – whether concerning U.S. international diplomacy on cyber issues or the internal cybersecurity leadership, practices and effectiveness across the enterprise – has been an ongoing area of interest and concern across multiple presidential administrations. And similarly, the Biden Administration will inherit these challenges.