Secretary of State Mike Pompeo has announced a long-awaited cyber security agency, the Cyberspace Security and Emerging Technologies Bureau (CSET), in a move that reverts a four-year cyber diplomacy vacuum at the State Department.
A State Department agency for cyber security isn't a new idea. The State Department had an Office of the Cybersecurity Coordinator under the Obama administration, but former Secretary of State Rex Tillerson consolidated that function into the Bureau of Economic Affairs' Office of International Communications and Information Policy in 2017, effectively downgrading cyber diplomacy as a State function.
In January 2018, the House of Representatives passed the Cyber Diplomacy Act, which would have reintroduced a separate cyber security function within the State Department. Following criticism, Tillerson proposed the creation of a cyber security bureau at the State Department the following month.
Tillerson's idea didn't get off the ground before his departure. In June 2019, the State Department once again proposed a separate cyber security bureau with a $20.8 million budget and an 80-person staff. However, Representative Eliot Engel, who chaired the House Foreign Affairs Committee and co-sponsor of the Cyber Diplomacy Act, put a hold on that plan, calling it too narrow. Engel left the House this month after losing his re-election bid in a Democratic primary.
Pompeo outlined the need for greater cyber diplomacy in his announcement. "The need to reorganize and resource America’s cyberspace and emerging technology security diplomacy through the creation of CSET is critical, as the challenges to U.S. national security presented by China, Russia, Iran, North Korea, and other cyber and emerging technology competitors and adversaries have only increased since the Department notified Congress in June 2019 of its intent to create CSET," he said.
In September, the Government Accountability Office warned that the State Department had not involved relevant federal agencies in the CSET concept’s development. The GAO recommended that the Department consult with any agencies that could contribute to cyber diplomacy to avoid "unnecessary fragmentation, overlap, and duplication of these efforts."
Chris Painter, coordinator for cyber issues at the State Department until Tillerson merged departments, criticized the move this week. "Laughable that this is done @ the 11th hr when this was not adequately resourced or prioritized for 4 yrs. Also, this formulation only preserves stovepipes rather than coordination," he said.
Secretary Pompeo made the announcement shortly after the intelligence community announced Russia was likely to blame for the recent wide-ranging hack on US government agencies. Pompeo recommended that the State Department make moves to immediately create the cyber diplomacy bureau, despite President-elect Joe Biden’s swearing in coming in less than two weeks.
Biden has promised to impose "substantial costs" on countries that hack the US.
-
Cleo attack victim list grows as Hertz confirms customer data stolenNews Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
Lateral moves in tech: Why leaders should support employee mobilityIn-depth Encouraging staff to switch roles can have long-term benefits for skills in the tech sector
-
UK cyber experts on red alert after Salt Typhoon attacks on US telcosAnalysis The UK could be next in a spate of state-sponsored attacks on telecoms infrastructure
-
Healthcare data breaches are out of control – here's how the US plans to beef up security standardsNews Changes to HIPAA security rules will require organizations to implement MFA, network segmentation, and more
-
The US could be set to ban TP-Link routersNews US authorities could be lining up the largest equipment proscription since the 2019 ban on Huawei networking infrastructure
-
US government IT contractor could face death penalty over espionage chargesNews The IT pro faces two espionage charges, each of which could lead to a death sentence or life imprisonment, prosecutors said
-
US identifies and places $10 million bounty on LockBit, Hive ransomware kingpinNews Mikhail Pavlovich Matveev was linked to specific ransomware attacks, including a 2021 raid on the DC police department
-
Breach at US Transportation Department exposes 240,000 employee recordsNews An investigation is underway into the breach, which affected former and current employee data
-
IRS mistakenly publishes 112,000 taxpayer records for the second timeNews A contractor is thought to be responsible for the error, with the agency reportedly reviewing its relationship with Accenture
-
US begins seizure of 48 DDoS-for-hire services following global investigationNews Six people have been arrested who allegedly oversaw computer attacks launched using booters
