A thumbs-up for State's 3-year-old cyber bureau

The three-year-old Bureau of Cyberspace and Digital Policy has helped the State Department to advance the country's interests in cyberspace and strengthen cyber alliances with foreign partners, a watchdog agency found.

By consolidating the department's digital efforts under an ambassador at-large, CDP has “helped to better position State to achieve its cyber diplomacy goals," according to a recently released report from the Government Accountability Office. “CDP’s ambassador level leadership has enabled engagement with higher levels of foreign government officials and raised the U.S. profile on cyber globally."

GAO found that CDP had helped State's efforts to “counter threats to the U.S. digital ecosystem and reinforce global norms of responsible state behavior” because the bureau takes the lead in “working with multilateral organizations, such as the U.N., to fortify responsible state behaviors that member states have endorsed.”

CDP has spearheaded efforts to bolster Ukraine’s cyber defenses, to establish and engage in the Freedom Online Coalition, and to negotiate the U.N. Cybercrime Convention, which aims to “facilitate international cooperation to combat cybercrime.” 

The watchdog also said that State’s partnership-building aligns with the goals of the 2023 National Cybersecurity Strategy, which include developing a coalition of nations to enforce cyber norms that are in line with U.S. values. 

GAO noted that CDP’s efforts to “establish or reinforce norms of responsible behavior in cyberspace” have included providing allied nations with cyber training and technical assistance, as well as funding to partners “that promote cybersecurity best practices aligned with U.S. cyber objectives.”

Although the report largely praised CDP’s cyber diplomacy efforts, it noted that State still needs to address some bureau-specific challenges, including when it comes to “clarifying roles and hiring staff.”

“State officials said that although responsibilities for cyber issues are defined under the new structure, roles remain deliberately shared and complementary department-wide, so clarification is an ongoing challenge,” the report said. 

One lingering issue the report identified, however, is not easily solvable: the “lack of a globally agreed definition for cyber diplomacy.” 

The watchdog noted that “the diverse ways that foreign governments, multilateral actors, civil society and the private sector organize themselves on cyber topics contributes to the challenges that [CDP officials] face in identifying roles and responsibilities for some cyber issues.”