Governance, Risk and Compliance, Industry Regulations

No. 2 State official on new cyber bureau: ‘It’s the future and we’re behind’

A sign identifies the State Department.

Deputy Secretary of State Wendy Sherman said the State Department’s newly proposed Bureau of Cyberspace and Digital Policy will have to find its way on a number of sticky issues, including how to insert itself into international discussions around cyber norms and the impact of U.S. offensive cyber operations on diplomatic missions, but the underlying need to integrate cybersecurity into broader State operations is long past due.

Sherman's comments came Thursday while speaking virtually with Columbia University faculty and students about the new bureau, as well as State Department efforts on diversity and inclusion. She faced a number of questions about how the newly proposed bureau would operate and fit in with other components at State, acknowledging at several points that many of the answers will likely have to be worked out in real time as policymakers move forward and engage with Congress.

Despite this, she said the State Department cannot afford to wait any longer to build up its diplomatic expertise and infrastructure on cybersecurity.

“All of these things are very complicated and I’m not smart enough to understand all the technologies and how to manage them, but we’re going to grow the expertise here at the State Department and the capacity to be at the table around all of these international negotiations, which are going to grow and grow over the years, to confront the use of technology for surveillance and for control over people by putting together the capability to do so and be the first among equals to do so,” she said.

A day earlier, Secretary of State Antony Blinken gave a speech outlining further details on the newly proposed bureau. The department will work with Congress on legislation that would stand up the bureau, create a Senate-confirmed ambassador-at-large to lead it, as well as a special envoy position that would focus on emerging technologies and fostering relationships and policy coordination around technologies, like artificial intelligence and biotechnology.

The bureau will focus on three key mission areas: international cybersecurity policy, deterrence and cyber operations; international digital policy around promoting “trusted” telecommunications systems and engaging in multilateral discussions and negotiations around human rights online; and engaging with private industry and civil society on technology and cybersecurity issues.

Just how this new entity will fit in with existing U.S. and State Department efforts was the subject of several queries. Sherman, who said she will lead the bureau for at least the first year, indicated that it could be a learning experience on a number of fronts.

When asked about how the bureau would approach existing U.S. discussions around international cyber norms, where countries like Russia and China have moved to aggressively promote their own standards, she said there remain broad areas of disagreement between the U.S. and adversaries like China, as well as allies in Europe, that must be navigated.

“It’s why we’re creating a cyber bureau: to enhance and deepen and broaden our approach to [these issues]. It is the future — as is emerging tech — and we’re behind,” said Sherman. “These are very thorny and difficult issues. The Chinese have a resolution in the UN … right now where they are trying to set the terms and we are trying very hard to not allow them to do that. There are differences between us in the European Union around how we think about privacy. We need to sort through all of these things.”

When asked how diplomats might possibly navigate international cybersecurity issues in an environment where they may not be briefed on U.S.-led offensive cyber operations — often a tightly kept secret even at the highest echelons of government — Sherman said it was “a complex world” and that is one of a number of issues that officials need to figure out as the bureau is stood up.

“We are going to have to develop how to manage exquisite intelligence with our folks who are going to be working in the cyberspace to understand the right and left margins, the guardrails that are necessary, what our capabilities are and what space we want,” she said. “It is, in part why, we have moved to creating this bureau because this is an enormous body of work that will only grow, which takes a lot of technical capabilities, a lot of common sense and has to get married with intelligence in appropriate ways.”

Derek B. Johnson

Derek is a senior editor and reporter at SC Media, where he has spent the past three years providing award-winning coverage of cybersecurity news across the public and private sectors. Prior to that, he was a senior reporter covering cybersecurity policy at Federal Computer Week. Derek has a bachelor’s degree in print journalism from Hofstra University in New York and a master’s degree in public policy from George Mason University in Virginia.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.