Plans to reorganize the State Department would roll back work achieved over the past three years to centralize cross-sector cybersecurity work under a single bureau, according to Annie Fixler of the Foundation for Defense of Democracies who recently testified at a House hearing on the subject.
Secretary of State Marco Rubio’s reorganization plan “goes against what Congress specifically did, which was integrate those components together,” Fixler told Inside Cybersecurity.
The Biden administration announced the creation of the Cyberspace and Digital Policy Bureau in 2021 to take a holistic approach to international cyber issues. Congress established the bureau in the 2022 authorization of the State Department and further codified its responsibilities in the fiscal 2023 National Defense Authorization Act.
Fixler told Inside Cybersecurity on May 7, “There is no perfect answer to where to place the [CDP] bureau, but the proposed reorganization is very problematic because it splits the bureau in two -- the exact opposite of what the Cyber Diplomacy Act did when it codified the bureau.”
The authorizing statute for the CDP bureau provided “leeway to the Secretary to reassign the bureau to a different to one of the different families,” according to Fixler, prompting discussions of whether it would be a better fit under the economic policy branch or the international security branch.
Fixler said, “It’s not going to not be a perfect fit in either -- but the point is you have to keep the different parts of its work together because they complement each other so much.”
Fixler testified at an April 29 hearing of the House Foreign Affairs Europe subcommittee to consider the future of cyber diplomacy under a new State Department reauthorization.
During the hearing, Fixler discussed the CDP bureau’s capabilities to “airdrop” cyber expertise into allied nations who need assistance and emphasized the urgency of cyber deterrence efforts through the State Department, highlighting how Chinese cyber actors have “pre-positioned destructive capabilities” in U.S. networks.
She told lawmakers, “During the Biden administration, we issued stern warnings but failed to deter Chinese aggression. Trump administration officials and members of Congress have rightfully articulated that our nation needs to go on the offense and punish those who use cyberspace to do us harm, and we need better defense to deny our adversaries their objectives.”
The CDP bureau “plays a critical role” in both of those needs, Fixler argued in the hearing. “Over the course of its short tenure, it has demonstrated it understands these priorities and can execute the mission.”
Fixler was also asked by subcommittee Chairman Bill Self (R-TX) about the military mobility implications of cyber capacity building for allied nations, building on military mobility research published by FDD in March and emphasizing the importance of securing critical infrastructure in other nations where U.S. troops are transported.
Rubio announced plans on April 22 to downgrade the CDP office to report to the Under Secretary for Economic Growth, Energy and Environment, as part of a massive departmental reorganization set to take effect on July 1.
The reorganization plan also creates a new emerging threats bureau that will report to the Under Secretary for Arms Control and International Security.
Fixler pushed against an argument from former cyber diplomat James Lewis on how the reorganization could improve State’s ability to fulfill its cyber responsibilities. She said the emerging threats bureau would classify “cybersecurity and AI as an emerging threat,” which would fragment CDP’s efforts.
Fixler said, “When you start moving things around, you can also inadvertently break things that are working, and [the CDP bureau] is working, so I don't really want to break it.” -- Jacob Livesay (jlivesay@iwpnews.com)