State Department cyber diplomacy bill seeks to fill ‘missing piece’ in interagency defense

The State Department is one step closer to standing up a new bureau that would set international norms for cybersecurity.

The Cyber Diplomacy Act will get a vote on the House floor next week, two of its cosponsors said Thursday.

The bill would create a Bureau of International Cyberspace Policy at the State Department, led by an ambassador with the same rank and status as an assistant secretary of state.

House Foreign Affairs Committee Ranking Member Michael McCaul (R-Texas) said the bill, if passed, would fill a “missing piece” in the federal government’s ability to respond to cyberattacks.

Jim Langevin (D-R.I.) chairman of the House Committee on Armed Services Subcommittee on Cyber, Innovative Technologies, and Information Systems, said the bill would help provide a whole-of-government response to major cyber incidents.

Langevin, also a member of the Cyberspace Solarium Commission, said the bill would also give the White House another approach to set cyber boundaries with adversaries besides “exclusively through a military lens.”

“We can’t approach cyberspace with such a one-sided understanding. We must instead leverage a whole-of-society approach that takes into account the cross-cutting nature of this human-made domain,” Langevin said.

Lawmakers have introduced versions of the bill since 2018. The legislation also implements an outstanding recommendation from the Cyberspace Solarium Commission, whose proposal to stand up a Senate-confirmed national cyber director position in the White House became law last year.

Langevin said the national cyber director will assist the State Department in its cyber mission.

“The NCD is responsible for helping to develop and coordinate the implementation of the National Cyber Strategy. This obviously has international components to it. I look at the NCD as a way to help the various departments and agencies stay on the same sheet of music and that hasn’t been the case in the past,” he said.

The bill is also led by House Foreign Affairs Committee Chairman Gregory Meeks (D-N.Y.) and Rep. Mike Gallagher (R-Wis.), another member of the Cyberspace Solarium Commission.

The bill would give the State Department the tools needed to identify, attribute and respond to cyber incidents more quickly. Langevin noted that it can take the U.S. months, if not years, to impose punishments or sanctions, which gives malicious nation-state actions the ability to act with impunity.

“Our adversaries know this, and they take full advantage of our lethargy. We don’t have the luxury of time on our side, unfortunately. Behavior today sets precedent for tomorrow. Irregular activity from our adversaries that deviates from our vision is already being established, and it’s up to us if we are going to lead, or if we are going to be led,” Langevin said.

McCaul and Langevin are also working on mandatory breach notification legislation that would help cyber agencies to respond to breaches more quickly.

State’s cyber ambassador, McCaul said, would have a “complementary” role working with the Cybersecurity and Infrastructure Security Agency to respond to cyber threat intelligence received from the private sector.

“CISA works very well to get this threat information, and with our mandatory breach notification law, we’ll be getting more of this threat information that we can actually scrub to protect companies and their duty to their fiduciary stockholders. They would, in turn, share what the threats are, what the attribution is, and then the ambassador can make the decisions on presidential recommendations for things like sanctions,” McCaul said.

Momentum on the Cyber Diplomacy Act comes just a few weeks after President Joe Biden released his fiscal 2022 budget plan for discretionary spending. That plan would give the State Department a 10% increase to its current budget.

That level of spending falls short of a plan Sens. Chris Murphy (D-Del.), Chris Van Hollen (D-Md.) and Reps. David Cicilline (D-R.I.) and Ami Bera (D-Calif.) proposed that would increase spending at State and the U.S. Agency for International Development by 20%.

Murphy said the department needs the funding to have the diplomatic muscle needed to set international norms in emerging technology.

The Promoting U.S. International Leadership in 5G Act would require the department to develop a diplomatic strategy to increase engagement on 5G with allies and international standards organizations.

Langevin said the Cyber Diplomacy Act would ensure that diplomats will no longer feel “outmatched and outnumbered at every turn.”

“The sooner we do this, the better and coordination is not easy. It takes time to develop relationships and to build muscle memory, about what to do in the wake of an incident. We don’t yet have that muscle memory built-in, we’re still kind of doing it on the fly,” Langevin said.

Related Stories

    (AP Photo/J. Scott Applewhite)The Harry S. Truman Building, headquarters for the State Department, is seen in Washington, Monday, March 9, 2009. (AP Photo/J.  Scott Applewhite)

    State Dept adds 1,200 to Foreign Service ranks under Democrats’ $12B budget plan

    Read more

Comments

Sign up for breaking news alerts