State Reauthorization Elevates Cyber Office Tillerson Once Shuttered

A State Department reauthorization bill coming soon from the House Foreign Affairs Committee would elevate and make permanent a cyber diplomacy office that former Secretary of State Rex Tillerson first shuttered and then restored during his short tenure.

The reauthorization bill, which committee chairman Ed Royce, R-Calif., released Friday, would mandate an “office of cyberspace and digital economy” with a presidentially appointed director confirmed by the Senate.

The position follows the broad outlines of a cyber coordinator’s office that former Secretary of State Hillary Clinton created in 2011, but with a few key differences.

Tillerson eliminated the director’s position and shuttered the cyber office as part of a broad bureaucracy-cutting exercise last year. That move drew significant criticism from cybersecurity advocates and members of Congress who said it signaled a U.S. retreat in cyberspace just as Russia, America’s most dangerous cyber adversary, was becoming more belligerent.

Tillerson reversed course and reinstated the position in February but with a more limited focus and housed the position inside State’s economics bureau. That move also drew criticism from experts and lawmakers who argued that the office should address a broad range of non-economic cyber issues, such as national security and human rights.

The reauthorization bill would restore the office’s broad cyber mandate. It would also slot the office’s director beneath the undersecretary for political affairs or a higher-ranking official. The only two officials that rank higher than the political undersecretary are the deputy secretary and secretary of state.

That shift in the reporting chain is significant because it will allow the office to address numerous issues at the intersection of cybersecurity and national security, the office’s former director Chris Painter told Nextgov in an email.

Painter, who assumed the role in 2011 after cyber-focused stints at the White House and Justice Department, is the only official thus far to hold the cyber coordinator’s position. During Painter’s tenure, he reported directly to the secretary of state and was appointed by the secretary rather than the president.

The reauthorization bill mostly tracks with a standalone bill to restore the cyber coordinator’s office that passed the House in January.

The Senate has yet to introduce legislation to restore the cyber office, either as a standalone bill or within a department reauthorization.

The Senate Foreign Relations Committee did not immediately respond to a query Monday about whether such legislation is in the works.

The House reauthorization bill also includes a non-binding section stating the “sense of Congress” that the cyber office should ultimately grow into a full bureau of the State Department.

Don’t Forget About Kaspersky

The bill also prohibits the State Department from buying telecommunications services from any company that the intelligence community believes has assisted another country with a cyberattack or digital spying operations against a U.S. target.

The provision includes waivers and exceptions in certain circumstances, including for U.S. embassies and consulates located in nations where there’s not a reasonable alternative to the suspect company.  

Among other targets, that provision is likely aimed at the Chinese telecoms Huawei and ZTE, which U.S. intelligence officials have suggested could be jumping-off points for the Chinese government to spy on U.S. citizens.

The bill also mandates a report within six months on State Department contracts with the Chinese telecoms or with the Russian anti-virus firm Kaspersky Lab, which the Homeland Security Department banned from government contracts in 2017.

Kaspersky is challenging that ban in U.S. federal court.