State’s New Cyber Office Brings Up Questions About Agency Roles

House Homeland Security Committee lawmakers have questions about the roles the State Department’s new cyber office and the Cybersecurity and Infrastructure Agency would play in a governmentwide approach to cybersecurity. 

“Certainly, the State Department has an important role to play working with our allies to negotiate international cyber norms, though this work should leverage the expertise of CISA and other Federal partners,” Rep. Bennie Thompson, D-Miss., who chairs the committee, and Rep. Yvette Clarke, D-N.Y., who he appointed on Friday to lead Homeland’s subcommittee on cybersecurity, said in a joint statement to Nextgov. “There is no shortage of work that needs to be done – but it is critical that the efforts are coordinated strategically.”

The two were reacting to sentiments from the committee’s Ranking Member John Katko, R-N.Y., who cast doubt on the idea of cyber diplomacy as a whole during an appearance at the State of the Net conference Wednesday, and a debate over how work on cybersecurity should be organized at the State Department. 

“The [fifth generation networking] technology is a big issue,” Katko said during the conference, noting the importance of “clarifying federal roles and responsibilities to prevent counterproductive encroachment on CISA’s mission. I just read recently where State is beefing up their whole cybersecurity arm and they have a very different interest.”

Shortly before leaving office, former Secretary of State Mike Pompeo announced his approval of a new bureau that would “reorganize and resource America’s cyberspace and emerging technology security diplomacy.” Days later, congressional members of the bipartisan, public-private Cyberspace Solarium Commission blasted the move, noting its lack of alignment with the Cyber Diplomacy Act of 2019, a bipartisan bill they said would have broken down silos maintained in the State Department’s current plan. 

Katko on Wednesday seemed to question the very idea of cyber diplomacy. “The intersection for them is not keeping the homeland safe, that's a component of what they consider but diplomacy is also part of it,” he said, adding he’s “not sure cybersecurity and diplomacy are a good mixture. I think when you're making decisions on cybersecurity, they should be based on cybersecurity.” 

 A committee spokesperson later moderated Katko’s comments in response to a request for this story.  

“Ranking Member Katko is very supportive of the State Department’s diplomacy efforts in cyberspace,” the spokesperson said. “This was evidenced by State’s successful work over the last few years to push the U.K. to change its position on Huawei. He simply wants to make sure other civilian executive branch agencies aren’t encroaching upon CISA’s .gov network defense mission.” 

House Foreign Affairs Committee Ranking Member Mike McCaul, R-Texas, sponsored the Cyber Diplomacy Act and plans to reintroduce it this Congress. The effort is still in early phases and being worked on by members of both parties and other committees, an aide told Nextgov. Previous versions of the bill would have required the State Department’s cyber efforts to be led by a Senate-confirmed, presidentially appointed head with ambassador status and would establish principles and rules of the road for international cyberspace policy.

“Rep. McCaul supports the recommendations by the Cyber Solarium Commission, particularly its support for the Cyber Diplomacy Act. He hopes to work with State to ensure cyber policy is properly implemented across the State Department and in relation to our international allies,” Leslie Shedd, spokesperson for the House Foreign Affairs Committee Republicans, said.

Several committees—Foreign Affairs, Finance, Energy, and Commerce and Science to name a few—have jurisdiction over cybersecurity issues, which in the past have sometimes caused stalemates over issues like breach notification requirements, for example. To address this, one Cyberspace Solarium Commission recommendation called for congressional leadership to create House and Senate permanent select committees, similar to those that now handle intelligence matters. Leadership would choose the chair and ranking members, while “the chairs and ranking members of other cyber-relevant committees (as determined by congressional leadership) should also serve as ex-officio members of this committee,” according to the commission’s report.

Rep. Jim Langevin, D-R.I., co-founder of the Congressional Cybersecurity Caucus, has been advocating the special committee for years, before the Solarium Commission ever existed. Langevin also sits on the Homeland Security Committee, is a member of the Solarium Commission and leads the cybersecurity and emerging technology panel of the Armed Services committee, but the idea never gained traction with key members. A Democratic aide told Nextgov Thompson has spoken against the select committee in the past.

The nascent 117th Congress is still organizing its committees and its operating rules. On Jan. 25, House Speaker Nancy Pelosi issued a press release praising a memorandum of understanding signed between leaders of some of the committees with oversight jurisdiction for the Department of Homeland Security. The signing committee chairs agreed to consult with each other before considering any authorization regarding Homeland Security components.

“Before we add a new committee into the fold, Ranking Member Katko believes we owe it to ourselves to try to optimize the current jurisdictional arrangements,” the House Homeland Security committee spokesperson said, in response to the Solarium Commission recommendation. “The recent MOU is a great first step in that direction and we should find ways to build off of that approach.”

Editor’s note: The headline and article have been updated to include comments from the House Foreign Affairs Committee Republicans.