State's cyber bureau has ‘raised the U.S. profile on cyber globally,’ watchdog says

The State Department’s Bureau of Cyberspace and Digital Policy — or CDP — has been effective in helping the agency advance U.S. interests in cyberspace and develop stronger cyber alliances with global partners since its creation, according to a Government Accountability Office report released on Thursday. 

The watchdog found that CDP’s establishment in April 2022 “helped to better position State to achieve its cyber diplomacy goals” by consolidating its digital efforts within one centralized component led by an ambassador at-large, rather than spreading them out across the department. 

“CDP’s ambassador level leadership has enabled engagement with higher levels of foreign government officials and raised the U.S. profile on cyber globally,” GAO said.

State conducts a range of cyber diplomacy activities, including efforts to “counter threats to the U.S. digital ecosystem and reinforce global norms of responsible state behavior.” The report found that these activities have been bolstered by CDP’s creation, since the bureau now takes the lead in “working with multilateral organizations, such as the U.N., to fortify responsible state behaviors that member states have endorsed.”

These ongoing efforts — spearheaded by CDP — have included working with Ukraine to bolster the nation’s cyber defenses, establishing and engaging in the Freedom Online Coalition and participating in the U.N. Cybercrime Convention’s negotiation process to “facilitate international cooperation to combat cybercrime.” 

The watchdog also said that State’s partnership-building activities align with the goals of the 2023 National Cybersecurity Strategy, which outlined, in part, the need to develop a global coalition of nations to enforce cyber norms that are in line with U.S. values. 

GAO noted that CDP’s efforts to “establish or reinforce norms of responsible behavior in cyberspace” have included providing allied nations with cyber training and technical assistance, as well as funding to partners “that promote cybersecurity best practices aligned with U.S. cyber objectives.”

Although the report largely praised CDP’s cyber diplomacy efforts, it noted that State still needs to address some bureau-specific challenges, including when it comes to “clarifying roles and hiring staff.”

“State officials said that although responsibilities for cyber issues are defined under the new structure, roles remain deliberately shared and complementary department-wide, so clarification is an ongoing challenge,” the report said. 

One lingering issue the report identified, however, is not easily solvable — the “lack of a globally agreed definition for cyber diplomacy.” 

The watchdog noted that “the diverse ways that foreign governments, multilateral actors, civil society and the private sector organize themselves on cyber topics contributes to the challenges that [CDP officials] face in identifying roles and responsibilities for some cyber issues.”