Watchdog cites potential improvements for State’s cyber diplomacy office amid agency reorg

The efficacy of the State Department’s Bureau of Cyberspace and Digital Policy fell under scrutiny in Congress on Tuesday, as government oversight officials offered insights into what the office needs to function in the face of the agency’s internal reorganization.

Testifying on Tuesday before the House Committee on Foreign Affairs’ Europe Subcommittee, Latesha Love-Grayer — the director of the Government Accountability Office’s international affairs and trade division — cited her office’s audits and reports from September 2020 to January 2024 in evaluating the CDP’s communication with other federal stakeholders and how the changes to the bureau's structure helped its cyber diplomacy goals.

Among its strengths, Love-Grayer recounted CDP’s interagency and foreign coalition coordination efforts to strengthen information sharing and threat management within the global digital ecosystem. Specific examples she mentioned included negotiating the UN Cyber Crime Convention on behalf of the U.S. and engaging with the European Union to develop shared 6G wireless networking principles. 

She said CDP’s existence as a federal bureau offered “senior level support resources and involvement that did not exist before,” and helped to align foreign and domestic cybersecurity policy.

In addition to these achievements, however, Love-Grayer noted outstanding challenges with which the bureau still contends.

“We reported that CDP’s status as a bureau provided senior level support resources and involvement that did not exist before,” she said. “Although State’s efforts to promote cyber diplomacy have evolved, challenges remained. Among them: clearly defining CDP's roles and responsibilities across overlapping issue areas with other intra- and inter-agencies that conduct work in cyber diplomacy … as well as ensuring that the bureau had sufficient expertise to carry out its goals.”

The occasional overlap in CDP’s specific purview breeds potential redundancy across offices within State and other agencies, like the department’s Bureau of Democracy, Human Rights and Labor. Love-Grayer said she believes more communication has emerged between all of State’s bureaus to help delineate focus areas. 

“There is still some overlap in the missions, and I think there could be greater delineation between who's taking the lead on certain issues — if they're not going to be consolidated in any kind of way,” she said. “In terms of the interagency currently, they have formal interagency agreements with several agencies: DHS, DOD, FCC [and the] Department of Commerce. Those do seem to be working well, because they outline the parameters of those relationships and who's taking the lead.”

The watchdog’s assessment comes just after State announced earlier this month that CDP would be moved out from under the Deputy Secretary’s office and into the Economic Growth office as part of a wide-reaching reorganization of the entire agency which has been accompanied by a 15% reduction in staff.

Love-Grayer said that where CDP sits within the larger reporting structure at State will play a big role in the bureau’s focus.

“Depending on where [CDP] sits … they have to compete for resources, and it also needs the ability to have the leader communicate with the most senior leaders at State in order to make some pretty important decisions,” she said. 

Love-Grayer noted that CDP’s communication with leadership at partner agencies — namely the Cybersecurity and Infrastructure Security Agency and the office of the National Cyber Director — was facilitated by the CDP ambassador-at-large’s direct reporting to State’s deputy secretary. That structure gave the CDP ambassador “more direct influence and the ability to get leadership support on major decisions,” offering the bureau a “higher level of gravitas” when asking for support and resources.

She explained that it was also very important for CDP leadership to have a direct line to the deputy secretary at State, a setup threatened by Secretary of State Marco Rubio’s proposed reorganization.

“There was a lot of coordination there,” she said. “At the same time, the views and the interest and issues that the ambassador heard out in the world, he would bring back to our leaders here and on the domestic side to ensure that we could learn from that as well, that we were using that to inform our own strategies and our own protections at home. So that collaboration we found to be pretty important.”

Recruiting the right personnel to help execute CDP’s mission has also been a challenge. Love-Grayer said that one of GAO’s reviews found that the office’s need to secure staff with both technical acumen and diplomatic skills required it to compete with more lucrative private sector roles. 

“One of the concerns that we had after we conducted our review on CDP, is that they did need to recruit a specific type of official,” she said. “As we spoke with the former ambassador of CDP, he noted it's very hard to compete with the private sector for individuals who can harness both of those skill sets. And so having the staff, if you want to get them on board, keeping them and helping them to grow and understand the issues is important.”

But subcommittee Chairman Keith Self, R-Texas, questioned whether CDP’s structure will actually serve the interests of the agency and the federal government writ large.

“The Department of State agreement on a cybercrime UN treaty that conflicted with CDP policy lead and recommendations begs the question of the actual authority wielded by CDP,” Self said.

Ranking Member Rep. William Keating, D-Mass., criticized the Trump administration’s plans to change the CDP’s structure, saying it will “create exactly the duplication and the waste this administration says it seeks to avoid.”