The State Department released a report May 31, 2018, that outlines goals for diplomatic change in cyberspace as part of a coordinated effort across the federal government to improve cybersecurity in the U.S.
The report, released by the Office of the Coordinator for Cyber Issues and mandated by a May 2017 executive order, maintains that the threats posed by malicious actors in cyberspace must be domestic and foreign policy priorities.
“The activities outlined in this strategy are designed to maximize the returns from U.S. government investment in international engagement towards improving the cybersecurity of the nation,” the report said.
Though most agencies have cyber programs at risk or high risk, the Office of Management and Budget has four ways to resolve the problem.
In particular, the report maintains the importance of both a free and open internet, threatened by nations that seek to control speech and information within their borders, and of international rule of law that deters hackers from attacking through cyberspace.
According to the report, there are five areas where the State Department can act to maintain better international cybersecurity:
- Increase international stability by reducing the risk of conflict from cyberspace – The department plans to work on commitments with international partners on what constitutes acceptable cyber behavior and appropriate deterrence strategies to inappropriate behavior, while developing cyber confidence-building measures with allies.
- Enhance the resilience of the global cyber ecosystem by deterring malicious actors and responding to threats – The U.S. plans to promote information sharing and cooperation between militaries, intelligence organizations and law enforcement agencies on cyber incidents, while promoting cyber education initiatives.
- Uphold an open internet that supports human rights and the free flow of data – Along with like-minded countries, the U.S. aims to support global internet freedom programs and defend the openness of the internet where it is challenged.
- Involve relevant, non-government entities in the governance of cyberspace – To avoid an environment where governments prescribe internet governance policy, the State Department will promote an industry-driven standards for a more secure cyberspace.
- Advance regulations that support innovation and the global nature of cyberspace – The department plans to reject “undue market access restrictions” while advocating for an open market for U.S. technology businesses and protecting intellectual property.
“They further acknowledge the necessity of enhancing U.S. government coordination on all fronts to maximize the effectiveness of international outreach on cyber policy. The Department of State is committed to fulfilling its leadership role in this process,” Secretary of State Mike Pompeo said in a news release on the report.
Despite these goals, the State Department still lacks a high-ranking cyber leader for the very office that released the report, after former Coordinator for Cyber Issues Chris Painter retired in July 2017 and the post was downgraded to operate under the Secretary for Economic Growth.
Painter has been critical of the downgrade, claiming that it sends the wrong message to both adversaries and allies alike that the U.S. is not taking cyber diplomacy as seriously.
And despite proposals to upgrade the position by former Secretary of State Rex Tillerson, the fate of the State Department’s top cyber official is still up in the air, as one legislative effort to establish an ambassador-level cyber post passed the House but received no action in the Senate for nearly six months, while another has yet to move past House committee.