Skip to main content

Cyber Diplomacy: State Has Not Involved Relevant Federal Agencies in the Development of Its Plan to Establish the Cyberspace Security and Emerging Technologies Bureau

GAO-20-607R Published: Sep 22, 2020. Publicly Released: Sep 22, 2020.
Jump To:

Fast Facts

The U.S. and its allies face expanding foreign cyber threats as international trade, communication, and critical infrastructure grow increasingly dependent on cyberspace. In 2019, the State Department said it would establish a Bureau of Cyberspace Security and Emerging Technologies to focus on the issue.

State works with other federal agencies on international cyber issues. However, it has not informed or involved these partners in planning the new bureau, which increases the risks of duplicating efforts and more.

We recommended that State involve federal agencies that contribute to cyber diplomacy in planning its new bureau.

Skip to Highlights

Highlights

What GAO Found

The Department of State (State) coordinates with other federal agencies to advance U.S. interests in cyberspace, but it has not involved these agencies in the development of its plan to establish a new cyber diplomacy bureau. In 2019, State informed Congress of its plan to establish a new Bureau of Cyberspace Security and Emerging Technologies (CSET) to align cyberspace policy resources with an international security focus and improve coordination with other agencies working on these issues. However, officials from six agencies that work with State on cyber diplomacy efforts told GAO that State did not inform or involve them in the development of its plan to establish CSET. GAO's prior work on government reorganization has shown that it is important for agencies to involve other agency stakeholders in developing proposed reforms to obtain their views. Without involving and communicating with agency partners on its reorganization plan, State lacks assurance that it will effectively achieve its goals for establishing CSET, and it increases the risk of negative effects from unnecessary fragmentation, overlap, and duplication of cyber diplomacy efforts.

Why GAO Did This Study

The United States and its allies are facing expanding foreign cyber threats as international trade, communication, and critical infrastructure become increasingly dependent on cyberspace. State leads U.S. cyber diplomacy efforts and coordinates with other agencies to improve the cybersecurity of the nation. Members of Congress have proposed, through the Cyber Diplomacy Act of 2019 (H.R. 739), to establish a new office within State that would consolidate responsibility for digital economy and internet freedom issues, together with international cybersecurity issues. State subsequently notified Congress of its plan to establish CSET, with a narrower focus on cyberspace security and emerging technologies. The United States and its allies are facing expanding foreign cyber threats as international trade, communication, and critical infrastructure become increasingly dependent on cyberspace. State leads U.S. cyber diplomacy efforts and coordinates with other agencies to improve the cybersecurity of the nation. Members of Congress have proposed, through the Cyber Diplomacy Act of 2019 (H.R. 739), to establish a new office within State that would consolidate responsibility for digital economy and internet freedom issues, together with international cybersecurity issues. State subsequently notified Congress of its plan to establish CSET, with a narrower focus on cyberspace security and emerging technologies.

GAO was asked to review elements of State's planning process for establishing a new cyber diplomacy bureau. This report examines the extent to which State involved the Departments of Commerce, Defense, Energy, Homeland Security, Justice, and the Treasury in the development of its plan for establishing CSET. GAO reviewed available documentation from State on its planning process for establishing the new bureau and interviewed officials from State and six other agencies. To determine the extent to which State involved other agencies in its planning effort, GAO assessed State's efforts against relevant key practices for agency reforms compiled in GAO's June 2018 report on government reorganization. As part of our ongoing work on this topic, we are also continuing to monitor and review State's overall planning process for establishing this new bureau.

Recommendations

GAO recommends that State involve federal agencies that contribute to cyber diplomacy to obtain their views and identify any risks, such as unnecessary fragmentation, overlap, and duplication of these efforts, as it implements its plan to establish CSET. State did not concur, citing that other agencies are not stakeholders in an internal State reform, and that it was unware that these agencies had consulted with State before reorganizing their own cyberspace security organizations. GAO stands by the recommendation and maintains that State's agency partners are key stakeholders, as they work closely with State on a range of cyber diplomacy efforts. Further, as the leader of U.S. government international efforts to advance U.S. interests in cyberspace, it is important for State to incorporate leading practices to ensure the successful implementation of its reorganization effort.

Recommendations for Executive Action

Agency Affected Recommendation Status
Department of State
Priority Rec.
The Secretary of State should ensure that State involves federal agencies that contribute to cyber diplomacy to obtain their views and identify any risks, such as unnecessary fragmentation, overlap, and duplication of these efforts, as it implements its plan to establish the Bureau of Cyberspace Security and Emerging Technologies.
Closed – Implemented
In comments on a draft of this report, the Department of State did not concur with our recommendation. In April 2022, after several months of review, State formally established the Bureau of Cyberspace and Digital Policy (CDP). State officials noted that, as part of this review process, they reviewed our work and consulted with senior officials from the Departments of Defense, Homeland Security, and Commerce, as well as the National Security Council, Federal Bureau of Investigation, and the Office of the National Cyber Director. During these consultations, State obtained agency views and identified risks.

Full Report

GAO Contacts

Nick Marinos
Managing Director
Information Technology and Cybersecurity

Brian M. Mazanec
Director
Defense Capabilities and Management

Media Inquiries

Sarah Kaczmarek
Managing Director
Office of Public Affairs

Public Inquiries

Topics

Critical infrastructureCyberspaceCyberspace threatsDiplomacyEmerging technologiesFederal agenciesForeign affairsGovernment reformInternational affairsInternational relationsInternetReorganization