The chairman of the House Foreign Affairs Committee introduced legislation last Friday to reauthorize the State Department with plans to finalize the creation of a new cyber bureau proposed by former Secretary Rex Tillerson.
Committee Chairman Ed Royce’s (R-Calif.) bill, the Department of State Authorization Act of 2018, includes directives for the State Department to establish a formal international cyberspace policy and improve oversight of its IT systems.
“A strong State Department is essential to advancing America’s many interests overseas,” Royce said in a statement. “This bipartisan bill will help ensure our diplomats have the tools to tackle today’s challenges – including North Korean nuclear threats and Iranian aggression. It will improve diplomat training, bolster embassy security and protect the department’s information technology systems.”
The bill would create the new Office of Cyberspace and the Digital Economy to be led by a president-appointed ambassador who will serve as the department’s top cyber official.
The new cyber office merges the State Department’s Office of the Coordinator for Cyber Issues and the Bureau of Economic Affairs’ Office of International Communications and Information Policy.
Tillerson, who left the department on March 31, first proposed the change as part of a department reorganization plan announced in February (Defense Daily, Feb. 6), and amid growing pressure from lawmakers that Tillerson was downgrading the State Department’s cyber diplomacy role.
Royce’s bill calls on the new top cyber official to create a formal international cyberspace policy for establishing norms on internet freedom, monitoring the digital economy, consequences for cyber threats and responses to attacks.
At a March 12 hearing, lawmakers pressed Secretary of State-nominee Mike Pompeo on his plans for cyber at the department but he did not offer a commitment for how he would handle a reorganization.
Rob Strayer, the department’s current top cyber official, told Defense Daily at a March conference that he expects State Department to follow through with Tillerson’s plan once a new secretary is in place, but he said also did not have an indication of Pompeo’s plan (Defense Daily, March 21).
The reauthorization bill would also require the the secretary to conduct an assessment of the department’s IT systems, and update protocols for reporting cyber incidents and potential breaches.
State Department officials would also be called on to develop a list, with assistance from the Office of the Director of National Intelligence, identifying foreign telecommunications companies that have knowingly assisted in cyber attacks or surveillance against the U.S. government or private sector.
Royce’s bill also directs the State Department to see if it has used products from Russian-based software company Kaspersky Labs or China’s ZTE and Huawei. The companies are suspected of potential malicious cyber activity, and the Department of Homeland Security previously banned federal agencies from using Kaspersky products (Defense Daily, Sept. 13).