End the Uncertainty about Cybersecurity at State

Congress has an opportunity to do something good for national security by establishing in the State Department a new bureau responsible for cybersecurity and emerging technologies. The new bureau would replace the ad hoc arrangements that exist now. Secretary Pompeo submitted plans for this change months ago, but Congress has not acted for reasons that do not withstand scrutiny. The proposed change has been slowed by bureaucratic infighting and confusion, and there is some risk that if Congress acts, it will do the wrong thing.

Many of the objections to creating this new Bureau of Cyberspace Security and Emerging Technologies make no sense because they are turf battles that have nothing to do with substance or efficient operations.

There are questions about how the bureau will coordinate policy across the department. The answer is the same way that any other bureau (and Under Secretary) coordinates policy across the department. Emerging technologies and cybersecurity are not the only crosscutting issues in foreign policy; this is an old issue and not a serious obstacle, and all offices and bureaus need to coordinate.

There is also a debate about where the new bureau should be housed—under the Under Secretary for Arms Control and International Security, the Under Secretary for Political Affairs, or the Under Secretary for Economic Growth, Energy, and the Environment. The Under Secretary for Political Affairs is usually considered the third ranking office at State, and as such, a case could be made that all bureaus should fall under his or her purview. But large departments cannot be run like a congressional office. This is not the most efficient form of management, and the precedent at State since the 1970s is to put international security problems involving technology and strategic arms in the portfolio of the Under Secretary for Arms Control and International Security.

There are concerns about how the new bureau will be staffed since some of the staffers will come from other offices. Again, complaints about losing headcount are not new in bureaucratic politics. Transfers are a normal practice when new offices are created, and at times, those being transferred are eager to move. Departments that don't reconfigure stagnate, and some of the offices involved in this dispute date back to the dissolution of the Arms Control and Disarmament Agency during the Clinton administration. The international security portfolio has changed immensely since then, and State needs to allocate staff to match these new priorities.

The new bureau then should logically fall under the Under Secretary for Arms Control and International Security, which already oversees nonproliferation, arms transfers and export controls, and arms control, since cybersecurity and emerging technologies drive the new arms control and nonproliferation agenda. Frankly, this should have happened years ago. Some argue that the cybersecurity function will decline in prestige and influence if it is not housed under the Secretary or the Deputy Secretary. Cybersecurity began as an appendage of the Secretary's office when it was a new and not so important issue. The experience of the previous administration, which by the end had more than 60 special envoys for specific issues, was not positive. Issues that are growing in importance need to be embedded in the existing structure of bureaus and offices at State.

One concern, raised by industry groups, is that putting cybersecurity in the international security portfolio would damage economic interests; some of these groups suggested that the issue might be better housed in the Economic Bureau. An immediate counterpoint is the name—cybersecurity. This is a security issue. It is not an economic or business issue (or of treaty verification) but one of national security. Assigning responsibility to a part of State where international security is not the primary focus guarantees confusing and ineffective policy. Important issues such as internet governance and negotiations in the International Telecommunications Union will appropriately stay in the Economics Bureau, but it is not the place to handle security issues.

Normal practice would be to let the Secretary decide how to organize the department, and this remains the best approach. Congressional intervention in such matters is not unknown and on occasion can be helpful. If cybersecurity and emerging technologies are placed under some other Under Secretary or left floating about the diplomatic machinery, it will complicate U.S. ability to engage internationally and damage State's ability to make policy or participate in interagency discussions.

We are in a very different world when it comes to international security than was the case in 2011, when the current cyber office was created. State needs to adjust accordingly. This means new offices are needed while other offices should shrink. Emerging technologies will change the requirements for stability, nonproliferation, and security in ways that will require greater focus, attention, and coordination. Cybersecurity and emerging technologies create a new agenda for international security that we have only begun to define. Policymaking and engagement for these topics must be coordinated with the larger problems of nonproliferation, strategic technologies, and technology transfer—all the issues that fall under the Under Secretary for Arms Control and International Security. Continued delay or continued confusion would be a mistake and a setback.

James Andrew Lewis is a senior vice president at the Center for Strategic and International Studies in Washington, D.C. He was one of the foreign service officers who oversaw the integration of ACDA with the State Department in the 1990s.

Commentary is produced by the Center for Strategic and International Studies (CSIS), a private, tax-exempt institution focusing on international public policy issues. Its research is nonpartisan and nonproprietary. CSIS does not take specific policy positions. Accordingly, all views, positions, and conclusions expressed in this publication should be understood to be solely those of the author(s).

© 2019 by the Center for Strategic and International Studies. All rights reserved