The State Department’s plan to fold the cyber office and position of cybersecurity coordinator into the bureau of business and economic affairs is just the beginning of a plan to elevate cybersecurity concerns within the department, according to Department of State Deputy Secretary John Sullivan, who testified before the House Foreign Affairs Committee on Sept. 26.
“Our whole cyber effort will be elevated at the department beyond the level that it is now,” said Sullivan. “My expectation is that part of the redesign we will have to elevate, to a Senate-confirmed level, the role, and we’ll have to figure out what the title is and where it figures in the bureaucracy. But our commitment is to elevate and provide the appropriate resources for leadership on this essential issue.”
The Cyber Coordinator post currently remains vacant after Chris Painter’s departure from the position in July, and committee members expressed concern that removing the cyber coordinator would be ill-advised in the face of increasing cyberattacks and breaches in the U.S.
“I’m concerned about plans to downgrade the office of the coordinator for cyber issues and merge it with an existing office within the Bureau of Economic and Business Affairs,” said Rep. Joe Wilson, R-S.C. “At a time when the U.S. is increasingly under attack online, shouldn’t the State Department continue to have high-level leadership focused on the whole range of cyber issues, not relegated to economics?”
“The State Department will have quite a role in the arena,” said Rep. Michael McCaul, R-Texas. “I want to ask about what you envision the future to be on the issue? There’s an office of cyber coordination for cyber issues being sort of downplayed with another office.”
Sullivan said that the subject was a priority for Secretary of State Rex Tillerson, and that his office was committed to working with the White House on raising cybersecurity to a “high level.”
Wilson advocated for the passage of the Digital Gap Act, which would call on the Secretary of State to create an Assistant Secretary for Cyberspace position to lead the State Department’s cybersecurity policy, whereas McCaul called for support on the Cyber Diplomacy Act, which would create an Office of Cyber Issues within the department.
Sullivan’s testimony also placed importance on modernizing State Department IT systems and retaining necessary cyber talent.
“We need to improve our IT platforms, modernize legacy systems, and upgrade our technology infrastructure so that our employees can work anywhere, any time, and as effectively as possible,” said Sullivan. “We urgently need to integrate our IT systems and cybersecurity platforms. Maintenance costs for outdated systems continue to rise. And a decentralized risk management system hinders fast, forceful incident responses. By upgrading our systems and modernizing our technology, we can save money in the long run, reduce overall risks, and facilitate better decision-making in the future. We also received many comments about how outdated technologies at the State Department hinder our employees’ ability to coordinate with others and finish even a minor task.”
“I welcome Secretary Tillerson’s efforts to address the department’s aging technology infrastructure, and strengthen the diversity of the department’s workforce–including increased recruitment of veterans and minority candidates,” said Rep. Ed Royce, R-Calif.
Though much of the goal of the reorganization is to reduce duplication and costs, Sullivan said that his department would pursue additional funds for essential projects like IT modernization.
“There will also be areas […] where, as we go forward particularly with respect to IT infrastructure, where we will in the future need investments,” said Sullivan. “IT is one area where I predict we will need assistance in the future.”
