The U.S. State Department fired diplomats and other experts from its cyber diplomacy bureau on July 11 and is splitting apart that bureau — moves that experts say will undermine the U.S. government’s work uniting countries against cyberattacks and reducing risks to critical infrastructure.
The disassembly of the three-year-old Bureau of Cyberspace and Digital Policy (CDP) and the departures of key leaders and employees will make it harder for the U.S. to combat state-sanctioned and cyber-criminal hackers in Russia and China, according to cyber experts and people familiar with the matter, some of whom requested anonymity to speak freely. It will also hinder efforts to counter Beijing and Moscow’s growing tech ambitions and plays for influence on digital policy, according to cyber experts and people familiar with the matter, some of whom requested anonymity to speak freely.
“Terminating diplomats with tech expertise and years of public service, and telling other countries ‘figure out your own cybersecurity,’ only makes the U.S. more vulnerable and puts its cybersecurity in core areas — like for energy, telecommunications, and software — more at risk,” said Justin Sherman, the chief executive of the advisory firm Global Cyber Strategies.
The State Department has fired between nine and 11 staffers in CDP, according to three people familiar with the matter. That includes five of the eight people working on bilateral and regional affairs, including the team’s director; two people in the strategy office, including a deputy director; and Liesyl Franz, a veteran cyber diplomat who has been serving as deputy assistant secretary for international cyberspace security. (Unlike the others, Franz’s firing is not yet final because she has appeal rights as a member of the Senior Executive Service.)
The department is also removing and reassigning the cyber bureau’s acting head, Jennifer Bachus, a longtime diplomat who has served in multiple overseas posts including Kazakhstan, Kosovo, the Czech Republic and Vietnam. Bachus, who declined to comment for this story, informed bureau staff on Thursday afternoon that she will be leaving at the end of the week.
As part of its broader reorganization, the State Department is pulling apart the cyber bureau and moving its pieces to different wings of the agency, according to four people familiar with the matter.
The International Cyberspace Security (ICS) division, which works on coordinated responses to cyberattacks and promotes international cyber norms, is being moved to a new Bureau of Emerging Threats. The existing Strategy, Programs, and Communications (SPC) office is being split, with the program team — which manages foreign cyber aid — staying inside the hollowed-out CDP and the communications and strategy team moving to the personal staff of the Under Secretary for Economic Growth, Energy, and the Environment. The Office of the Coordinator for Digital Freedom (CDF), which promotes human rights and internet freedom, is effectively being closed, with many of its staffers being moved to the staff of the Under Secretary for Public Diplomacy.
With those offices gone, CDP will consist solely of the slimmed-down SPC office and the International Information and Communications Policy (ICP) division, which works on internet governance, technical standards, and digital economy issues. CDP will also move under the umbrella of the Under Secretary for Economic Growth — a major downgrade, given that it previously reported directly to the deputy secretary of state, a position designed to give it high priority inside the department.
“CDP is effectively dismantled,” said one person familiar with the matter.
The government’s cyber diplomats are deeply unsettled by the changes, according to another person. “Morale is rock bottom,” the person said. “Never seen it worse.”
“Everyone is trying their absolute best to continue the work that they can,” this person added, “but for all intents and purposes, the work has ground to a halt.”
A State Department spokesperson said in a statement that its reorganization will make it “more accountable, more accessible, and more transparent,” adding that “many of the offices that we plan to eliminate originally were created to address specific needs” that are no longer applicable. “We saw that many of these offices had served an outdated purpose, had strayed from their original purpose, or were simply duplicative.”
“Short-sighted” moves
Cybersecurity experts criticized the changes, saying they will undermine the work that the bureau has been doing to advance U.S. cyber interests globally.
Chris Painter, who served as the top U.S. cyber diplomat from 2011 to 2017, said the changes were “short-sighted and illogical.”
In particular, Painter said it made no sense to split ICS and ICP. “Cyber and digital issues are cross-dependent and cross-cutting,” he said, “and splitting them into separate (and lower) reporting chains is a recipe for turf wars and uncoordinated and ineffective policy.”
Other experts agreed that splitting ICS’s cyber experts from SPC’s foreign aid coordinators and ICP’s digital policy experts would slow down international engagement — including responses to major hacks — that were previously well coordinated inside the bureau. One person said it was unclear if the U.S. government’s new rapid cyber-incident-response program would remain effective now that its support staff are fragmented.
“Other governments, the private sector and other stakeholders have praised having a one-stop shop at State instead of the fragmented landscape this reorganization will produce,” Painter said.
Others criticized the decision to place ICS, the core cybersecurity-focused team, inside a bureau focused on emerging threats. “Cybersecurity is not ‘emerging’ — it's extant,” said a person familiar with the matter. “It led to the question of whether the reorganization committee understood what it is.”
In parallel to the cuts and changes at the cyber bureau, the State Department has fired all five of the civil servants in the Office of the Special Envoy for Critical and Emerging Technology, according to three people familiar with the matter. The office coordinates the government’s diplomatic engagement on issues like quantum computing, artificial intelligence and biotechnology. (Some Foreign Service officers remain in the office, but it is unclear what will happen to them.)
The Washington Post and Nextgov first reported on some of the firings.
Cyber norms efforts at risk
Dissolving the cyber bureau will likely set back U.S. efforts to forge global agreements that protect American computer networks from hackers, experts said. They predicted that it would undermine deterrence efforts that could reduce the volume of cyberattacks on U.S. businesses, in addition to weakening projects to build digital-security capacity in partner countries that could help the U.S. detect, block, and investigate attacks (projects that often gave business to U.S. tech and cyber firms). Experts also said the changes will hamstring attempts to protect the security of global infrastructure like 5G wireless networks and undersea cables from tampering by authoritarian nations like China and erode efforts to advocate for the role of U.S. businesses and technical standards in multilateral bodies where Beijing is increasingly active.
In addition, experts said, it will be harder for the newly fragmented cyber diplomacy apparatus inside State to promote U.S. interests in cyber norms discussions at the UN and other multinational fora, as well as to expand agreements like Budapest Convention on Cybercrime.
The result will likely be a disintegration of the cyber bureau’s “digital solidarity” strategy, which was designed to protect U.S. computer networks through collective international security and resilience.
The new firings and restructuring are “a gift to our adversaries” and send “the wrong message to our allies,” Painter said, “especially as cyber threats we face and the need for effective diplomacy have never been greater.”
