The U.S. and its allies face expanding foreign cyber threats as international trade, communication, and critical infrastructure grow increasingly dependent on cyberspace. In 2019, the State Department said it would establish a Bureau of Cyberspace Security and Emerging Technologies to focus on the issue.

State works with other federal agencies on international cyber issues. However, it has not informed or involved these partners in planning the new bureau, which increases the risks of duplicating efforts and more.

We recommended that State involve federal agencies that contribute to cyber diplomacy in planning its new bureau.

• View Highlights

What GAO Found

The Department of State (State) coordinates with other federal agencies to advance U.S. interests in cyberspace, but it has not involved these agencies in the development of its plan to establish a new cyber diplomacy bureau. In 2019, State informed Congress of its plan to establish a new Bureau of Cyberspace Security and Emerging Technologies (CSET) to align cyberspace policy resources with an international security focus and improve coordination with other agencies working on these issues. However, officials from six agencies that work with State on cyber diplomacy efforts told GAO that State did not inform or involve them in the development of its plan to establish CSET. GAO's prior work on government reorganization has shown that it is important for agencies to involve other agency stakeholders in developing proposed reforms to obtain their views. Without involving and communicating with agency partners on its reorganization plan, State lacks assurance that it will effectively achieve its goals for establishing CSET, and it increases the risk of negative effects from unnecessary fragmentation, overlap, and duplication of cyber diplomacy efforts.

Why GAO Did This Study

The United States and its allies are facing expanding foreign cyber threats as international trade, communication, and critical infrastructure become increasingly dependent on cyberspace. State leads U.S. cyber diplomacy efforts and coordinates with other agencies to improve the cybersecurity of the nation. Members of Congress have proposed, through the Cyber Diplomacy Act of 2019 (H.R. 739), to establish a new office within State that would consolidate responsibility for digital economy and internet freedom issues, together with international cybersecurity issues. State subsequently notified Congress of its plan to establish CSET, with a narrower focus on cyberspace security and emerging technologies. The United States and its allies are facing expanding foreign cyber threats as international trade, communication, and critical infrastructure become increasingly dependent on cyberspace. State leads U.S. cyber diplomacy efforts and coordinates with other agencies to improve the cybersecurity of the nation. Members of Congress have proposed, through the Cyber Diplomacy Act of 2019 (H.R. 739), to establish a new office within State that would consolidate responsibility for digital economy and internet freedom issues, together with international cybersecurity issues. State subsequently notified Congress of its plan to establish CSET, with a narrower focus on cyberspace security and emerging technologies.

GAO was asked to review elements of State's planning process for establishing a new cyber diplomacy bureau. This report examines the extent to which State involved the Departments of Commerce, Defense, Energy, Homeland Security, Justice, and the Treasury in the development of its plan for establishing CSET. GAO reviewed available documentation from State on its planning process for establishing the new bureau and interviewed officials from State and six other agencies. To determine the extent to which State involved other agencies in its planning effort, GAO assessed State's efforts against relevant key practices for agency reforms compiled in GAO's June 2018 report on government reorganization. As part of our ongoing work on this topic, we are also continuing to monitor and review State's overall planning process for establishing this new bureau.

What GAO Recommends

GAO recommends that State involve federal agencies that contribute to cyber diplomacy to obtain their views and identify any risks, such as unnecessary fragmentation, overlap, and duplication of these efforts, as it implements its plan to establish CSET. State did not concur, citing that other agencies are not stakeholders in an internal State reform, and that it was unware that these agencies had consulted with State before reorganizing their own cyberspace security organizations. GAO stands by the recommendation and maintains that State's agency partners are key stakeholders, as they work closely with State on a range of cyber diplomacy efforts. Further, as the leader of U.S. government international efforts to advance U.S. interests in cyberspace, it is important for State to incorporate leading practices to ensure the successful implementation of its reorganization effort.

For more information, contact Brian M. Mazanec at 202-512-5130 or MazanecB@gao.gov, or Nick Marinos at 202-512-9342 or MarinosN@gao.gov.