Cyber Diplomacy: State's Efforts Aim to Support U.S. Interests and Elevate Priorities
Fast Facts
The U.S. and its allies face growing foreign cyber threats as international trade, communication, and critical infrastructure are increasingly dependent on the internet.
In 2022, the State Department created the Bureau of Cyberspace and Digital Policy to consolidate its efforts and leadership of cyber-related activities into a single unit led by an Ambassador-at-Large.
In doing so, State raised the profile of cyberspace as a diplomatic platform and increased awareness of cyber issues within the department. This better positions State to advance U.S. goals, such as maintaining a free, reliable, and secure internet via international partnerships.
Highlights
What GAO Found
The Department of State (State) conducts a range of diplomatic and foreign assistance activities intended to support objectives identified in the 2023 National Cybersecurity Strategy. Specifically, State engages in multilateral fora and agreements that aim to strengthen norms of responsible state behaviors, deter unacceptable state behaviors, and advance cyber policies. For example, State worked with the United Nations Group of Governmental Experts and Open-Ended Working Group to develop a framework on behavior in cyberspace, including a set of peacetime norms and confidence building measures. According to State officials, establishing cyber norms, including enforcing consequences for rule-breakers, raises the cost of bad behavior in cyberspace and deters wrongdoing. State also engages in bilateral activities to promote U.S. aligned cyber norms and policies, such as working with Denmark to advance the Copenhagen Pledge on Tech for Democracy. This pledge intends to counter authoritarian repression of free speech online and advance digital freedom globally. In addition, State provides foreign assistance, such as training and technical assistance, to strengthen partner capacity all over the world.
New Entities State Created to Elevate Cyber Priorities
State established the Bureau of Cyberspace and Digital Policy (CDP) in April 2022 to elevate cyber priorities and is taking steps to address some of the challenges the new bureau faces as it works to promote U.S. cyber interests. State consolidated its efforts and leadership of cyberspace-related activities into CDP—a single unit led by an Ambassador-at-Large. Previously, several entities within State shared responsibility for cyber diplomacy. GAO found that this change has helped to better position State to achieve its cyber diplomacy goals. For example, CDP's ambassador level leadership has enabled engagement with higher levels of foreign government officials and raised the U.S. profile on cyber globally. GAO also found that State addressed relevant leading reform practices when forming the Bureau. For example, State has an implementation team dedicated to addressing capacity staffing, resources, and change management. CDP still faces challenges as it pursues cyber goals under the reformed structure, such as needing to clarify roles between the bureau and its partners. However, CDP officials identified steps that they are taking to address them.
Why GAO Did This Study
The U.S. and its allies face intensifying foreign cyber threats as international trade, communication, and critical infrastructure grow more dependent on digital technology. State and non-state actors are using cyberspace increasingly as a platform for irresponsible behavior to undermine democracies. The Department of State leads U.S. government international efforts to advance U.S. interests in cyberspace. In April 2022 State stood up CDP with a mission to address national security challenges, economic opportunities, and implications to U.S. values associated with cyberspace, digital technologies, and digital policy.
The James M. Inhofe National Defense Authorization Act for Fiscal Year 2023 includes a provision for GAO to review U.S. diplomatic efforts to advance interests in cyberspace and other related matters. This report examines, among other things, (1) activities State is undertaking to advance U.S. interests regarding cyberspace, including the use of international agreements and fora, and (2) the extent to which organizational changes have helped position or presented challenges for State to achieve its cyber diplomacy goals.
To identify State's activities, GAO analyzed program documents and discussed implementation of strategic objectives with officials from State. To examine State's organizational changes, GAO analyzed documentation of State's reform plans and implementation, and evaluated the extent to which State addressed selected practices identified by GAO as important to reform.
For more information, contact Latesha Love-Grayer at (202) 512-4409 or lovegrayerl@gao.gov.