Chinese COVID-19 Cyber Intrusions and the State Department’s Cyber Bureau

(Photo: Shutterstock)

On the same day that the Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) issued a joint warning to COVID-19 research organizations about China’s cyber threat, the Cyberspace Solarium Commission got its hearing in the Senate.

“How would some of the recommendations, specifically in this report of yours, enable us to combat these kind of attacks that we are seeing from China?” asked Sen. Gary Peters, D-Mich., the ranking member of the Homeland Security and Governmental Affairs committee. Sen. Peters sent the president a letter on the topic the day before.

CDM Central is going virtual for the June 2020 Conference Learn More

Sen. Angus King, Jr., I-Maine, a witness and a Solarium co-chair, gave the big picture view at the May 13 hearing.

“We need to step back and start talking about international norms and standards,” said Sen. King, calling China “a long-range problem in cyberspace.” He went on to say that if there is a violation, it needs to be the whole world calling foul, not just the United States.

The Solarium’s Solution

The next day as Secretary of State Mike Pompeo joined the chorus warning against China, Solarium staff clarified a problem of the United States’ effort to establish international standards and proposed their solution at an online event hosted by the commission.

“The Department of State is on the frontline of the diplomatic efforts to stop destabilizing behavior in cyberspace,” said a Solarium Senior Director Val Cofield, adding that “currently, the office which oversees this effort is only staffed by 15 people.”

Cofield, who has worked as a deputy assistant director for the FBI’s Cyber Division, pointed to the passage of a Russia-backed resolution at the United Nations last year as evidence that the office needs more resources. The resolution passed in the U.N.’s Open-Ended Working Group, which permits the participation of all member states. The U.N.’s Group of Governmental Experts has 25 selected member states and has introduced the principle that international law applies to the digital space.

“The commission advocates working in both fora,” said Cofield, adding that the United States should be part of a broader alliance that the State Department needs to build, specifically in those fora.

The commission’s report, released in March, recommends the creation of a Bureau of Cyberspace Security and Emerging Technologies within the U.S. Department of State. The proposed bureau would elevate the level of the current office and be led by an Assistant Secretary of State, “reporting to the Under Secretary for Political Affairs or someone of higher rank,” according to the commission report.

Cofield, who led the commission task force on the topic, said the Solarium worked closely with State and had “several discussions and interviews” before making their final recommendation.

The Sticking Point

The idea is not entirely new, however. The Office of the Coordinator for Cyber Issues launched in 2011 under then-Secretary of State Hillary Clinton. The office led cyber diplomacy for six years before then-Secretary of State Rex Tillerson reduced the office’s strength in August 2017 as part of reorganization.

A bill to strengthen and stabilize the office, by creating a Senate-confirmed position to lead an Office of Cyber Issues in the Department of State passed the House in 2018, but stalled in the Senate.

Rep. Michael McCaul, R-Texas, and Rep. Eliot Engel, D-N.Y., reintroduced a similar bill, Cyber Diplomacy Act of 2019, H.R. 739, to begin the current session of Congress. Former Rep. Mark Meadows, R-N.C., the current White House Chief of Staff, co-sponsored both iterations of the bill. But again, the bill seems to be stalled.

“The reason we haven’t gotten it done is bureaucratic infighting,” said Mark Montgomery, the Solarium’s executive director and the former policy director of the Senate Armed Services Committee, during the Solarium event May 14. The issue of what section of the department the cyber office goes in has been a sticking point the past several years, he said.

“The truth is I don’t care what section of the State Department it went in,” said Montgomery, alluding to the debate of the past few years. “It will do a lot of good,” he said.

Categories

Recent