January 25, 2022

News

News Network

Cyber Diplomacy: State Has Not Involved Relevant Federal Agencies in the Development of Its Plan to Establish the Cyberspace Security and Emerging Technologies Bureau

13 min read
<div>The Department of State (State) coordinates with other federal agencies to advance U.S. interests in cyberspace, but it has not involved these agencies in the development of its plan to establish a new cyber diplomacy bureau. In 2019, State informed Congress of its plan to establish a new Bureau of Cyberspace Security and Emerging Technologies (CSET) to align cyberspace policy resources with an international security focus and improve coordination with other agencies working on these issues. However, officials from six agencies that work with State on cyber diplomacy efforts told GAO that State did not inform or involve them in the development of its plan to establish CSET. GAO's prior work on government reorganization has shown that it is important for agencies to involve other agency stakeholders in developing proposed reforms to obtain their views. Without involving and communicating with agency partners on its reorganization plan, State lacks assurance that it will effectively achieve its goals for establishing CSET, and it increases the risk of negative effects from unnecessary fragmentation, overlap, and duplication of cyber diplomacy efforts. The United States and its allies are facing expanding foreign cyber threats as international trade, communication, and critical infrastructure become increasingly dependent on cyberspace. State leads U.S. cyber diplomacy efforts and coordinates with other agencies to improve the cybersecurity of the nation. Members of Congress have proposed, through the Cyber Diplomacy Act of 2019 (H.R. 739), to establish a new office within State that would consolidate responsibility for digital economy and internet freedom issues, together with international cybersecurity issues. State subsequently notified Congress of its plan to establish CSET, with a narrower focus on cyberspace security and emerging technologies. The United States and its allies are facing expanding foreign cyber threats as international trade, communication, and critical infrastructure become increasingly dependent on cyberspace. State leads U.S. cyber diplomacy efforts and coordinates with other agencies to improve the cybersecurity of the nation. Members of Congress have proposed, through the Cyber Diplomacy Act of 2019 (H.R. 739), to establish a new office within State that would consolidate responsibility for digital economy and internet freedom issues, together with international cybersecurity issues. State subsequently notified Congress of its plan to establish CSET, with a narrower focus on cyberspace security and emerging technologies. GAO was asked to review elements of State's planning process for establishing a new cyber diplomacy bureau. This report examines the extent to which State involved the Departments of Commerce, Defense, Energy, Homeland Security, Justice, and the Treasury in the development of its plan for establishing CSET. GAO reviewed available documentation from State on its planning process for establishing the new bureau and interviewed officials from State and six other agencies. To determine the extent to which State involved other agencies in its planning effort, GAO assessed State's efforts against relevant key practices for agency reforms compiled in GAO's June 2018 report on government reorganization. As part of our ongoing work on this topic, we are also continuing to monitor and review State's overall planning process for establishing this new bureau. GAO recommends that State involve federal agencies that contribute to cyber diplomacy to obtain their views and identify any risks, such as unnecessary fragmentation, overlap, and duplication of these efforts, as it implements its plan to establish CSET. State did not concur, citing that other agencies are not stakeholders in an internal State reform, and that it was unware that these agencies had consulted with State before reorganizing their own cyberspace security organizations. GAO stands by the recommendation and maintains that State's agency partners are key stakeholders, as they work closely with State on a range of cyber diplomacy efforts. Further, as the leader of U.S. government international efforts to advance U.S. interests in cyberspace, it is important for State to incorporate leading practices to ensure the successful implementation of its reorganization effort. For more information, contact Brian M. Mazanec at 202-512-5130 or MazanecB@gao.gov, or Nick Marinos at 202-512-9342 or MarinosN@gao.gov.</div>

What GAO Found

The Department of State (State) coordinates with other federal agencies to advance U.S. interests in cyberspace, but it has not involved these agencies in the development of its plan to establish a new cyber diplomacy bureau. In 2019, State informed Congress of its plan to establish a new Bureau of Cyberspace Security and Emerging Technologies (CSET) to align cyberspace policy resources with an international security focus and improve coordination with other agencies working on these issues. However, officials from six agencies that work with State on cyber diplomacy efforts told GAO that State did not inform or involve them in the development of its plan to establish CSET. GAO’s prior work on government reorganization has shown that it is important for agencies to involve other agency stakeholders in developing proposed reforms to obtain their views. Without involving and communicating with agency partners on its reorganization plan, State lacks assurance that it will effectively achieve its goals for establishing CSET, and it increases the risk of negative effects from unnecessary fragmentation, overlap, and duplication of cyber diplomacy efforts.

Why GAO Did This Study

The United States and its allies are facing expanding foreign cyber threats as international trade, communication, and critical infrastructure become increasingly dependent on cyberspace. State leads U.S. cyber diplomacy efforts and coordinates with other agencies to improve the cybersecurity of the nation. Members of Congress have proposed, through the Cyber Diplomacy Act of 2019 (H.R. 739), to establish a new office within State that would consolidate responsibility for digital economy and internet freedom issues, together with international cybersecurity issues. State subsequently notified Congress of its plan to establish CSET, with a narrower focus on cyberspace security and emerging technologies. The United States and its allies are facing expanding foreign cyber threats as international trade, communication, and critical infrastructure become increasingly dependent on cyberspace. State leads U.S. cyber diplomacy efforts and coordinates with other agencies to improve the cybersecurity of the nation. Members of Congress have proposed, through the Cyber Diplomacy Act of 2019 (H.R. 739), to establish a new office within State that would consolidate responsibility for digital economy and internet freedom issues, together with international cybersecurity issues. State subsequently notified Congress of its plan to establish CSET, with a narrower focus on cyberspace security and emerging technologies.

GAO was asked to review elements of State’s planning process for establishing a new cyber diplomacy bureau. This report examines the extent to which State involved the Departments of Commerce, Defense, Energy, Homeland Security, Justice, and the Treasury in the development of its plan for establishing CSET. GAO reviewed available documentation from State on its planning process for establishing the new bureau and interviewed officials from State and six other agencies. To determine the extent to which State involved other agencies in its planning effort, GAO assessed State’s efforts against relevant key practices for agency reforms compiled in GAO’s June 2018 report on government reorganization. As part of our ongoing work on this topic, we are also continuing to monitor and review State’s overall planning process for establishing this new bureau.

What GAO Recommends

GAO recommends that State involve federal agencies that contribute to cyber diplomacy to obtain their views and identify any risks, such as unnecessary fragmentation, overlap, and duplication of these efforts, as it implements its plan to establish CSET. State did not concur, citing that other agencies are not stakeholders in an internal State reform, and that it was unware that these agencies had consulted with State before reorganizing their own cyberspace security organizations. GAO stands by the recommendation and maintains that State’s agency partners are key stakeholders, as they work closely with State on a range of cyber diplomacy efforts. Further, as the leader of U.S. government international efforts to advance U.S. interests in cyberspace, it is important for State to incorporate leading practices to ensure the successful implementation of its reorganization effort.

For more information, contact Brian M. Mazanec at 202-512-5130 or MazanecB@gao.gov, or Nick Marinos at 202-512-9342 or MarinosN@gao.gov.

News Network

  • Justice Department Settles Title VII Lawsuit Against Tallahatchie County, Mississippi, Alleging Intentional Discrimination Based on Race
    In Crime News
    The Department of Justice announced today that it has reached a settlement agreement resolving the United States’ claims that Tallahatchie County, Mississippi, and the Tallahatchie County sheriff in his official capacity (collectively, Tallahatchie County), intentionally discriminated against Black deputy sheriffs based on their race, by paying them less than white deputy sheriffs, in violation of Title VII of the Civil Rights Act of 1964.
    [Read More…]
  • Priority Open Recommendations: Department of Health and Human Services
    In U.S GAO News
    What GAO Found In April 2020, GAO identified 55 priority recommendations for the Department of Health and Human Services (HHS). Since then, HHS has implemented eight of those recommendations by, among other things, taking actions to improve the quality of care in the Indian Health Service's federally-operated facilities and improve the accuracy and completeness of Medicaid data to expedite their use for program oversight. In addition to the eight priority recommendations HHS implemented, four recommendations are no longer open priority recommendations, primarily because they became a lower priority as a result of recent regulatory or programmatic changes. In May 2021, GAO identified 18 additional priority recommendations for HHS—including some recommendations related to the Coronavirus Disease 2019 (COVID-19) pandemic—bringing the total number of priority recommendations to 61. These recommendations involve the following areas: COVID-19 response and other public health emergency preparedness; Public health and human services program oversight; Food and Drug Administration oversight; National efforts to prevent, respond to, and recover from drug misuse; Improper payments in Medicaid and Medicare; Medicaid program; Medicare program; Health information technology and cybersecurity; and Health insurance premium tax credit payment integrity. The ongoing COVID-19 pandemic underscores the need for sustained attention on improving HHS's operations. Implementing our priority recommendations could help improve the efficiency and effectiveness of key federal health care programs and funding, including those relevant to the nation's ongoing response to COVID-19. Why GAO Did This Study Priority open recommendations are the GAO recommendations that warrant priority attention from heads of key departments or agencies because their implementation could save large amounts of money; improve congressional and/or executive branch decision-making on major issues; eliminate mismanagement, fraud, and abuse; or ensure that programs comply with laws and funds are legally spent, among other benefits. Since 2015, GAO has sent letters to selected agencies to highlight the importance of implementing such recommendations. For more information, contact A. Nicole Clowers at (202) 512-7114 or ClowersA@gao.gov.
    [Read More…]
  • Secretary Blinken’s Call with Armenian Acting Prime Minister Pashinyan
    In Crime Control and Security News
    Office of the [Read More…]
  • Department Press Briefing – March 5, 2021
    In Crime Control and Security News
    Ned Price, Department [Read More…]
  • The Stability and Security of the Western Balkans
    In Crime Control and Security News
    Antony J. Blinken, [Read More…]
  • Secretary Blinken’s Call with Swiss President Parmelin
    In Crime Control and Security News
    Office of the [Read More…]
  • Antitrust Division Economics Director of Enforcement Jeffrey Wilder at the IAM and GCR Connect SEP Summit
    In Crime News
    Thank you for inviting me to speak today, and my thanks to IAM and Global Competition Review for hosting this Summit on Standards Essential Patents. I want to take this opportunity to share my perspective on the role of antitrust in the development, implementation, and licensing of standards and standards-essential patents (SEPs).
    [Read More…]
  • Defense Contractors: Information on Violations of Safety, Health, and Fair Labor Standards
    In U.S GAO News
    GAO's analysis of federal data found that about 1 percent of companies with Department of Defense (DOD) contracts were cited for willful or repeated safety, health, or fair labor violations in fiscal years 2015 through 2019. However, these data do not indicate whether the violations occurred while performing work related to a defense contract. Companies with DOD Contracts Cited for Willful or Repeated Violations under the Fair Labor Standards Act of 1938 or the Occupational Safety and Health Act of 1970, Fiscal Years 2015 through 2019 Because of limitations in available data, GAO could not determine the total incidence of willful or repeated violations of safety, health, or fair labor standards among all companies with a defense contract in this 5-year time frame. Specifically, about 43 percent of the Department of Labor's (Labor) safety and health violation data did not include key company identification numbers. These numbers are necessary to match federal contracting data to violation data. GAO recommended in February 2019 that Labor explore ways to address this issue. While Labor neither agreed nor disagreed with the recommendation, it issued a memorandum in May 2019 directing its Occupational Safety and Health Administration staff to make every reasonable effort to collect this information during inspections and enter it into its database. About 1 percent of Labor's data on fair labor violations were missing these key company identification numbers. The nature of the willful or repeated violations for companies with DOD contracts during fiscal years 2015 through 2019 varied. According to GAO's analysis of Labor data, the most frequently found willful or repeated safety and health violations related to toxic substances and machinery. For that same time frame, the most frequently found willful or repeated fair labor violations related to failure to pay overtime. The National Defense Authorization Act for Fiscal Year 2020 included a provision for GAO to report on the number of DOD contractors that Labor found to have committed willful or repeated violations under the Occupational Safety and Health Act of 1970 (OSH Act) or the Fair Labor Standards Act of 1938 (FLSA) for fiscal years 2015 through 2019. This report examines the number of DOD contractors that were cited for willful or repeated safety, health, or fair labor standards violations under the OSH Act or FLSA, and the nature of those violations for fiscal years 2015 through 2019. GAO analyzed federal contracting data to identify companies that had defense contracts in fiscal years 2015 through 2019, and matched them to Labor data on companies cited for willful or repeated safety, health, or fair labor standards violations. In addition, GAO used the Labor data to identify information on the nature of the violations. GAO also reviewed relevant federal laws and regulations, and agency documents. For more information, contact William T. Woods at (202) 512-4841 or woodsw@gao.gov, or Thomas Costa at (202) 512-7215 or costat@gao.gov.
    [Read More…]
  • Assistant Secretary Donfried’s Trip to Sweden, Estonia, Norway, and Rome 
    In Crime Control and Security News
    Office of the [Read More…]
  • Two Kentucky Real Estate Professionals Indicted for Rigging Farmland Auction
    In Crime News
    A federal grand jury in the Western District of Kentucky returned an indictment charging two Kentucky real estate professionals with conspiring to rig bids at an estate auction for farmland and timber rights.
    [Read More…]
  • GAO Comments on AICPA Proposed SAS – Inquiries of the Predecessor Auditor Regarding Fraud and Noncompliance With Laws and Regulations
    In U.S GAO News
    This letter provides GAO's response to the American Institute of Certified Public Accountants' (AICPA) Auditing Standards Board's (ASB) exposure draft, Proposed Statement on Auditing Standards – Inquiries of the Predecessor Auditor Regarding Fraud and Noncompliance With Laws and Regulations. GAO provides standards for performing high-quality audits of governmental organizations, programs, activities, and functions and of government assistance received by contractors, nonprofit organizations, and other nongovernmental organizations with competence, integrity, objectivity, and independence. These standards, often referred to as generally accepted government auditing standards (GAGAS), are to be followed when required by law, regulation, agreement, contract, or policy. For financial audits, GAGAS incorporates by reference the AICPA's Statements on Auditing Standards (SAS).
    [Read More…]
  • Justice Department Settles Claim Against Akal Security To Enforce Servicemember’s USERRA Rights
    In Crime News
    The Justice Department announced today that it finalized the settlement of a claim against Akal Security to protect rights guaranteed to a military reservist, Chief Petty Officer Robert M. Diaz (Ret.), by the Uniformed Services Employment and Reemployment Rights Act of 1994 (USERRA).
    [Read More…]
  • Secretary Antony J. Blinken and International Organization for Migration Director General Antonio Vitorino Before Their Meeting
    In Crime Control and Security News
    Antony J. Blinken, [Read More…]
  • Transportation Security Administration: Clear Policies and Oversight Needed for Designation of Sensitive Security Information
    In U.S GAO News
    Concerns have arisen about whether the Transportation Security Administration (TSA) is applying the Sensitive Security Information (SSI) designation consistently and appropriately. SSI is one category of "sensitive but unclassified" information--information generally restricted from public disclosure but that is not classified. GAO determined (1) TSA's SSI designation and removal procedures, (2) TSA's internal control procedures in place to ensure that it consistently complies with laws and regulations governing the SSI process and oversight thereof, and (3) TSA's training to its staff that designate SSI.TSA does not have guidance and procedures, beyond its SSI regulations, providing criteria for determining what constitutes SSI or who can make the designation. Such guidance is required under GAO's standards for internal controls. In addition, TSA has no policies on accounting for or tracking documents designated as SSI. As a result, TSA was unable to determine either the number of TSA employees actually designating information as SSI or the number of documents designated SSI. Further, apart from Freedom of Information Act (FOIA) requests or other requests for disclosure outside of TSA, there are no written policies and procedures or systematic reviews for determining if and when an SSI designation should be removed. TSA also lacks adequate internal controls to provide reasonable assurance that its SSI designation process is being consistently applied across TSA. Specifically, TSA has not established and documented policies and internal control procedures for monitoring compliance with the regulations, policies, and procedures governing its SSI designation process, including ongoing monitoring of the process. TSA officials told us that its new SSI Program Office will ultimately be responsible for ensuring that staff are consistently applying SSI designations. This office, which was established in February 2005, will also develop and implement all TSA policy concerning SSI handling, training, and protection. More detailed information on how this office's activities will be operationalized was not yet available. Specifically, TSA officials provided no written policies formalizing the office's role, responsibilities, and authority. TSA has not developed policies and procedures for providing specialized training for all of its employees making SSI designations on how information is identified and evaluated for protected status. Development of such training for SSI designations is needed to help ensure consistent implementation of the designation authority across TSA. While TSA has provided a training briefing on SSI regulations to certain staff, such as the FOIA staff, it does not have specialized training in place to instruct employees on how to consistently designate information as SSI. In addition, TSA has no written policies identifying who is responsible for ensuring that employees comply with SSI training requirements.
    [Read More…]
  • U.S. Department of State to Honor Foreign Service Officer (ret.) William S. Rowland as Hero of U.S. Diplomacy
    In Crime Control and Security News
    Office of the [Read More…]
  • Deputy Secretary Sherman’s Trip to Switzerland, Uzbekistan, India, and Pakistan 
    In Crime Control and Security News
    Office of the [Read More…]
  • Secretary Antony J. Blinken Opening Remarks at a Local Labor Roundtable
    In Crime Control and Security News
    Antony J. Blinken, [Read More…]
  • Armed drug traffickers head to prison
    In Justice News
    Two men will now serve [Read More…]
  • Monaco National Day
    In Crime Control and Security News
    Antony J. Blinken, [Read More…]
  • Secretary Blinken’s Meeting with Israeli Foreign Minister and Alternate Prime Minister Lapid
    In Crime Control and Security News
    Office of the [Read More…]

Crime

Network News © 2005 Area.Control.Network™ All rights reserved.