A New State Department Bureau Urges U.S. Leadership on Cyber Diplomacy. American Adults — and Some Major Allies — Support That Leadership Bid

American diplomacy entered a new era this month when the State Department officially began operations at its Bureau of Cyberspace and Digital Policy.

The bureau, which will be led by a Senate-confirmed ambassador-at-large, contains policy units dedicated to cyberspace security, information and communications policy and digital freedom, and comes amid fears that Russia will turn to cyberwarfare against nations it sees as enemies in its war in Ukraine.

“To succeed in this digital future we need America’s diplomats leading the way,” Secretary of State Antony Blinken said in an email to State Department staff provided to Morning Consult.

Two in 3 U.S. adults said they supported the country’s effort to take the lead on ensuring the internet is open and secure, according to a new Morning Consult survey of the United States and seven other countries.

Such a proposal also received support from at least half of South Koreans, Canadians and adults in Brazil, the last of which saw the São Paulo-headquartered meat processing company JBS SA suffer a cyberattack last year.

There is even stronger support among adults in most of the countries surveyed for a global agency that would help keep the internet safe and secure and develop norms for its use, the survey found.

And that support held relatively steady when respondents were asked if a global agency to ensure an open and secure internet is needed. About half of Americans said a global agency is necessary.

Samir Jain, director of policy at the Center for Democracy and Technology, said it will be important for policymakers to articulate what their values are for an open, secure internet as the concept of cyber diplomacy evolves. But he acknowledged there are many questions ahead.

“What is our vision for? What does an open, interoperable and free internet look like?” he said. “How do we deal with digital censorship? What are our strategies for addressing disinformation and misinformation on the internet? How do we deal with election disinformation? What are the rules around surveillance technologies, and how to prevent surveillance for higher kinds of industry from exporting invasive software tools?”

In the survey, at least 7 in 10 Americans put the onus on technology and social media companies, each country’s government and the U.S. and its allies for a secure global internet.

Cybersecurity is the ‘wild, wild West,’ and the public sees the need for a sheriff

While those in international relations said the concept of cyber diplomacy is not new, the State Department’s codification of it represents a major investment at a crucial time.

In the email to State Department staff, Blinken said world events show “how vital cybersecurity and digital policy are to America’s national security,” and that the United States is in a “contest over the rules, infrastructure and standards that will define our digital future.”

The United Nations has already been at the forefront of global efforts to promote cyber diplomacy, and in July last year released recommendations on how governments can keep their cyberspace secure in the face of conflict. Blinken noted in the email to staff that the new bureau builds on work already done by the State Department’s International Communications and Information Policy division and the Office of the Coordinator for Cyber Issues.

James Turgal, a former executive assistant director for the Federal Bureau of Investigation’s Information and Technology Branch who now leads Optiv Inc.’s risk and strategy team, said global rules are necessary since none presently exist.

“Cyber is like the wild, wild West,” he said. “There are no rules yet, there are no rules of engagement. There are certainly countries that we look at as the players out there; you have nation states, organized crime groups, everything from the most highly technical, well-funded nation state to the 14-year-old sitting in grandma's basement hacking.”

Respondents across the surveyed countries were also at least somewhat supportive of a law that would set up rules and norms for ensuring the internet is open and secure. Americans were among those in favor, with Brazilians being the most likely to strongly support it.

Half of Americans also believe that the country’s leadership on securing the internet and cyberspace would instill the right values, although other countries are not so sure. Germans were the most reluctant, as 38% believed a U.S.-led effort would instill the wrong values.

U.S. lawmakers have been supportive of increased State Department involvement in cyber diplomacy. A bipartisan group of House Foreign Affairs Committee members reintroduced the Cyber Diplomacy Act in February 2021 and saw that legislation pass the chamber months later. That legislation would mandate that the State Department open the Office of International Cyberspace Policy and have the U.S. take a leadership role on a secure, open internet.

In a speech at February’s State of the Net conference in Washington, D.C., Rep. Michael McCaul (R-Texas), the Foreign Affairs Committee’s ranking member, said addressing cyber diplomacy is necessary to help respond to increasingly aggressive attacks.

In an email, McCaul said he was “encouraged” to see the State Department open its CDP bureau, as much of its mission is in line with his bill. But he said it is “still imperative” for the Senate to pass the Cyber Diplomacy Act “so that this important bureau can be cemented at State and properly authorized.” At State of the Net, McCaul appeared unconvinced on the bill’s prospects in that chamber.

Diplomacy evolves to meet new threats

Russia’s invasion of Ukraine has given the effort renewed urgency, McCaul said, noting there are no rules of engagement on cyber warfare as there are with regular warfare, where NATO allies engage in collective defense under Article 5. Ukraine said it has foiled Russian cyberattacks on its power grid, while hackers have also targeted the country’s telecommunications and defense sectors as well as military personnel’s social media presence.

Other observers noted that international relations have changed very little since the Cold War, and so should evolve to meet new threats.

“We have this post-1945 structure of international relations,” said James Lewis, senior vice president and director of the Center for Strategic and International Studies’ Strategic Technologies Program. “Part of the reason it's under challenge is people feel free to ignore the rules when they want to, particularly China and Russia. So the big issue in cyber diplomacy, and Ukraine highlights it, is how do you create accountability for responsible state behavior?”

While democratic countries may share similar values with the United States, others do not and so may be less inclined to sign up to any global agreements on how to behave in cyberspace. Jain said despite this reluctance, it is important to keep engaging with them on rules of the road as maybe some agreements can be reached.

“Democracies obviously share some fundamental principles that can lead them to some greater agreement,” Jain said. “But that isn't to say that we shouldn't be pushing China and other countries of the world on at least some basic norms, like not attacking civilian cyber infrastructure.”