Amid reports that the State Department might either merge or shut down its office that is focused on international negotiations around cyber security, White House Cybersecurity Coordinator Rob Joyce on Wednesday said he is “confident” that Secretary of State Rex Tillerson won’t degrade his department’s capabilities in this area.
Joyce told reporters that as he understands it, “no final decisions about restructuring” the cyber security office at the State Department have been made. Joyce spoke to reporters after giving a speech at a USTelecom association conference on the status of implementing President Donald Trump’s May 11 executive order on cyber security.
Media reports earlier this week said that Tillerson plans to close the six-year old Office of the Coordinator for Cyber Issues and merge it into the Bureau of Economic and Business Affairs, sparking concerns from some experts that the move means the U.S. will damage its role in international leadership on cyber issues, such as norms of behavior and
“I am certainly counting on the State department to carry a lot of the mission forward in doing those norms, in doing those international agreements,” Joyce told reporters. “They have a heavy lift in the president’s executive order and they understand how important cyber security is; the president has focused it with the executive order. I am confident that Secretary Tillerson is not going to impair cyber security.”
Christopher Painter, who leads the State Department’s cyber coordination office, reportedly is stepping down at the end of July. Joyce said that even with Painter leaving, the State Department still has the lead “for our international negotiations, our international partnerships, and they’ll carry the water there.”
Joyce said that in the past few years the U.S. has made progress in “building consensus” on normal behavior in cyberspace by nations, that the rule of law applies in the cyber arena as it does in the physical world. With those norms in place, now “we need to hold those nations accountable when they violate that consensus,” he said
Trump’s cyber directive includes a section on national cyber security, and tasks the Departments of State, Treasury, Defense, Commerce, Justice and Homeland Security, along with the U.S. Trade Representative, all coordinating with the Director of National Intelligence, to produce a report to the White House on “strategic options for deterring adversaries and better protecting the American people from cyber threats.”
That report is due in 19 days.
Joyce said in his speech the U.S. is behind a free and open Internet, but that not all countries feel the same. “We need to ensure that it continues to reflect our values,” which is a “core tenet” for the U.S. on responsible state behavior, he said.
Joyce said that adversaries need to have doubt that they can succeed in their cyber attacks and hacks against the U.S. and that even if they succeed that they can do so without consequences. He said deterrence works by increasing the costs to attackers.
“As I look to it, cyber offense is too easy today,” he said. “It’s too inexpensive for those who would push those activities,” adding that a “key cornerstone to deterrence” is “defense and our resilience.”
The cyber executive order also tasks a number of federal departments and agencies to report on their international cyber security priorities. Those reports were due on June 25. The State Department has 90 days from when those reports were due to create an “engagement strategy for international cooperation in cybersecurity,” the directive says.