BELTSVILLE, Md. — The lead for the State Department’s office tasked with ensuring cyber security for its employees abroad says his team won’t be affected by a shuffling of cyber priorities in a proposed department reorganization, but must remain focused on pushing for continued cloud migration.

Lonnie Price, assistant director for Cyber and Technology Security within the department’s Diplomatic Security Service (DSS), oversees the Foreign Affairs Cybersecurity Center (FACC), which processed 7.5 billion cyber incidents and defended against 17,000 threats to the department’s network in fiscal year 2017.

State Department's Foreign Affairs Cybersecurity Center in Beltsville, Md. Photo: State Department.
State Department’s Foreign Affairs Cybersecurity Center in Beltsville, Md. Photo: State Department.

Secretary Rex Tillerson’s planned reorganization would include shuttering the department’s cyber diplomacy office and moving its responsibilities to the economics bureau (Defense Daily, August 29), a move that would only affect external cyber priorities, according to Price.

“We are operational. We are cyber security expertise applied to the defending of the Department of State, our systems, our activities worldwide, to include obviously embassies overseas, and all domestic facilities,” Price said Oct. 30 while addressing reporters during a visit at his team’s Beltsville, Md., facility.

While the role of the State Department in pushing cyber diplomacy abroad may see a change, Price believes his office’s internal role of leading cyber security operational efforts will remain intact.

The main challenge moving forward for State’s DSS and FACC is a continued push for cloud migration and phasing out legacy systems to better protect the department’s network.

“Legacy systems are so expensive, and so unsatisfying to the user base. We have to get going, particularly migrating our systems and data to the cloud, and also more available WiFi are two such examples,” said Price.

Cloud migration is at the top of the list for the FACC facility in Beltsville, which provides continuous monitoring of the department network in search of anomalous activity.

“I’m a big fan of exploiting the uses of technology. Just the ability to always have applications to the latest version, to always have the systems and infrastructure with the latest security patches and the cloud, to have someone else manage your data is of tremendous advantage, to be able to scale up and down extremely quickly, based on your operational needs and your research and development efforts,” said Price.

There are still architectural issues with potential cloud providers working the department, according to Price. Before a full data migration takes place, DSS  has to iron out cost details and bandwidth levels to ensure that embassies can maximize cloud capabilities without potential WiFi issues.

Price’s office is also concerned with cloud providers’ level of data privacy, and believes a full vetting process is needed to ensure that data for employees all over the world will be fully protected.

“To see this data put into the hands of someone else, a cloud service provider, we want to make sure that they are completely vetted and can handle all of the things, all of the protective care that we provide our data on premises, we need to make sure that reciprocal protection will be available.”

With cyber threats to the network increasing in complexity, Price views his office as ever more essential to removing the burden of digital protection for the State Department’s ambassadors and representatives abroad.

“We cannot afford expertise assigned overseas to manage these sophisticated technologies. So we in the Department need to start looking at ways of essentially managing those systems from back here,” said Price.