- The State Department is not sharing its plans for a new $20 million cybersecurity bureau intended to coordinate between different agencies, federal auditors told Congress in a new report.
- The auditors are pressing the State Department to stop hiding its plans and bring other agencies in now, during the creation stage.
- The auditors say the bureau is supposed to oversee and coordinate cybersecurity issues in big international deals and issues such as TikTok and 5G.
- The State Department says it’s not sharing its plans because other agencies didn’t share their plans with State for their other projects.
- Visit Business Insider’s homepage for more stories.
The Trump Administration’s State Department has refused to share its plans for a new $20 million cybersecurity bureau to coordinate US efforts on cybersecurity because other agencies haven’t shared with it, according to federal auditors.
The bureau will play a key role in how the government responds to international cybersecurity issues such as 5G connectivity, China’s giant telecom company Huawei, and Oracle’s TikTok acquisition, the General Accounting Office auditors say.
Ironically, one goal of the bureau was to “improve coordination with other agencies,” the State Department said in requesting funding. But the audit found the State Department was not sharing its plans for the new bureau with the Departments of Commerce, Defense, Energy, Homeland Security, Justice, and the Treasury.
“They hadn’t even notified these other organizations,” Brian Mazanec told Business Insider. Mazanec is director of International Affairs and Trade at the General Accounting Office.
The GAO is not ok with that and is pressing for Secretary of State Mike Pompeo to get involved and ensure that all the relevant agencies are included in the planning of this new office.
But State refused, saying the other agencies didn’t share their plans with them. “The Department is not aware that any of these executive branch organizations consulted with the Department of State” on similar projects, the State Department said in a response to the audit.
That kind of response was an eye-opener for the auditors.
“We were, quite frankly, a little surprised,” Mazanec of the GAO told Business Insider in an interview. State’s reason for not sharing plans also struck the GAO as odd. “We didn’t find that particularly compelling.”
Big international tech deals are among the issues that are intended to be addressed by the new 80-person bureau, the GAO says.
“TikTok is the kind of issue this bureau would be involved in,” Mazanec said. “No question 5G is another key example. Clearly the whole of government – everybody – has a role in the equation of sweeping new global technologies.”
Big tech deals overlap the responsibilities of the other agencies, the GAO says, citing Commerce, Homeland Security, and Justice, and that is what this agency is supposed to help address.
Not so, says the State Department in a rebuttal to the report. State now believes that having this new office coordinate with other agencies is “redundant to what the Department already does.”
But the auditors are not giving up. “GAO stands by the recommendation,” the auditors wrote in the report, which was presented to the House Committee on Foreign Affairs this week.
Congress asked for the audit after the State Department shifted the focus of the bureau from the plan in the 2019 legislation that created the new Bureau of Cyberspace Security and Emerging Technologies (CSET). After the State Department cut human rights and other aspects of the bureau, Congress asked for an audit. A State Department spokesperson said the agency has always worked closely with other government agencies on cyber policy issues, and believes that cooperation will improve with the new bureau.
A federal cybersecurity expert said cooperation between agencies is crucial. “Federal agencies must work as closely together as possible to assess cybersecurity risks, to create and produce guidance for our businesses and consumers to follow, and to protect the government itself from continually emerging security risks,” said Ben Johnson, a former engineer at the National Security Administration, technical adviser to the Department of Justice and CTO of cloud security firm, Obsidian Security.
“If we have elements going rogue it’s only going to get harder to make thoughtful, strategic decisions. Anything other than strong collaboration will hurt our ability to defend ourselves,” Johnson said.