State Department faces mounting cyber threats

A new directorate in the State Department’s law enforcement branch is working to combat cyber threats to the nation’s diplomats, in what officials describe as an increasingly perilous and dynamic threat landscape of criminal and state-sponsored hackers.

The Cyber and Technology Security (CTS) directorate was quietly launched in late May, just as Secretary of State Rex Tillerson came under scrutiny for a nascent plan to shutter a separate office charged with engaging other nations on cybersecurity policy.

The directorate carries out traditional cybersecurity functions, such as cyber incident response and penetration testing of networks to guard department systems, personnel, and information from ransomware, cyber crime and other hacking threats. 

{mosads}Lonnie Price, who is leading the new directorate, describes the cyber threat as growing at “a worrisome rate.”

“Not only the usual suspects that you read about so much that are after us — they are undaunted in their determination to compromise our systems and get our data — but you have a lot of other threats that are emerging,” Price, the assistant director, told The Hill. 

The directorate, housed within State’s Bureau of Diplomatic Security, also contributes to cyber investigations that cross national borders and focus on leveraging emerging technologies at the department and embassies abroad. 

Plans to establish the new directorate preceded the Trump administration, beginning back in early 2016 as officials sought to better align and execute the bureau’s internal cybersecurity and information technology mission.

Before it was launched, many of the directorate’s functions were scattered across various offices within the security bureau. Price said the new structure helps the bureau more quickly counter “fast developing threats.” 

The creation of the directorate is a sign of an increasing focus on cybersecurity within the federal government that comes after high-profile cyber incidents, including the 2015 Office of Personnel Management (OPM) breach that compromised sensitive information on more than 20 million federal workers.

The State Department has weathered its own scrutiny for a 2014 breach of its unclassified email system that was reportedly carried out by Russian hackers. The incident caused the department to partially shut down the system in order to make security upgrades.

“What we’re seeing … is there are heavy hitters going after our employees’ accounts,” Price, who has served in various security and tech roles in his 30 years at State, said. “They’re looking for information, they’re looking for contacts.”

The directorate is only part of State’s broader cyber mission and is distinct from the now-defunct Office of Cybersecurity Coordinator, which was responsible for global diplomatic engagement on cyber issues. 

Tillerson informed Congress in late August that the office would be closed and its responsibilities shuffled under a bureau focused on economic and business affairs as part of a broader reorganization of the department. Officials have explained the decision as an effort to integrate the department’s cyber and digital economy policymaking efforts.

Some lawmakers and former officials took the decision as a sign that the new leadership was putting less of a priority on cybersecurity. Bipartisan legislation has been introduced in the House to save the cyber diplomacy office and elevate the coordinator position to the level of ambassador.

“I’m concerned about plans to downgrade the Office of the Coordinator for Cyber Issues and merge it with an existing office within the Bureau of Economic and Business Affairs at a time when the U.S. is increasingly under attack online,” Rep. Joe Wilson (R-S.C.) said during a September Foreign Relations Committee hearing.

“Shouldn’t the State Department continue to have high level leadership focused on the whole range of cyber issues not relegated to economics?” Wilson asked John Sullivan, Tillerson’s deputy.

Sullivan countered that Tillerson is committed to making cybersecurity a “high level” priority.

“I can commit to you that cybersecurity, our whole cyber effort, will be elevated at the department beyond the level it is now,” Sullivan said.

Tillerson’s first year at the department has been rocky. He has been forced to defend his reorganization effort and steep budget cuts proposed by the new administration in the face of gripes from Congress, as well as facing public clashes with President Trump. 

Meanwhile, State has been hampered by departures amid persistent rumblings of low morale at the department.

Many entities within State, including the cyber and technology security directorate, have been subject to a partial hiring freeze that has remained in place at the department as Tillerson has shepherded the redesign. 

Price, like other State officials, insisted that Tillerson is taking cybersecurity seriously, citing his push to move the department to the cloud, an effort that the new directorate is involved in as part of its focus on emerging technologies. 

“Leadership is definitely hastening us to innovate as quickly as possible,” Price said. “At the same time, they’re saying, ‘we’re not doing it recklessly.’”

“No one wants folks like you … to write about our next incident,” he said.