State Department faces mounting cyber threats

State Department faces mounting cyber threats
© Getty Images

A new directorate in the State Department’s law enforcement branch is working to combat cyber threats to the nation’s diplomats, in what officials describe as an increasingly perilous and dynamic threat landscape of criminal and state-sponsored hackers.

The Cyber and Technology Security (CTS) directorate was quietly launched in late May, just as Secretary of State Rex TillersonRex Wayne TillersonDems want GOP chairman to subpoena State Department over cyber docs Overnight Energy: Trump elephant trophy tweets blindsided staff | Execs of chemical plant that exploded during hurricane indicted | Interior to reverse pesticide ban at wildlife refuges Administration should use its leverage to get Egypt to improve its human rights record MORE came under scrutiny for a nascent plan to shutter a separate office charged with engaging other nations on cybersecurity policy.

The directorate carries out traditional cybersecurity functions, such as cyber incident response and penetration testing of networks to guard department systems, personnel, and information from ransomware, cyber crime and other hacking threats. 

ADVERTISEMENT
Lonnie Price, who is leading the new directorate, describes the cyber threat as growing at “a worrisome rate.”

“Not only the usual suspects that you read about so much that are after us — they are undaunted in their determination to compromise our systems and get our data — but you have a lot of other threats that are emerging,” Price, the assistant director, told The Hill. 

The directorate, housed within State’s Bureau of Diplomatic Security, also contributes to cyber investigations that cross national borders and focus on leveraging emerging technologies at the department and embassies abroad. 

Plans to establish the new directorate preceded the Trump administration, beginning back in early 2016 as officials sought to better align and execute the bureau’s internal cybersecurity and information technology mission.

Before it was launched, many of the directorate’s functions were scattered across various offices within the security bureau. Price said the new structure helps the bureau more quickly counter “fast developing threats.” 

The creation of the directorate is a sign of an increasing focus on cybersecurity within the federal government that comes after high-profile cyber incidents, including the 2015 Office of Personnel Management (OPM) breach that compromised sensitive information on more than 20 million federal workers.

The State Department has weathered its own scrutiny for a 2014 breach of its unclassified email system that was reportedly carried out by Russian hackers. The incident caused the department to partially shut down the system in order to make security upgrades.

“What we’re seeing … is there are heavy hitters going after our employees' accounts,” Price, who has served in various security and tech roles in his 30 years at State, said. “They’re looking for information, they’re looking for contacts.”

The directorate is only part of State’s broader cyber mission and is distinct from the now-defunct Office of Cybersecurity Coordinator, which was responsible for global diplomatic engagement on cyber issues. 

Tillerson informed Congress in late August that the office would be closed and its responsibilities shuffled under a bureau focused on economic and business affairs as part of a broader reorganization of the department. Officials have explained the decision as an effort to integrate the department’s cyber and digital economy policymaking efforts.

Some lawmakers and former officials took the decision as a sign that the new leadership was putting less of a priority on cybersecurity. Bipartisan legislation has been introduced in the House to save the cyber diplomacy office and elevate the coordinator position to the level of ambassador.

“I'm concerned about plans to downgrade the Office of the Coordinator for Cyber Issues and merge it with an existing office within the Bureau of Economic and Business Affairs at a time when the U.S. is increasingly under attack online,” Rep. Joe WilsonAddison (Joe) Graves WilsonSacha Baron Cohen mulls arming toddlers with guns in inaugural episode Why civility in politics won't be getting any better Overnight Defense: VA pick breezes through confirmation hearing | House votes to move on defense bill negotiations | Senate bill would set 'stringent' oversight on North Korea talks MORE (R-S.C.) said during a September Foreign Relations Committee hearing.

“Shouldn't the State Department continue to have high level leadership focused on the whole range of cyber issues not relegated to economics?” Wilson asked John Sullivan, Tillerson’s deputy.

Sullivan countered that Tillerson is committed to making cybersecurity a “high level” priority.

“I can commit to you that cybersecurity, our whole cyber effort, will be elevated at the department beyond the level it is now,” Sullivan said.

Tillerson’s first year at the department has been rocky. He has been forced to defend his reorganization effort and steep budget cuts proposed by the new administration in the face of gripes from Congress, as well as facing public clashes with President TrumpDonald John TrumpNFL players stand in tunnel during anthem, extending protests 12 former top intel officials blast Trump's move to revoke Brennan's security clearance NYT: Omarosa believed to have as many as 200 tapes MORE

Meanwhile, State has been hampered by departures amid persistent rumblings of low morale at the department.

Many entities within State, including the cyber and technology security directorate, have been subject to a partial hiring freeze that has remained in place at the department as Tillerson has shepherded the redesign. 

Price, like other State officials, insisted that Tillerson is taking cybersecurity seriously, citing his push to move the department to the cloud, an effort that the new directorate is involved in as part of its focus on emerging technologies. 

“Leadership is definitely hastening us to innovate as quickly as possible,” Price said. “At the same time, they’re saying, 'we’re not doing it recklessly.'”

“No one wants folks like you ... to write about our next incident," he said.