The State Department on Thursday published two unclassified cyber reports that give President Trump recommendations on how the administration could improve its international engagement strategy as well as how to better deter cyber threats.

The unclassified versions of the two reports were mandated under President Trump’s cybersecurity executive order issued last May, which directed key departments and agencies to provide reports detailing how to improve cybersecurity throughout the federal government.

“These documents and their recommendations emphasize the importance of the Department’s and the U.S. government’s ongoing work to engage foreign partners to address a range of threats in cyberspace, thereby improving the cybersecurity of the nation,” Secretary of State Mike Pompeo said in a statement.

“They further acknowledge the necessity of enhancing U.S. government coordination on all fronts to maximize the effectiveness of international outreach on cyber policy. The Department of State is committed to fulfilling its leadership role in this process.”

The State Department’s engagement strategy lays out five international cyber objectives and corresponding actions for the administration to take to “achieve its vision” of a stable digital world. Many of the priorities hinged on the fact that there is no global agreement or framework laying out the rules of cyberspace. {mosads}

One objective recommended establishing a set of norms for digital behavior, or “what constitutes acceptable and unacceptable state behavior in cyberspace from all states and how international law applies to cyberspace.”

The report notes that there should also be a new cooperation framework developed so that countries can work together against malicious actors and mutual cyber threats.

Other diplomatic priorities include ensuring that the Internet remains open and “interoperable” so that “human rights are protected and freely exercised and where cross-border data flows are preserved.” 

The second report gives Trump recommendations of how to combat cyber threats, noting that “promoting a framework for responsible state behavior in cyberspace” is important, but it won’t be enough.

The report suggests that there should be a U.S. policy that lays out how the administration will respond to a cyberattack, which would include a prepared “menu of options” for how the country can retaliate.

“[T]he United States should, working with likeminded partners when possible, adopt an approach of imposing swift, costly, and transparent consequences on foreign governments responsible for significant malicious cyber activities aimed at harming U.S. national interests,” the report reads.

The release of the report comes shortly after the White House Office of Management and Budget released its own report last week that found a majority, roughly three-fourths, of federal agencies are not properly equipped to combat cyber attacks against their networks. These agencies’ cybersecurity programs were listed as either “at risk or high risk.”