Cyber experts, Democrats urge Trump administration not to break up cyber coordination in State reorg

Cyber experts are urging Congress to ensure that a planned reorganization of the State Department continues to integrate cyber diplomacy at the highest levels of decision-making, while providing the resources, staffing and structure necessary to project American digital security policy abroad with both allies and adversaries.

Secretary of State Marco Rubio’s reorganization plan would split up the Bureau of Cyberspace and Digital Policy, with its economic team and portfolio reporting to the undersecretary of economic growth, energy and environment, while its cybersecurity mission and personnel would go to a newly created Bureau of Emerging Threats and report to the undersecretary for arms control and international security.

But in a House Foreign Affairs Europe subcommittee hearing Tuesday, Democrats blasted the planned split while experts urged lawmakers and the Trump administration to avoid the urge to fix what isn’t broken in the department’s cyber mission.

Annie Fixler, director of the Center on Cyber and Technology Innovation at the Washington D.C.-based Foundation for Defense of Democracies think tank, told the committee that the State Department’s planned reorganization “appears to put its cybersecurity efforts at risk and contradict congressional guidance to integrate cybersecurity and digital economy efforts.”

She also said that if the Trump administration is seeking to go on offense in cyberspace against its adversaries while improving its defense, the Cyberspace and Digital Policy bureau can play a “pivotal role” in both areas.

Through its cyber assistance fund, the CDP can send targeted investments, federal expertise and coordinate private-sector resources to allied countries experiencing cyber attacks on their governments or supply chains.

The bureau’s work also supplements the capabilities of allied law enforcement around cybercriminal investigations, and builds trust between the U.S. and other nations, allowing for speedy attribution of cyberattacks to a foreign adversary or the imposition of cyber-related sanctions.

Rep. Bill Keating, D-Mass., lamented that the reorganization was developed “without any meaningful consultation with Congress” while accusing the Republican majority of being a “rubber stamp” for the administration.

“It’s unfortunately clear that neither this majority nor the Trump administration has any interest or intent to engage constructively on a reauthorization of the State Department,” Keating said in his opening statement.

The CDP was launched under the Biden administration in 2022, after years of back and forth with Congress over the need for a dedicated office to integrate cybersecurity considerations into broader U.S. diplomatic policy.

Democrats pointed out that CDP was created precisely so that cybersecurity wouldn’t be firewalled off from other State Department issues. It’s also the reason the bureau’s leader, a Senate-confirmed position, reports directly to the deputy director of State.

Rep. Gabe Amo, D-R.I., said the Trump administration’s plan “undermines the core reason CDP was created,” which was to streamline cyber policy at the department.

“It is not efficient to create overlapping and redundant mandates,” Amo said. “It is not efficient to jeopardize how CDP coordinates cyber policy with the Department of Defense, Homeland Security and the intelligence community.” 

According to Latesha Love-Grayer, the Government Accountability Office’s director for international affairs and trade, a review of the CDP found that the bureau needed more staff and resources to meet its mission.

CDP’s work supports other national security initiatives in cyberspace. Love-Grayer said that when the Department of Defense sends hunt forward teams overseas to work on allied cybersecurity vulnerabilities, CDP is usually tasked with coming in afterwards to help those same countries build up the technical assistance and capacity to address the vulnerabilities.

The bureau also works “very closely” with the Cybersecurity and Infrastructure Security Agency and the Office of the National Cyber Director to ensure domestic and foreign facing policies are aligned.

Love-Grayer lent support to the notion that having the CDP’s leader report directly to the deputy secretary was valuable, because those conversations “sat above all the other bureaus” in the State Department’s decision-making process, and meant that “there was a higher level of gravitas given to CDP” initiatives.  

But subcommittee Chair Keith Self, R-Texas, suggested that proponents of the CDP explore ways to work around the administration’s plans to achieve that same level of coordination.

At one point, he interjected to note to a witness that while CDP is now “directly underneath the deputy secretary, it’s probably not going to stay under the deputy secretary” in the future.

Hovering over the discussion was the reality of a State Department that has faced significant cuts and personnel losses over the past four months at the direction of the Trump administration.Those cuts and any future ones caused by the reorganization could further affect the State Department’s ability to recruit and retain top talent. Love-Grayer said her agency’s review of CDP operations found that many of the jobs required “a specific type” of employee.

“They needed someone who had not just technical capability but also diplomacy skills,” she said. “As we spoke with the former ambassador of CDP, he noted it’s very hard to compete with the private sector for individuals who can harness both those skillsets.”