Cyber diplomacy in the United States of America



21st Century Statecraft, US Department of State

The “Internet moment” in foreign policy

Rapid increases in the availability and power of information technologies are changing the modes of international relations and the conditions for statecraft in the 21st century. In the next few years, the majority of the world's more than 2 billion Internet users will be in developing countries. All of these nations are opening new markets, making new technology policy, and reacting to disruptive forms of social and political activism that are transnational. This is just the beginning. Demand for more connectivity is booming.

The emergence of new kinds of information systems catalyzes change in national politics and international relations. During the Arab Spring, digital networks distributed revolutionary mass media produced by thousands of individuals in the streets of Tunis, Cairo, and Tripoli. These networks also enabled rapid movement building with extraordinary impact. But these technologies are not ideological, democratic or progressive by nature. They enable the desires of users and amplify existing social and political forces. The dynamism of networked societies delivers both positive and negative outcomes to which we must respond.

These new forms of decentralized power reflect fundamental shifts in the structure of information systems in modern societies. Consider the three primary information networks of international relations – trade, personal communications and mass media. The infrastructure that conveys goods around the globe has shifted over the centuries from ships to rail to highways. Our communications networks have gone from post to telegraph to telephone. And our mass media have moved from print to radio to television. Today, all three of these systems operate largely on the Internet. It is a triple paradigm shift converging on a common infrastructure for the first time in history.


Adaptation and transformation in statecraft

The disruptive social, political and economic changes that information networks have unleashed demand that diplomats ask new kinds of questions and reckon with new kinds of challenges. The 21st century statecraft agenda addresses new forces propelling change in international relations that are pervasive, disruptive and difficult to predict.

The distinctive features of 21st century statecraft point the way toward deeper changes that will gradually permeate all of foreign policy: expanding its scope, substituting new tools, and changing its values. We are adapting our statecraft by reshaping our development and diplomatic agendas to meet old challenges in new ways and by deploying one of America’s great assets – innovation. This is 21st century statecraft – complementing traditional foreign policy tools with newly innovated and adapted instruments of statecraft that fully leverage the technologies of our interconnected world.

21st century statecraft is rooted in American values that embrace open markets, open societies and open governments. Open information networks have altered power dynamics around the world and forced governments to respond. Broadly speaking, we have seen a decentralization of power away from government and large institutions and toward networks of people.

It happens unevenly in different places, but the direction of the trend is unmistakable. Barriers to entry in new markets are far lower. New forms of political speech are creating fissures in traditional societies. And the ubiquity of networks is opening doors for those that were once shut out of economic, social and political power. They are now far more visible to the global community. Millions of citizen journalists are documenting life in their countries for the whole world to see. This makes it much more difficult to maintain a large gap between the aspirations of the governed and the actions of the governing. In the era of digital media, governments can no longer control information systems.

The novel question that diplomats must consider is how governments around the world will respond to these changes? The reaction of the U.S. and many other governments is to align policies and actions with greater openness. In some ways, this is merely accepting the inevitable. These changes are upon us. They cannot be contained. The disruptions we have witnessed bring both new opportunities and new threats. They come wrapped together and we can neither stop nor control them. We can either choose to embrace them and try both to amplify the positive and to mitigate the negative – or we can be buffeted back and forth by changes for which we are not prepared.

These changes are systemic and persistent. To respond adequately, we have built an adaptable agenda of 21st century statecraft that stretches across all of the work that we do. We have made changes in four major arenas:

1. Our methods of diplomacy;

2. Our approach to development programs;

3. Our focus on new policy issues; and

4. Our work inside embassies, bureaus, and offices.


21st century statecraft – Diplomacy

“These technologies are the platform for the communications, collaboration, and commerce of the 21st century. More importantly, they are connecting people to people, to knowledge, and to global networks.”

- U.S. Department of State QDDR, December 2010

The traditional work of diplomacy—interactions between representatives of sovereign states—remains the core of our work. However, diplomatic communications have changed remarkably in recent years because of new communications technology. In addition to state-to-state diplomacy, we have added state-to-people, people-to-state, and people-to-people. It is now possible for large numbers of people to participate in sustained and decentralized communication with governments. This is a form of public diplomacy that is transnational in scope and unconventional in tone and breadth of topic.

It is also an opportunity to increase mutual understanding between communities, between governments and publics. The nature of digital media is a break from traditional forms of print and broadcast communications. These are one-to-many communication technologies. The Internet is a many-to-many information technology. Consequently, the most valuable component of new media for diplomats is not the ability to speak to new audiences, though that is important, it is the ability to listen to new audiences and better understand their views and values.

The public diplomacy work of the State Department has become increasingly active on social media platforms to reach new audiences. Our diplomats in Washington and at embassies and consulates are being trained and encouraged to integrate both local and global social media tools as a means to create international dialogue. In a few short years, we have accomplished a remarkable scale of activity.

We have more than 2.6 million followers on 301 official twitter feeds communicating in 11 languages. We have over 15.5 million fans, friends, and followers on 408 Facebook accounts department wide and we communicate daily with millions on multiple different social media platforms around the world. Including the multiple social media platforms we utilize, we communicate with about 20 million individuals across the globe.

The role of new media in public diplomacy has gone from virtually non-existent to standard practice. Perhaps the most high profile of these engagements was a question/answer session with Egyptian bloggers on the Arabic social media platform masrawi.com in the spring of 2011. During which, more than 6,500 Egyptian youth submitted questions. This is the beginning of a new era in diplomatic engagement that dramatically broadens global participation.


21st century statecraft – Development

Soon the majority of countries in the world will have a majority of their people connected to the Internet. This raises a host of new issues for development policies and programs that seek to leverage the power of information networks to support everything from improving healthcare and education to growing economies and expanding participation in government. Of course, USAID has embraced these new technologies across all of their work and integrated it into their strategic vision under Administrator Raj Shah. The State Department has also begun to adapt its own development portfolio in innovative ways.

An important example of this work is the “Civil Society 2.0” initiative. The vision for this initiative is to build the technical capacity of civil society organizations to accomplish their missions through the use of connection technologies. The Civil Society 2.0 initiative seeks to match these organizations with technology tools and tech-savvy volunteers to help raise digital literacy, strengthen the information and communications networks of NGO's, and amplify the impact of civil society movements. From simple tools, like websites and text messages, to more complex applications like content management systems and social media platforms, technology can be a powerful catalyst for the growth of civil society groups.

To accomplish this mission, we have hosted 17 TechCamps and convened 1,130 organizations from 81 countries around the world. The TechCamps are a two day, hands-on training where we work directly with NGOs to identify technology solutions to their challenges and then build the tools together with them on the spot. Over 1100 civil society organizations have participated and we have seen remarkable results.

- At TechCamp Montevideo, a Guatemalan education civil society organization partnered with a technology expert in mapping and by accessing free and open data was able to build a map that showed the location of education centers across Guatemala. More data was added to build new levels to the picture to show the relationship of location to standard test scores, classroom size and more.

- In Vilnius, one civil society participant representing persons with disabilities from the Ukraine learned through TechCamp that he could create a map to show all the places in his home town that were handicap accessible. Mapping accessible locations will help enable members of his organization to get around more easily and also help him visualize to local government the need to make more buildings handicap accessible for him and members of his organization. He is continuing to work on building the map.

Another example of our innovations in development policy came in Libya. Beginning in the early months of the conflict, State Department experts worked with the rebel government in Benghazi to provide diplomatic and technical assistance to reestablish Internet access in eastern Libya. Subsequently, the new government in Tripoli established a ministry of communications and informatics including many of the technology leaders during the conflict. Our diplomats engaged immediately with the new government to provide support for a new strategy of post-conflict stabilization using information networks.

A leadership team at the ministry formed a plan called “e-Libya” to increase Internet access in the country and leverage this information network as a tool to grow new businesses, deliver government services, improve education, and interconnect Libyan society. Since the Qaddafi regime denied Internet access to more than 90% of Libyans, the potential for positive social, political, and economic change through access to information networks is considerable. The State Department led a delegation of experts to Tripoli to provide concrete expertise in network architecture, law and policy, e-commerce, and e-government for the e-Libya plan. It may become a model for “digital development” through technical knowledge exchange and partnerships across the public and private sectors.


21st century statecraft – Policy

The rapid expansion of Internet access around the world has focused increased attention on issues of international Internet policy. Because the Internet is a common asset – governed at once by every country in part and by no country as a whole – it requires coordinated governance across a variety of institutions, both public and private. A variety of policy issues are essentially phenomenon of the Internet age – including Internet freedom as a 21st century human rights issue, the structure and implementation of Internet governance, open government practices and cyber-security.

But many others are new variants of old disputes that have new digital components. These include policy debates over intellectual property, taxation, data privacy, and consumer protection. As the importance of the Internet as a driver of economic growth and political volatility increases, these policy debates attract more attention on the international stage. The State Department has responded by elevating these issues on our diplomatic agenda, developing greater expertise and capacity among our staff, and engaging assertively in bilateral and multi-lateral channels that address these critical questions.

The cornerstone of the 21st century statecraft policy agenda is Internet freedom. The policy contains three fundamental elements: the human rights of free speech, press, and assembly in cyberspace; open markets for digital goods and services to foster innovation, investment, and economic opportunity; and the freedom to connect—promoting access to connection technologies around the world.

A third of the world’s population, even if they have access, live under governments that block content, censor speech, conduct invasive mass surveillance and curb the potential of the Internet as an engine of free speech and commerce. The policy of the United States is to work to promote open governments, open economies and open societies. The United States is now leading a discussion with other world leaders to develop common strategies to protect and sustain freedom and security in the Internet age.

The State Department has also actively developed a policy framework that includes many other Internet policy issues. We have worked to defend the multi-stakeholder model of Internet governance that is now under threat from national interests despite its success in stewarding the Internet as a technology with undeniable global benefits. We have created increased capacity in cyber-security within the Department and engaged around the world to establish confidence-building measures and develop common norms of understanding. And we have helped to lead an initiative with more than 50 other nations to establish the open government partnership to promote best practices for using technologies to establish greater transparency, accountability, and citizen participation in government around the world.


21st century statecraft – Institutional Change

"We must unlock and encourage innovation and entrepreneurship so that our personnel can find creative ways to continue to develop new partnerships, to advance multilateral and regional initiatives, to create whole-of-government solutions through better engagement and coordination with other U.S. government agencies, and to become more effective operators in the field."

- U.S. Department of State QDDR, December 2010

When the State Department concluded its first ever quadrennial diplomatic and development review, we built a plan for the future based on the efficiency and skill of our “civilian power.” The greatest assets the State Department has are the talent and dedication of its staff.

Our objective, as directed in the QDDR, is to institutionalize 21st century statecraft practices into all relevant elements of the Department’s work. We seek to foster innovation and ingenuity from within through enhanced training, targeted recruitment of new talent, and innovation in knowledge management and workflow using new technologies. We understand that institutional reorientation starts with an investment in our people and their ideas and creativity.

We are looking at ways to change our business practices to attract a broader diversity of innovative talent and to better measure and select the skills we need in the foreign and civil services of tomorrow. Beyond that, we are exploring ways to reward innovation through new management practices and to share best practices developed through experimentation.

For example, we are conducting training at the Foreign Service Institute at all levels, from a-100s to ambassadors. We are teaching our technical staff that their role as technical experts is evolving beyond administering our communications systems. Their skills are now core to our diplomatic work. Broadly, we recognize that conventional practices must adapt faster; new skills must be incorporated more quickly; and new initiatives cultivated and rewarded. The institutionalization of 21st century statecraft involves taking responsible risks and bending the rules of our conventions. It is not an invitation for disorder – but an open door to new ideas for injecting dynamism into our hallways.


Conclusion

The 21st century statecraft agenda was built to address a moment of transition – an era of rapid change at the intersection of technology and foreign policy. It is fundamentally about adaptability not prediction. We believe that in a world of technology that enables pervasive, disruptive social change, the work of diplomats is to increase the speed at which government can respond to that change. We are doing that by leveraging new tools for public diplomacy, experimenting with new approaches to development partnerships, enhancing our focus and expertise on technology policy issues, and improving our internal practices and skill-building to meet these challenges. If the 21st century statecraft agenda is successfully implemented, it will no longer be novel. It will no longer be called 21st century statecraft, because it will simply be statecraft. That is our goal.



From the First Quadrennial Diplomacy and Development Review

Adapting to the Diplomatic Landscape of the 21st Century

The classic diplomacy of grand capitals is the business of managing relationships between states, bilaterally and regionally. Classic diplomacy was born within a rigidly prescribed set of formal relations between countries—a world of international demarches, communiqués, and negotiated agreements of every sort. Indeed, the word “diplomat” comes from diploma, an instrument of formal accreditation issued by a government to envoys officially designated to represent another nation. The world of classic diplomacy still exists and remains central to the success of our foreign policy.

But the diplomatic landscape of the 21st century now extends far beyond classic diplomacy. It features a more varied set of actors: many more states capable of and intent upon pursuing independent diplomatic agendas; a variety of U.S. government agencies operating abroad, and transnational networks of many different kinds—corporations, foundations, non-governmental organizations, religious movements, and citizens themselves.

These actors interact in multiple spaces far beyond foreign ministries: multilateral organizations, interagency processes, board- rooms, chatrooms, townhalls, and remote villages. This landscape features a new range of issues on the diplomatic agenda. Advancing industrialization and increasing populations have exac- erbated shared challenges that include environmental degradation, climate change, pandemic disease, and loss of biodiversity.

Effective U.S. diplomacy in the 21st century must adapt to this landscape. It must also be prepared to reshape it. In particular, our diplomats must be prepared to respond to—and effect change in—three domains where evolving trends require new ways of doing business:

(1) Because a wide array of our government agencies increasingly engage with their counterparts abroad, our diplomats have to be prepared to lead the implementation of global civilian operations and to pursue whole-of-government diplomatic initiatives;

(2) Because new transnational forces are increasingly challenging the capacity of 20th century institutions, and emerging centers of influence are changing the geopolitical landscape, our diplomats have to be prepared to build new partnerships and institutions and reshape old ones at both the regional and global level; and

(3) Because a wide range of non-state actors are growing in reach and influence, our diplomats have to be prepared to go beyond the state to engage directly with new networks, from the private sector to the private citizen.

Our efforts in these three domains will become core missions for the State Department. The new diplomatic landscape will not adapt to us; we must develop our capabilities, channel our resources, and organize our structures to operate effectively within it. As we do so, we must re- main committed to excellence in the essential work we are already doing—from treaty negotia- tions to consular services to political reporting.

And we must do so in the context of our values, rooted in democracy and human rights. Our diplomats must be guided by these values in everything we do. They are the foundation of our global leadership.

This chapter outlines a set of reforms to ensure that we can train, equip, and support Foreign Service and Civil Service personnel and the many invaluable locally employed staff to effectively advance our national interests in this new global landscape. Whether they wear pinstripes or cargo pants, they are the backbone of America’s civilian power.



DipNote - U.S. Department of State Official Blog

The U.S. Department of State’s mission is to shape and sustain a peaceful, prosperous, just, and democratic world and foster conditions for stability and progress for the benefit of the American people and people everywhere. The State Department’s official blog, DipNote, offers first-person perspectives from U.S. government employees who are working to implement that mission.

The blog’s name – “DipNote” – comes from the term, “diplomatic notes,” which are used for correspondence between the U.S. Government and a foreign government. While diplomatic notes represent formal communications between two governments, this blog makes available a forum for informal discussion among the public on foreign affairs and global issues. The blog also provides the opportunity for the public to discuss U.S. foreign policy with senior State Department officials.




H.R.1251 - Cyber Diplomacy Act of 2021 (passed House, not final)

SECTION 1. SHORT TITLE; TABLE OF CONTENTS.

(a) Short Title.—This Act may be cited as the “Cyber Diplomacy Act of 2021”.


SEC. 2. FINDINGS.

Congress makes the following findings:

(1) The stated goal of the United States International Strategy for Cyberspace, launched on May 16, 2011, is to “work internationally to promote an open, interoperable, secure, and reliable information and communications infrastructure that supports international trade and commerce, strengthens international security, and fosters free expression and innovation * * * in which norms of responsible behavior guide states’ actions, sustain partnerships, and support the rule of law in cyberspace”.

(2) In its June 24, 2013, report, the Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security (referred to in this section as “GGE”), established by the United Nations General Assembly, concluded that “State sovereignty and the international norms and principles that flow from it apply to States’ conduct of [information and communications technology] ICT-related activities and to their jurisdiction over ICT infrastructure with their territory”.

(3) In January 2015, China, Kazakhstan, Kyrgyzstan, Russia, Tajikistan, and Uzbekistan proposed a troubling international code of conduct for information security, which could be used as a pretext for restricting political dissent, and includes “curbing the dissemination of information that incites terrorism, separatism or extremism or that inflames hatred on ethnic, racial or religious grounds”.

(4) In its July 22, 2015, consensus report, GGE found that “norms of responsible State behavior can reduce risks to international peace, security and stability”.

(5) On September 25, 2015, the United States and China announced a commitment that neither country’s government “will conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors”.

(6) At the Antalya Summit on November 15 and 16, 2015, the Group of 20 Leaders’ communiqué—

(A) affirmed the applicability of international law to state behavior in cyberspace;

(B) called on states to refrain from cyber-enabled theft of intellectual property for commercial gain; and

(C) endorsed the view that all states should abide by norms of responsible behavior.

(7) The March 2016 Department of State International Cyberspace Policy Strategy noted that “the Department of State anticipates a continued increase and expansion of our cyber-focused diplomatic efforts for the foreseeable future”.

(8) On December 1, 2016, the Commission on Enhancing National Cybersecurity, which was established within the Department of Commerce by Executive Order No. 13718 (81 Fed. Reg. 7441), recommended that “the President should appoint an Ambassador for Cybersecurity to lead U.S. engagement with the international community on cybersecurity strategies, standards, and practices”.

(9) On April 11, 2017, the 2017 Group of 7 Declaration on Responsible States Behavior in Cyberspace—

(A) recognized “the urgent necessity of increased international cooperation to promote security and stability in cyberspace”;

(B) expressed commitment to “promoting a strategic framework for conflict prevention, cooperation and stability in cyberspace, consisting of the recognition of the applicability of existing international law to State behavior in cyberspace, the promotion of voluntary, non-binding norms of responsible State behavior during peacetime, and the development and the implementation of practical cyber confidence building measures (CBMs) between States”; and

(C) reaffirmed that “the same rights that people have offline must also be protected online”.

(10) In testimony before the Select Committee on Intelligence of the Senate on May 11, 2017, Director of National Intelligence Daniel R. Coats identified six cyber threat actors, including—

(A) Russia, for “efforts to influence the 2016 U.S. election”;

(B) China, for “actively targeting the U.S. Government, its allies, and U.S. companies for cyber espionage”;

(C) Iran, for “leverag[ing] cyber espionage, propaganda, and attacks to support its security priorities, influence events and foreign perceptions, and counter threats”;

(D) North Korea, for “previously conduct[ing] cyber-attacks against U.S. commercial entities—specifically, Sony Pictures Entertainment in 2014”;

(E) terrorists, who “use the Internet to organize, recruit, spread propaganda, raise funds, collect intelligence, inspire action by followers, and coordinate operations”; and

(F) criminals, who “are also developing and using sophisticated cyber tools for a variety of purposes including theft, extortion, and facilitation of other criminal activities”.

(11) On May 11, 2017, President Donald J. Trump issued Executive Order No. 13800 (82 Fed. Reg. 22391), entitled “Strengthening the Cybersecurity of Federal Networks and Infrastructure”, which—

(A) designates the Secretary of State to lead an interagency effort to develop an engagement strategy for international cooperation in cybersecurity; and

(B) notes that “the United States is especially dependent on a globally secure and resilient internet and must work with allies and other partners toward maintaining * * * the policy of the executive branch to promote an open, interoperable, reliable, and secure internet that fosters efficiency, innovation, communication, and economic prosperity, while respecting privacy and guarding against disruption, fraud, and theft”.


SEC. 3. DEFINITIONS.

In this Act:

(1) APPROPRIATE CONGRESSIONAL COMMITTEES.—The term “appropriate congressional committees” means the Committee on Foreign Relations of the Senate and the Committee on Foreign Affairs of the House of Representatives.

(2) INFORMATION AND COMMUNICATIONS TECHNOLOGY; ICT.—The terms “information and communications technology” and “ICT” include hardware, software, and other products or services primarily intended to fulfill or enable the function of information processing and communication by electronic means, including transmission and display, including via the Internet.

(3) EXECUTIVE AGENCY.—The term “Executive agency” has the meaning given the term in section 105 of title 5, United States Code.


SEC. 4. UNITED STATES INTERNATIONAL CYBERSPACE POLICY.

(a) In General.—It is the policy of the United States to work internationally to promote an open, interoperable, reliable, unfettered, and secure Internet governed by the multi-stakeholder model, which—

(1) promotes human rights, democracy, and rule of law, including freedom of expression, innovation, communication, and economic prosperity; and

(2) respects privacy and guards against deception, fraud, and theft.

(b) Implementation.—In implementing the policy described in subsection (a), the President, in consultation with outside actors, including private sector companies, nongovernmental organizations, security researchers, and other relevant stakeholders, in the conduct of bilateral and multilateral relations, shall pursue the following objectives:

(1) Clarifying the applicability of international laws and norms to the use of ICT.

(2) Reducing and limiting the risk of escalation and retaliation in cyberspace, damage to critical infrastructure, and other malicious cyber activity that impairs the use and operation of critical infrastructure that provides services to the public.

(3) Cooperating with like-minded democratic countries that share common values and cyberspace policies with the United States, including respect for human rights, democracy, and the rule of law, to advance such values and policies internationally.

(4) Encouraging the responsible development of new, innovative technologies and ICT products that strengthen a secure Internet architecture that is accessible to all.

(5) Securing and implementing commitments on responsible country behavior in cyberspace based upon accepted norms, including the following:

(A) Countries should not conduct, or knowingly support, cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors.

(B) Countries should take all appropriate and reasonable efforts to keep their territories clear of intentionally wrongful acts using ICTs in violation of international commitments.

(C) Countries should not conduct or knowingly support ICT activity that, contrary to international law, intentionally damages or otherwise impairs the use and operation of critical infrastructure providing services to the public, and should take appropriate measures to protect their critical infrastructure from ICT threats.

(D) Countries should not conduct or knowingly support malicious international activity that, contrary to international law, harms the information systems of authorized emergency response teams (also known as “computer emergency response teams” or “cybersecurity incident response teams”) of another country or authorize emergency response teams to engage in malicious international activity.

(E) Countries should respond to appropriate requests for assistance to mitigate malicious ICT activity emanating from their territory and aimed at the critical infrastructure of another country.

(F) Countries should not restrict cross-border data flows or require local storage or processing of data.

(G) Countries should protect the exercise of human rights and fundamental freedoms on the Internet and commit to the principle that the human rights that people have offline should also be protected online.

(6) Advancing, encouraging, and supporting the development and adoption of internationally recognized technical standards and best practices.


SEC. 5. DEPARTMENT OF STATE RESPONSIBILITIES.

(a) In General.—Section 1 of the State Department Basic Authorities Act of 1956 (22 U.S.C. 2651a) is amended—

(1) by redesignating subsection (g) as subsection (h); and

(2) by inserting after subsection (f) the following new subsection:

“(g) Bureau Of International Cyberspace Policy.—

“(1) IN GENERAL.—There is established, within the Department of State, a Bureau of International Cyberspace Policy (referred to in this subsection as the ‘Bureau’). The head of the Bureau shall have the rank and status of ambassador and shall be appointed by the President, by and with the advice and consent of the Senate.

“(2) DUTIES.—

“(A) IN GENERAL.—The head of the Bureau shall perform such duties and exercise such powers as the Secretary of State shall prescribe, including implementing the policy of the United States described in section 4 of the Cyber Diplomacy Act of 2021.

“(B) DUTIES DESCRIBED.—The principal duties and responsibilities of the head of the Bureau shall be—

“(i) to serve as the principal cyberspace policy official within the senior management of the Department of State and as the advisor to the Secretary of State for cyberspace issues;

“(ii) to lead the Department of State’s diplomatic cyberspace efforts, including efforts relating to international cybersecurity, Internet access, Internet freedom, digital economy, cybercrime, deterrence and international responses to cyber threats, and other issues that the Secretary assigns to the Bureau;

“(iii) to coordinate cyberspace policy and other relevant functions within the Department of State and with other components of the United States Government, including through the Cyberspace Policy Coordinating Committee described in paragraph (6), and by convening other coordinating meetings with appropriate officials from the Department and other components of the United States Government on a regular basis;

“(iv) to promote an open, interoperable, reliable, unfettered, and secure information and communications technology infrastructure globally;

“(v) to represent the Secretary of State in interagency efforts to develop and advance the policy described in section 4 of the Cyber Diplomacy Act of 2021;

“(vi) to act as a liaison to civil society, the private sector, academia, and other public and private entities on relevant international cyberspace issues;

“(vii) to lead United States Government efforts to establish a global deterrence framework for malicious cyber activity;

“(viii) to develop and execute adversary-specific strategies to influence adversary decisionmaking through the imposition of costs and deterrence strategies, in coordination with other relevant Executive agencies;

“(ix) to advise the Secretary and coordinate with foreign governments on external responses to national security-level cyber incidents, including coordination on diplomatic response efforts to support allies threatened by malicious cyber activity, in conjunction with members of the North Atlantic Treaty Organization and other like-minded countries;

“(x) to promote the adoption of national processes and programs that enable threat detection, prevention, and response to malicious cyber activity emanating from the territory of a foreign country, including as such activity relates to the United States’ European allies, as appropriate;

“(xi) to promote the building of foreign capacity relating to cyberspace policy priorities;

“(xii) to promote the maintenance of an open and interoperable Internet governed by the multistakeholder model, instead of by centralized government control;

“(xiii) to promote an international regulatory environment for technology investments and the Internet that benefits United States economic and national security interests;

“(xiv) to promote cross-border flow of data and combat international initiatives seeking to impose unreasonable requirements on United States businesses;

“(xv) to promote international policies to protect the integrity of United States and international telecommunications infrastructure from foreign-based, cyber-enabled threats;

“(xvi) to lead engagement, in coordination with Executive agencies, with foreign governments on relevant international cyberspace and digital economy issues as described in the Cyber Diplomacy Act of 2021;

“(xvii) to promote international policies to secure radio frequency spectrum for United States businesses and national security needs;

“(xviii) to promote and protect the exercise of human rights, including freedom of speech and religion, through the Internet;

“(xix) to promote international initiatives to strengthen civilian and private sector resiliency to threats in cyberspace;

“(xx) to build capacity of United States diplomatic officials to engage on cyberspace issues;

“(xxi) to encourage the development and adoption by foreign countries of internationally recognized standards, policies, and best practices;

“(xxii) to consult, as appropriate, with other Executive agencies with related functions vested in such Executive agencies by law; and

“(xxiii) to conduct such other matters as the Secretary of State may assign.

“(3) QUALIFICATIONS.—The head of the Bureau should be an individual of demonstrated competency in the fields of—

“(A) cybersecurity and other relevant cyberspace issues; and

“(B) international diplomacy.

“(4) ORGANIZATIONAL PLACEMENT.—During the 1-year period beginning on the date of the enactment of the Cyber Diplomacy Act of 2021, the head of the Bureau shall report to the Under Secretary for Political Affairs or to an official holding a higher position in the Department of State than the Under Secretary for Political Affairs. After the conclusion of such period, the head of the Bureau may report to a different Under Secretary or to an official holding a higher position than Under Secretary if, not less than 15 days prior to any change in such reporting structure, the Secretary of State consults with and provides to the Committee on Foreign Relations of the Senate and the Committee on Foreign Affairs of the House of Representatives the following:

“(A) A notification that the Secretary has, with respect to the reporting structure of the Bureau, consulted with and solicited feedback from—

“(i) other relevant Federal entities with a role in international aspects of cyber policy; and

“(ii) the elements of the Department of State with responsibility over aspects of cyber policy, including the elements reporting to—

“(I) the Under Secretary for Political Affairs;

“(II) the Under Secretary for Civilian Security, Democracy, and Human Rights;

“(III) the Under Secretary for Economic Growth, Energy, and the Environment;

“(IV) the Under Secretary for Arms Control and International Security Affairs; and

“(V) the Under Secretary for Management.

“(B) A description of the new reporting structure for the head of the Bureau, as well as a description of the data and evidence used to justify such new structure.

“(C) A plan describing how the new reporting structure will better enable the head of the Bureau to carry out the responsibilities specified in paragraph (2), including the security, economic, and human rights aspects of cyber diplomacy.

“(5) RULE OF CONSTRUCTION.—Nothing in this subsection may be construed to preclude the head of the Bureau from being designated as an Assistant Secretary, if such an Assistant Secretary position does not increase the number of Assistant Secretary positions at the Department above the number authorized under subsection (c)(1).

“(6) COORDINATION.—

“(A) CYBERSPACE POLICY COORDINATING COMMITTEE.—In conjunction with establishing the Bureau pursuant to this subsection, there is established a senior-level Cyberspace Policy Coordinating Committee to ensure that cyberspace issues receive broad senior level-attention and coordination across the Department of State and provide ongoing oversight of such issues. The Cyberspace Policy Coordinating Committee shall be chaired by the head of the Bureau or an official of the Department of State holding a higher position, and operate on an ongoing basis, meeting not less frequently than quarterly. Committee members shall include appropriate officials at the Assistant Secretary level or higher from—

“(i) the Under Secretariat for Political Affairs;

“(ii) the Under Secretariat for Civilian Security, Democracy, and Human Rights;

“(iii) the Under Secretariat for Economic Growth, Energy and the Environment;

“(iv) the Under Secretariat for Arms Control and International Security;

“(v) the Under Secretariat for Management; and

“(vi) other senior level Department participants, as appropriate.

“(B) OTHER MEETINGS.—The head of the Bureau shall convene other coordinating meetings with appropriate officials from the Department of State and other components of the United States Government to ensure regular coordination and collaboration on crosscutting cyber policy issues.

“(b) Sense Of Congress.—It is the sense of Congress that the Bureau of International Cyberspace Policy established under section 1(g) of the State Department Basic Authorities Act of 1956, as added by subsection (a), should have a diverse workforce composed of qualified individuals, including such individuals from traditionally under-represented groups.

“(c) United Nations.—The Permanent Representative of the United States to the United Nations should use the voice, vote, and influence of the United States to oppose any measure that is inconsistent with the policy described in section 4.”.


SEC. 6. INTERNATIONAL CYBERSPACE EXECUTIVE ARRANGEMENTS.

(a) In General.—The President is encouraged to enter into executive arrangements with foreign governments that support the policy described in section 4.

(b) Transmission To Congress.—Section 112b of title 1, United States Code, is amended—

(1) in subsection (a) by striking “International Relations” and inserting “Foreign Affairs”;

(2) in subsection (e)(2)(B), by adding at the end the following new clause:

“(iii) A bilateral or multilateral cyberspace agreement.”;

(3) by redesignating subsection (f) as subsection (g); and

(4) by inserting after subsection (e) the following new subsection:

“(f) With respect to any bilateral or multilateral cyberspace agreement under subsection (e)(2)(B)(iii) and the information required to be transmitted to Congress under subsection (a), or with respect to any arrangement that seeks to secure commitments on responsible country behavior in cyberspace consistent with section 4(b)(5) of the Cyber Diplomacy Act of 2021, the Secretary of State shall provide an explanation of such arrangement, including—

“(1) the purpose of such arrangement;

“(2) how such arrangement is consistent with the policy described in section 4 of such Act; and

“(3) how such arrangement will be implemented.”.

(c) Status Report.—During the 5-year period immediately following the transmittal to Congress of an agreement described in clause (iii) of section 112b(e)(2)(B) of title 1, United States Code, as added by subsection (b)(2), or until such agreement has been discontinued, if discontinued within 5 years, the President shall—

(1) notify the appropriate congressional committees if another country fails to adhere to significant commitments contained in such agreement; and

(2) describe the steps that the United States has taken or plans to take to ensure that all such commitments are fulfilled.

(d) Existing Executive Arrangements.—Not later than 180 days after the date of the enactment of this Act, the Secretary of State shall brief the appropriate congressional committees regarding any executive bilateral or multilateral cyberspace arrangement in effect before the date of enactment of this Act, including—

(1) the arrangement announced between the United States and Japan on April 25, 2014;

(2) the arrangement announced between the United States and the United Kingdom on January 16, 2015;

(3) the arrangement announced between the United States and China on September 25, 2015;

(4) the arrangement announced between the United States and Korea on October 16, 2015;

(5) the arrangement announced between the United States and Australia on January 19, 2016;

(6) the arrangement announced between the United States and India on June 7, 2016;

(7) the arrangement announced between the United States and Argentina on April 27, 2017;

(8) the arrangement announced between the United States and Kenya on June 22, 2017;

(9) the arrangement announced between the United States and Israel on June 26, 2017;

(10) the arrangement announced between the United States and France on February 9, 2018;

(11) the arrangement announced between the United States and Brazil on May 14, 2018; and

(12) any other similar bilateral or multilateral arrangement announced before such date of enactment.


SEC. 7. INTERNATIONAL STRATEGY FOR CYBERSPACE.

(a) Strategy Required.—Not later than one year after the date of the enactment of this Act, the President, acting through the Secretary of State, and in coordination with the heads of other relevant Federal departments and agencies, shall develop a strategy relating to United States engagement with foreign governments on international norms with respect to responsible state behavior in cyberspace.

(b) Elements.—The strategy required under subsection (a) shall include the following:

(1) A review of actions and activities undertaken to support the policy described in section 4.

(2) A plan of action to guide the diplomacy of the Department of State with regard to foreign countries, including—

(A) conducting bilateral and multilateral activities to—

(i) develop norms of responsible country behavior in cyberspace consistent with the objectives specified in section 4(b)(5); and

(ii) share best practices and advance proposals to strengthen civilian and private sector resiliency to threats and access to opportunities in cyberspace; and

(B) reviewing the status of existing efforts in relevant multilateral fora, as appropriate, to obtain commitments on international norms in cyberspace.

(3) A review of alternative concepts with regard to international norms in cyberspace offered by foreign countries.

(4) A detailed description of new and evolving threats in cyberspace from foreign adversaries, state-sponsored actors, and private actors to—

(A) United States national security;

(B) Federal and private sector cyberspace infrastructure of the United States;

(C) intellectual property in the United States; and

(D) the privacy and security of citizens of the United States.

(5) A review of policy tools available to the President to deter and de-escalate tensions with foreign countries, state-sponsored actors, and private actors regarding threats in cyberspace, the degree to which such tools have been used, and whether such tools have been effective deterrents.

(6) A review of resources required to conduct activities to build responsible norms of international cyber behavior.

(7) A plan of action, developed in consultation with relevant Federal departments and agencies as the President may direct, to guide the diplomacy of the Department of State with regard to inclusion of cyber issues in mutual defense agreements.

(c) Form Of Strategy.—

(1) PUBLIC AVAILABILITY.—The strategy required under subsection (a) shall be available to the public in unclassified form, including through publication in the Federal Register.

(2) CLASSIFIED ANNEX.—The strategy required under subsection (a) may include a classified annex, consistent with United States national security interests, if the Secretary of State determines that such annex is appropriate.

(d) Briefing.—Not later than 30 days after the completion of the strategy required under subsection (a), the Secretary of State shall brief the appropriate congressional committees on the strategy, including any material contained in a classified annex.

(e) Updates.—The strategy required under subsection (a) shall be updated—

(1) not later than 90 days after any material change to United States policy described in such strategy; and

(2) not later than one year after the inauguration of each new President.


SEC. 8. ANNUAL COUNTRY REPORTS ON HUMAN RIGHTS PRACTICES.

The Foreign Assistance Act of 1961 is amended—

(1) in section 116 (22 U.S.C. 2151n), by adding at the end the following new subsection:

“(h) (1) The report required under subsection (d) shall include an assessment of freedom of expression with respect to electronic information in each foreign country, which information shall include the following:

“(A) An assessment of the extent to which government authorities in the country inappropriately attempt to filter, censor, or otherwise block or remove nonviolent expression of political or religious opinion or belief through the Internet, including electronic mail, and a description of the means by which such authorities attempt to inappropriately block or remove such expression.

“(B) An assessment of the extent to which government authorities in the country have persecuted or otherwise punished, arbitrarily and without due process, an individual or group for the nonviolent expression of political, religious, or ideological opinion or belief through the Internet, including electronic mail.

“(C) An assessment of the extent to which government authorities in the country have sought, inappropriately and with malicious intent, to collect, request, obtain, or disclose without due process personally identifiable information of a person in connection with that person’s nonviolent expression of political, religious, or ideological opinion or belief, including expression that would be protected by the International Covenant on Civil and Political Rights, adopted at New York December 16, 1966, and entered into force March 23, 1976, as interpreted by the United States.

“(D) An assessment of the extent to which wire communications and electronic communications are monitored without due process and in contravention to United States policy with respect to the principles of privacy, human rights, democracy, and rule of law.

“(2) In compiling data and making assessments under paragraph (1), United States diplomatic personnel should consult with relevant entities, including human rights organizations, the private sector, the governments of like-minded countries, technology and Internet companies, and other appropriate nongovernmental organizations or entities.

“(3) In this subsection—

“(A) the term ‘electronic communication’ has the meaning given the term in section 2510 of title 18, United States Code;

“(B) the term ‘Internet’ has the meaning given the term in section 231(e)(3) of the Communications Act of 1934 (47 U.S.C. 231(e)(3));

“(C) the term ‘personally identifiable information’ means data in a form that identifies a particular person; and

“(D) the term ‘wire communication’ has the meaning given the term in section 2510 of title 18, United States Code.”; and

(2) in section 502B (22 U.S.C. 2304)—

(A) by redesignating the second subsection (i) (relating to child marriage) as subjection (j); and

(B) by adding at the end the following new subsection:

“(k) (1) The report required under subsection (b) shall include an assessment of freedom of expression with respect to electronic information in each foreign country, which information shall include the following:

“(A) An assessment of the extent to which government authorities in the country inappropriately attempt to filter, censor, or otherwise block or remove nonviolent expression of political or religious opinion or belief through the Internet, including electronic mail, and a description of the means by which such authorities attempt to inappropriately block or remove such expression.

“(B) An assessment of the extent to which government authorities in the country have persecuted or otherwise punished, arbitrarily and without due process, an individual or group for the nonviolent expression of political, religious, or ideological opinion or belief through the Internet, including electronic mail.

“(C) An assessment of the extent to which government authorities in the country have sought, inappropriately and with malicious intent, to collect, request, obtain, or disclose without due process personally identifiable information of a person in connection with that person’s nonviolent expression of political, religious, or ideological opinion or belief, including expression that would be protected by the International Covenant on Civil and Political Rights, adopted at New York December 16, 1966, and entered into force March 23, 1976, as interpreted by the United States.

“(D) An assessment of the extent to which wire communications and electronic communications are monitored without due process and in contravention to United States policy with respect to the principles of privacy, human rights, democracy, and rule of law.

“(2) In compiling data and making assessments under paragraph (1), United States diplomatic personnel should consult with relevant entities, including human rights organizations, the private sector, the governments of like-minded countries, technology and Internet companies, and other appropriate nongovernmental organizations or entities.

“(3) In this subsection—

“(A) the term ‘electronic communication’ has the meaning given the term in section 2510 of title 18, United States Code;

“(B) the term ‘Internet’ has the meaning given the term in section 231(e)(3) of the Communications Act of 1934 (47 U.S.C. 231(e)(3));

“(C) the term ‘personally identifiable information’ means data in a form that identifies a particular person; and

“(D) the term ‘wire communication’ has the meaning given the term in section 2510 of title 18, United States Code.”.


SEC. 9. GAO REPORT ON CYBER DIPLOMACY.

Not later than one year after the date of the enactment of this Act, the Comptroller General of the United States shall submit a report and provide a briefing to the appropriate congressional committees that includes—

(1) an assessment of the extent to which United States diplomatic processes and other efforts with foreign countries, including through multilateral fora, bilateral engagements, and negotiated cyberspace agreements, advance the full range of United States interests in cyberspace, including the policy described in section 4;

(2) an assessment of the Department of State’s organizational structure and approach to managing its diplomatic efforts to advance the full range of United States interests in cyberspace, including a review of—

(A) the establishment of a Bureau in the Department of State to lead the Department’s international cyber mission;

(B) the current or proposed diplomatic mission, structure, staffing, funding, and activities of the Bureau;

(C) how the establishment of the Bureau has impacted or is likely to impact the structure and organization of the Department; and

(D) what challenges, if any, the Department has faced or will face in establishing such Bureau; and

(3) any other matters determined relevant by the Comptroller General.


SEC. 10. SENSE OF CONGRESS ON CYBERSECURITY SANCTIONS AGAINST NORTH KOREA AND CYBERSECURITY LEGISLATION IN VIETNAM.

It is the sense of Congress that—

(1) the President should designate all entities that knowingly engage in significant activities undermining cybersecurity through the use of computer networks or systems against foreign persons, governments, or other entities on behalf of the Government of North Korea, consistent with section 209(b) of the North Korea Sanctions and Policy Enhancement Act of 2016 (22 U.S.C. 9229(b));

(2) the cybersecurity law approved by the National Assembly of Vietnam on June 12, 2018—

(A) may not be consistent with international trade standards; and

(B) may endanger the privacy of citizens of Vietnam; and

(3) the Government of Vietnam should work with the United States and other countries to ensure that such law meets all relevant international standards.

Passed the House of Representatives April 20, 2021.


Cyber Risk GmbH, some of our clients