A Diplomat in a Cyber World: Working with CYBERCOM

An FSO and former ambassador discusses her work as a political adviser to U.S. Cyber Command.


As a U.S. diplomat for 32 years, I’ve worked in countries that regularly feature on the front pages of the international press—Israel, Egypt, Saudi Arabia and Iraq, to mention a few. After experiencing the terrible costs of a terrorist attack in Saudi Arabia firsthand, my focus shifted from our bilateral relationships with Middle Eastern countries to coordinating our counterterrorism efforts throughout the world.

I spent four years as deputy coordinator for counterterrorism (CT), leading one of the hardest-working teams in the Department of State. CT oversees our international efforts to stop money flows to terrorist organizations, to improve the ability of other nations’ legal systems to carry out clean prosecutions of terrorists, to strengthen technological tools for effective border security and to counter terrorists’ use of the internet. I often represented State at senior interagency cyber policy meetings and worked with representatives from the U.S. military’s command for military cyberspace operations against state and nonstate actors, U.S. Cyber Command (CYBERCOM).

CYBERCOM’s mission is clear: to defend the Department of Defense’s information networks; to help defend the nation’s critical infrastructure (e.g., transportation, water, electrical grid, banking) and to help support other combatant commands’ mission execution. CYBERCOM is specifically directed to work with interagency and international partners to execute these critical missions.

Getting There

That work inspired me to later go through the extraordinary application process for an assignment with CYBERCOM. In addition to completing State’s lengthy bidding process, and being approved by the military commander for the foreign policy adviser (POLAD) assignment, the successful candidate must pass a polygraph. Taking a polygraph is no simple matter for an FSO—the State Department does not use the polygraph, so hurdles included getting permission from the Secretary to take the test, as well as finding a secure facility convenient to my post where it could be administered.

The vocabulary differences between agencies are real; the thought pattern differences are real; and the measurements of success are different, too.

I did take the test, and passed. And soon after, I established myself in the spacious POLAD office on CYBERCOM’s “Seventh Floor” equivalent in the building it shares with the National Security Agency. Last August, President Donald J. Trump directed that U.S. Cyber Command be elevated to a full combatant command, and directed the secretary of defense, working with the director of national intelligence, to give him a recommendation regarding the future command relationship between the U.S. Cyber Command and the National Security Agency. *

I joined some of the most impressive, dedicated, hardworking men and women with whom I’ve had the honor to serve—top to bottom. The issues we dealt with were urgent: life and death, and hair-on-fire constant. Under the onslaught of cyber and other operations of varying levels of seriousness against U.S. interests and those of our allies, we struggled to provide well-planned and well-supported options that were fully informed by our policy priorities for the commander, secretary of defense and president to anticipate attacks or respond. My personal rank was equivalent to that of a two-star flag officer; and, happily, my counterterrorism experience and my regional expertise made me a welcomed member of the leadership team.

At CYBERCOM, not only does an FSO find herself in the midst of military culture and language, but because of the nature of this theater, one is also in the midst of an intel culture and language. The POLAD course and handbook that State provides are enormously useful, but I had to push myself hard to navigate the culture and lingo differences with confidence. The vocabulary differences between agencies are real; the thought pattern differences are real; and the measurements of success are different, too. Our value will be increased by gaining familiarity with these differences long before we take up a military-related assignment.

The FSO’s Secret Sauce

Our expertise, as diplomats, in adapting to new cultures and languages quickly is what makes our role as intimate team members so essential to a holistic definition of success in this arena. In my experience, interagency and international cyber cooperation is usually undertaken with the best of intentions and solid goodwill, but prejudices, misunderstandings, missteps and cross purposes come with the territory. One of the first challenges for the successful State Department officer in this arena is learning the terms of art: cyber event, cyber attack, cyber threat, cyber operation and cyber warfare are just a few. I found each of those terms often used interchangeably, or meant for different things, or two different words used for the same thing, depending on who used them. Definitions were still being firmed up.

There were stereotypes to overcome, as well. I worked to protect State from the criticism that we would analyze and weigh an option until it was too late to use it, and I flagged the reverse concern to my CYBERCOM colleagues—namely that DOD was more likely to push too quickly for actions that carried the danger of unanticipated negative impacts.

I anticipated an additional burden as a woman in a military setting. On that I was wrong. Though there was plenty of testosterone in the room, at senior meetings I was delighted to note that there were many female leads among flag officers in the room or on the screen, including for Marine Cyber, Fleet Cyber and the J2 (Intelligence), as well as the head of J1 (Manpower and Personnel). This reflected similar senior roles filled by women at State and reaffirmed my conviction that the tradition of female-led cyber successes—long established by luminaries like Admiral Grace Hopper, Agnes Driscoll and others—would continue.

Our expertise, as diplomats, in adapting to new cultures and languages quickly is what makes our role as intimate team members so essential.

One of my most important roles was as a communicator. My operating from CYBERCOM headquarters allowed our agencies to coordinate early and improve our shared understanding of the tasks at hand. When there were disputes over the likely impact of particular actions on our policy priorities, I did my best to ensure that facts and perspectives were shared in both directions quickly and comprehensively. At times, this was easier said than done. Email worked wonders for moving information rapidly, but when the systems are separate and maintained at different classification levels, information sharing—with the right people—slowed. It’s hard to overstate the pressure and difficulty involved in rapidly producing multiple options for policymakers that have been well staffed, closely reviewed and are able to gain broad interagency support. No uncrossed t’s or undotted i’s are allowed.

Communicating in Both Directions

The pressure was daily because the array of cyber threats facing the United States was constant. This pressure was heightened on our cyber warriors when specific options carried time constraints on their viability. Often these options needed input or clearance from particular offices in State. Then the friction would intensify, heightened by the need to make modifications during “live” situations that had to be reflected in updated briefing slide decks—something the State Department does not often use. Ensuring that clearers outside of CYBERCOM were reviewing the latest iteration of a plan of action took enormous attention to detail, and timeliness was often challenged by the limited compatibility of some networks.

The POLAD office gained much love from colleagues in both agencies when we could help with the transfer of new recommendations in both directions and ensure an accurate understanding of the thinking that informed them. It was imperative that nothing poorly staffed or inadequately socialized and cleared arrived for a command decision. At the same time, we understood every delay might be counted, not only in opportunities missed, but lives lost.

I could assist in alerting senior State Department officials that options would need to be reviewed and evaluated, and I provided as much background as possible to speed up the process. It was also useful to flag for State colleagues some of the technological limitations even our best cyber warriors faced. Former Secretary of Defense Ash Carter acknowledged in an interview late last year that he had been disappointed in the effectiveness of CYBERCOM’s weapons and techniques. He further alluded to tensions brought on by other agencies not wanting CYBERCOM to use those that they had. That gets back to meeting policy priorities, while navigating the well-documented tension between executing an early response to what intel has uncovered and what you lose by letting your adversary (and others) know that you have the intel and you have the capability to respond.

Any response is framed by the broad definition of success, based on our overall policy objectives. In the cyber world, lines increasingly overlap. My former boss, Admiral Michael S. Rogers, has noted publicly that he couldn’t have anticipated that his agency would be involved in a response to a private entertainment firm’s network being hacked. Remember, CYBERCOM has three primary missions; and no one equated Sony Pictures Entertainment with “critical infrastructure.”

Establishing International Norms

The other half of the vital role State played was helping to increase understanding at CYBERCOM of the State Department’s work to further establish and solidify international norms for cyber behavior and responses. An early understanding of what international norms, international law and our partner agreements allowed cyber forces to do and not do in cyberspace ensured that the options presented were truly viable. For instance, hospitals, water systems, voting machines and electrical grids could be attractive targets for countries at odds with each other, but should they be? We could put in place an effective deterrent to an action by an adversary, but it would also affect an ally’s systems or network. Should we, and legally, can we? These are instances where FSOs who are well-versed in our norms work and objectives could aid in early CYBERCOM decision-making.

Every international agreement on cyberspace rules of the road for which we get broad support puts limits on state actions against other states. These agreements on “norms” of behavior help eliminate potentially devastating actions by states or, at least, make their cost higher because of the necessity to hide their authorship. These norms also ensure broad repudiation of state and nonstate actors who violate them. We’ve seen this with the international reaction to Russian tampering with the U.S. and other nations’ election processes.

The work to get broad support for putting limits on acceptable actions against other states in the cyber arena is done largely through the negotiations conducted through the awkwardly titled United Nations Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security (UN GGE). State leads the UN GGE negotiations for the United States and has achieved some significant successes for U.S. positions.

The work done by State and CYBERCOM to defend and advance U.S. interests is on a continuum. State Department officials’ work through the UN GGE helps reduce the range of acceptable damaging actions taken in cyberspace.

Well-versed in the challenges of defending U.S. interests, State officers can help ensure CYBERCOM’s tactical brilliance is informed by our broad foreign policy priorities. The partnership is essential, and thorough preparation for it by FSOs is necessary for success.

*On May 4, as this issue went to press, U.S. Cyber Command was elevated to an independent “unified command,” giving it equal status with the nine other U.S. military commands around the world. In addition, U.S. Army General Paul Nakasone took over the leadership spot at CYBERCOM, and was double-tapped to also serve as director of the National Security Agency.

Ambassador Gina Abercrombie-Winstanley retired recently following 30-plus years in the Foreign Service. Her areas of expertise include the Middle East, counterterrorism and cybersecurity. She was the first woman to lead a diplomatic mission in Saudi Arabia as consul general in Jeddah. She also served in the White House, the Department of Defense and on Capitol Hill. Her work has been published in The New York Times and The New York Review of Science Fiction. The views and opinions expressed in this article are those of the author alone and do not necessarily reflect the official policy or position of the U.S. Department of Defense, U.S. Cyber Command or any agency of the U.S. government.