New Bureau, New Cyber Priorities in Foreign Affairs

Here, Senior FSO Jennifer Bachus explains what the creation of State’s cyber bureau—a long-awaited development—means for U.S. foreign policy and the Foreign Service.


istockphoto.com / vit_mar

The July 14 AFSA Inside Diplomacy event featured Senior Foreign Service Officer Jennifer Bachus in an interview with AFSA President Eric Rubin. Bachus had recently taken on the position of principal deputy assistant secretary (PDAS) and the senior official in the State Department’s newly created Cyberspace and Digital Policy Bureau. Here are excerpts from their discussion.


Jennifer Bachus

     AFSA President Eric Rubin: I’m particularly glad to be able to do one of our Inside Diplomacy talks on a topic that has attracted so much interest, and we are very lucky that AFSA can help highlight the new bureau very early on.
     This past April, the Department of State’s new Cyberspace and Digital Policy Bureau (CDP) began operations. It’s a key piece of Secretary [of State Antony] Blinken’s agenda for the modernization of American diplomacy.
     Cyberspace affects all of our lives in ways sometimes we don’t even realize. The new bureau is requiring structural changes and modernization within the State Department, reshaping and expanding previous structures, and adding more diplomatic personnel and expertise toward the new priorities.
     I hope that today’s discussion can help focus better understanding about what this long-awaited development means for U.S. foreign policy priorities, for all of our colleagues in the foreign affairs community, and, in particular, what it means for our Foreign Service workforce.
     I’d like to start out by introducing Jennifer Bachus, someone I have known for a very long time who has had a tremendous Foreign Service career. At State, she is the new senior bureau official and principal deputy assistant secretary for the new Cyberspace and Digital Policy Bureau. She previously served as chargé d’affaires and deputy chief of mission (DCM) at U.S. Embassy Prague. Before that, she served as office director for the Central Europe Office in the European Bureau. She was special assistant in the Office of the Under Secretary for Economic Growth, Energy, and the Environment. She also served as DCM at U.S. Embassy Pristina, political economic counselor at U.S. Embassy Astana, and as head of our American presence post in Toulouse.

     Jennifer Bachus: It’s really a pleasure to be here, as an AFSA member since 1998 when I joined the Foreign Service. I appreciate all the work that you all do and events such as this and other speaker programs where I’ve had the opportunity to be in the audience. It’s a real honor to be the person speaking.

     AFSA: The State Department started formally building cybersecurity expertise in 2011, but it wasn’t until last year that the new cyber bureau was proposed, and this year it actually came into being. What changed to make it possible?
     JB: Ultimately, Secretary Blinken came in and said, “I want to do a real rethink about the State Department modernization agenda, writ large”—and that included cyberspace and digital policy. His team met with stakeholders in the State Department, on the Hill, and in the interagency, academia, and civil society; they did a big listening tour.
     After a really intense period of focus, they decided that they were going to build a bureau that looks at the national security, economic, and human rights elements of cyberspace and digital policy, and that for the first year we will report to the Deputy Secretary of State.

     AFSA: How does the State Department and your new bureau’s efforts and structure mesh with the overall U.S. government effort to promote cybersecurity around the world?
     JB: There is not one U.S. government agency that doesn’t touch on cybersecurity and digital policy.
     There’s this whole ecosystem [including the National Security Council, Defense Department, Department of Homeland Security, Department of Commerce, USAID]. But the State Department is the lead foreign affairs agency, and the job of our bureau in the State Department is to lead, coordinate, and elevate cybersecurity and digital policy for the U.S. government.

     AFSA: Secretary Blinken said the new bureau would include a reorientation of our foreign policy, in particular a focus on its effect on American lives. How do you see this playing out?
     JB: We all remember the 2021 shutdown of the Colonial Pipeline [due to a ransomware attack]. This year, there was a cyberattack on [U.S. satellite communications provider] Viasat, which affected some elements of the European energy grid.
     How do we work in coordination, in collaboration with our partners and allies to protect ourselves from this enormous threat? How do we lay out the rules of the road? When something happens, can we bring a coalition together to call it out? And then, how do we react? This is critically important for the American people.
     We play an important role in the ransomware initiative run by the White House, in terms of building diplomatic coalitions.
     On the economic side, we see the importance of the internet. How can we make sure that we continue to have access to this technology regardless of where we are in the world? If you’re an American tourist in China, can you check your Facebook? Do you get caught up in an internet shutdown in Kazakhstan or India? If you’re using your cell phone in Europe, is your cell phone data going to be siphoned off by an adversary?
     These are huge, important questions that need to be addressed and that ultimately touch on American lives, both in the United States and abroad. I always put diplomacy at the center of everything we do. We want to build coalitions, look to our allies, figure out ways we can share information better.
     And we can’t forget the important role that the private sector plays in all of this. They are often our early warning systems. Microsoft is probably going to know where they have a problem before we do. So, how do we make sure that Microsoft is sharing that information and that they’re figuring out how to patch it, and that we are building coalitions around the world to advance this idea?
     We brought together a large coalition to attribute the Viasat attack. We did it with the Europeans at the center, but not just the Europeans. Can we build a bigger tent to call out bad behavior? That’s what we’re looking at—how do you get into the deterrent element? It’s something we’ve looked at for many years; Russia’s invasion of Ukraine has really brought this to the forefront.

The job of our bureau in the State Department is to lead, coordinate, and elevate cybersecurity and digital policy for the U.S. government.

     AFSA: How do you see the bureau developing leadership in this area internationally?
     JB: We have had really great people working on these issues for many years. By staffing up the bureau, we can actually do what they wanted to do, which is to elevate this, to be more proactive, to have a forward-leaning vision.
     A challenge we face is that we have less legislation in the United States on cyber and digital issues than Europe has. So, we can talk about our values; we can talk about the vision we have for the internet. But it is harder to say to a country, here’s how you should or should not regulate content moderation when we don’t have that legislation.
     We do look to Congress and the White House to set the national-level policy. And while we’re waiting for that, we have things like the Declaration for the Future of the Internet [launched in April 2022 with 60 countries signed on], which sets out broad-based principles. We can all agree that internet shutdowns are a bad thing. And so, we need to engage on things like internet shutdowns, even if we don’t have domestic legislation on that.

     AFSA: What top priorities, both structural and strategic, are you focusing on right now?
     JB: If we look at the three pillars of our work—national security, economics, and human rights—first of all, we’re trying to integrate all of what we’re doing [into] a functional bureau strategy.
     We’re extremely involved in the United Nations Open Ended Working Group [on Developments in the Field of Information and Telecommunications in the Context of International Security], which sets the norms for how states should behave in cyberspace.
     On economics, I think we have to continue to really focus on the security aspect. How can we secure our entire internet ecosystem? 5G remains critically important, but it goes beyond 5G. It goes to things like undersea cables. It goes to data centers. There’s a whole range of things we’re doing there. We are trying to engage with Europe and with Asia on regulations in standards to make sure that our companies and our vision for the internet continue to play an important role.
     Then, on the democracy front, again, it’s this question of addressing content moderation, privacy, surveillance, helping to create the internet of the future that we want to see. There are a lot of priorities, and we have to figure out how to integrate them all.

     AFSA: Can you discuss how data science fits into the goals for the bureau?
     JB: That is an active question in the bureau. We have the three policy units, and then we have a strategic planning and communications office that does bureauwide functions. We’ve talked about whether or not we’re going to hire a data scientist into that office; but pending that, we’re working with M/SS, the Office of Management Strategy and Solutions. They have a whole data science group.

     AFSA: How do you see this new bureau being an asset or collaborator with bureaus at State handling human rights issues?
     JB: We have the digital freedom unit, which is the smallest of our units. It has a coordinator, not a deputy assistant secretary. The design was that we collaborate and integrate closely with the Bureau of Democracy, Human Rights and Labor (DRL). We have to look at where we can lean in and where the nugget of the issue is cyberspace and digital policy, as opposed to human rights.
     We’ve been looking at content moderation, information integrity, privacy, surveillance, these sorts of issues, again in very close cooperation with DRL. Another good example would be the Freedom Online Coalition (FOC), which the U.S. is going to chair in 2023. [The FOC is a partnership of 34 governments working to enhance internet freedom that was founded in 2011 in the Netherlands at the initiative of the Dutch Foreign Ministry.] DRL will be the hub of FOC work, but we will feed into and advise and support DRL in doing so.

     AFSA: How will the State Department ensure that cyber norms are more than just a piece of paper where countries like Russia or China are concerned?
     JB: That is probably the question of the future, and it cuts across so many levels, not just cyberspace. Russia invaded another country. Its adherence to any norms has to be called into question. The question gets to the deterrence piece.
     Once you know what the norms are, you can call out a violator. Can we get a coalition together to call out who violated the norm? Okay, we’ve done that. What’s [our] reaction? Is it sanctions? Is it another element of deterrence? What are the real reactions you can have, especially in something that doesn’t essentially rise to the level of an act of war?
     It’s really complicated, and we’re trying to create a conversation with our partners, friends, and allies: [What happens] beyond attribution, what’s next? I don’t have the answer to that, which is what I say to everybody, including our friends, partners, and allies. We have to work together to find the answer. We, the United States, can bring the group together. But if we try to just impose an answer, I think we’re not going to be as successful.

A challenge we face is that we have less legislation in the United States on cyber and digital issues than Europe has.

     AFSA: How will this new bureau, this new coordination, affect the Foreign Service workforce in terms of positions, hiring, training, and budget and staffing?
     JB: We’re trying to make sure we have a balance between the Foreign Service and Civil Service in the bureau, to have leadership positions as well as entry-level and mid-level positions for the Foreign Service.
     We advertised the deputy assistant secretary (DAS)-level position that’s responsible for the economics team. We will do the same on the security team, and we did it for the digital freedom unit, as well. We are looking at Foreign Service officers, as well as Civil Service and Schedule Cs for those positions. Once we look across the broad range of applicants, we will select the best person for the job. I think just having a transparent process in which the Foreign Service can compete is a huge leap forward.
     We had somebody on a Y tour here who’s in the Information Management specialty. She was a great addition to the office. You have to cast the widest net possible for who can bring the skill sets you need in order to do the job. You have a pre–Foreign Service IT background. I want to know about it. You worked in gaming, venture capital, et cetera, those are all super interesting backgrounds that we need to better leverage within the Foreign Service.
     For people in the field, we have this amazing cybersecurity toolkit that our staff created. If you’re serving overseas and you want to figure out how to work on cybersecurity and you haven’t had a lot of training and it’s one of 10 things in your portfolio, what do you do?
     So we created a toolkit that’s very practical and user friendly. We’re trying to elevate it and make sure that officers touching on these issues are aware of it.
     We’re providing toolkits and information. We have [Microsoft] Teams chats and listservs and all these ways to try to connect people and provide them the training they need. We’re also looking into the future as we build up the bureau, to have regional trainings, to bring people together from the Europe region or the Africa region. Again, these are things that will take some time because of our staffing.
     [Note: Nate Fick was confirmed September 15 to the newly created position of Ambassador at Large for Cyberspace and Digital Policy.]

     AFSA: How do I apply to work in your bureau? Is there a way to reach out to your team or your bureau to learn more about these efforts?
     JB: There’s a SharePoint site that we are attempting to keep updated with announcements. The creation of the bureau is like starting up the crank, right? The crank turns a little slower than maybe we would like, but we are getting jobs classified, and we should be getting more and more jobs posted on FS Bid. There are some Foreign Service jobs in the digital freedom unit that are “now” jobs, and there are Foreign Service jobs in the strategic planning and communications office that are “now” vacancies.
     We’ve brought in a number of Y tours, as well—people who are providing targeted support as we get the bureau up and running. We have somebody working on change management.
     We have “now” vacancies, and we’ll have vacancies for summer 2023. And it will just go on from there. For students, we are looking at Presidential Management Fellow rotations, and we are looking at interns.
     We’re looking at every hiring mechanism you can imagine, because we need to hire about 40 to 50 people eventually. We are putting positions on USAJobs, particularly at the GS-14 and -15 level to provide the opportunity for people in the Civil Service to move up. If you name a hiring mechanism, we’re probably trying to use it.
     If there’s something you’re interested in and it’s not posted today, please come back around and look again because it might be there in the future. If you’re Foreign Service, you should let us know if you’re bidding on one of the jobs that shows up as CDP consultative staffing.

 

When sharing or linking to FSJ articles online, which we welcome and encourage, please be sure to cite the magazine (The Foreign Service Journal) and the month and year of publication. Please check the permissions page for further details.

Read More...