The Foreign Service Journal, January-February 2014

THE FOREIGN SERVICE JOURNAL | JANUARY-FEBRUARY 2014 19 tablets, Twitter and other social media systems, the possibilities for diplomacy seemboundless. Unfortunately, security remains relegated to the back burner, despite growing dangers. Making Cybersecurity a Top Priority Media reports describe construction of a new $400 million headquarters to house a Department of Defense “Cyber Command” at Fort Meade inMaryland. The new entity will reportedly be staffed by 4,000 to 5,000 military and civilian person- nel whose duties are to detect, defend against and stop penetration of DOD’s computer systems. State lacks the resources to construct such a capacity. But there are steps we can take—indeed, must take to restore infor- mation integrity and protection, thereby reassuring our friends and allies. Today, three years after the WikiLeaks episode, many foreign interlocutors remain reticent about sharing any sensitive informa- tion with our diplomats. This reluctance hampers relationships, causes friction and emboldens our enemies. President Barack Obama’s Executive Order 13636 offers a remedial starting point. This directive calls for improved protection of critical information infra- structure. With that inmind, I offer two recommendations to address pressing State Department deficiencies: ■ Increase security of existing classi- fied networks . Media reporting leaves no doubt that our nation’s focus on informa- tion security, communications security and classified networks has seriously weakened. To counter this worrying trend within the Foreign Service, more resources must be directed toward supporting Infor- mation Programs Center operations. This should include a renewed focus on emergency communications training for handling vital reports, particularly now that the Bureau of Information Resource Management has abandoned its Warren- ton Training Center facility. Fortunately, the IPC structure remains central to the core reporting function of the Foreign Ser- vice, and chiefs of mission, deputy chiefs of mission andmanagement counselors should all show strong support for this vital operation. ■ Make cybersecurity amanagement priority by setting performancemetrics . The process of prioritizing cybersecurity will necessarily be led by ambassadors and other Senior Foreign Service officers, but it is most critical for Chief Information Officers. Yet the last CIO to work inside one of State’s Information Programs Cen- ters, which handle somuch of this critical responsibility, did so 13 years ago. Since then, nearly all CIOs have come fromunclassified Information Systems Centers. None have IPC experience. (While it may be purely coincidental, the WikiLeaks catastrophe and other data leaks all occurred during this period.) Clearly, State should require IRMperson- nel to acquire hybrid experience, through stints inside IPCs and ISCs, as a prerequi- site to assume CIO leadership positions. This would promote senior cybersecurity awareness and crown a 27-year odyssey in search of a unified IRMorganization that encompasses the classified and unclassi- fied domains. Other Initiatives to Consider Strengthening IPC operations and building more security awareness into the senior IRM leadership are key require- ments. But other initiatives deserve consid- eration, too. Take, for example, the Russian Federal Guard Service’s recent switch fromdigital systems to typewriters and paper (report- edly in response to the Snowden affair). That shift certainly does not mean that we should return to the best practices of a quarter-century ago, when those of us inMoscow issued “Mickey Mouse” magic slate erasable writing pads to Secretary of State George Shultz and other high- level visitors. But it is worth recalling that evidence of Soviet eavesdropping was first reported by an alert IPC officer. The Diplomatic Courier Service, which proudly traces its origins as a secure com- munications systemback to the days of the Committee of Secret Correspondence, might play a novel role in confronting today’s security challenge. Especially sensitive, but not perishable, information could be sent via courier if selected cables are captioned “DCS CHANNEL.” Creation of such a new telegraphic channel would result in slower delivery but enhanced protection. This envisions a kind of asym- metrical “mobile firewall” strategy. The Bureau of Diplomatic Security also needs to urgently review the operational Today’s technology offers boundless possibilities for diplomacy. But information security must not be relegated to the back burner in the process.