Tillerson’s Loss May Be U.S. Cyber Gain if Pompeo Takes Control (1)

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Daniel R. Stoller

Multinational companies would gain a proponent of strong U.S. international cybersecurity diplomacy if CIA Director Mike Pompeo takes over as secretary of state, former agency officials and national security attorneys told Bloomberg Law.

President Donald Trump March 13 announced in a tweet that he was replacing Secretary of State Rex Tillerson with Pompeo, who will need Senate confirmation to assume the position. Tillerson said in a press conference the same day that he would immediately turn over day-to-day operations to his deputy John Sullivan, and will leave the post March 31.

The State Department plays an important role in promoting U.S. cybersecurity norms across the world. Cyberattacks continue to heavily target large companies around the world, and the agency will have to up its focus on preventing large scale strikes through diplomatic measures, former agency officials and national security attorneys said.

“The U.S. plays an indispensable role in promoting international cooperation in cyberspace, including through the development of norms for responsible nation-state behavior in cyberspace,” David A. Simon, national security partner at Mayer Brown LLP in Washington and member of the firm’s global cybersecurity and data privacy practice, told Bloomberg Law March 14. “For example, the United States has pioneered a cyber norm to protect civilian critical infrastructure from nation-state cyberattacks,” he said.

Pompeo would have a full plate of national security priorities, but “hopefully, cybersecurity will continue to be a high-level priority” for the office, Simon said. Given Pompeo’s experience at the CIA, “he likely will come to the state department with a greater appreciation for the critical role State can play in diplomacy to deter cyber attacks against the United States,” he said.

Nation-State Threats

The State Department’s role is important because “private companies face a diverse array of nation-state and criminal cyber threats,” Simon said. State “should continue to promote norms to protect private companies from becoming the victims of nation-state cyber attacks,” he said.

Establishing international cybersecurity norms would be part of Pompeo’s agenda, former agency officials and national security attorneys said. He also would have to balance North Korean, Iranian, and Russian national security threats with growing private-sector cyberattacks, they said.

Tillerson sought to promote U.S. security when he proposed a new Bureau of Cyberspace and the Digital Economy to focus on international cybersecurity measures, David Helfenbein, a former State Department official under then-Secretary HIllary Clinton, told Bloomberg Law.

Tillerson also established a cybersecurity office under the Bureau of Diplomatic Security with the responsibility of protecting the State Department, its employees, and its infrastructure against cyberattacks, he said.

A State Department spokesman didn’t comment directly on the agency’s cybersecurity priorities, but told Bloomberg Law that it will work closely with allies on foreign policy issues. The spokesman indicated support of Pompeo, if confirmed.

Staffing Concerns

A lack of stafffing has plagued the State Department since the start of the Trump presidency. It has limited the department’s effectiveness in international cybersecurity diplomacy, former officials said. Pompeo’s relationship with Trump and his experience at the CIA could lead to State staffing up important departments that deal with cybersecurity diplomacy, they said.

It will be equally important to put in place staff that can handle cybersecurity diplomacy, they said. Most day-to-day policy decisions are handled by individual offices rather than from the Secretary’s desk.

Pompeo likely would exert more effort to fill important positions related to cybersecurity diplomacy, David D. Nelson, former U.S. ambassador to Uruguay under President Barack Obama and former acting assistant secretary for State’s Bureau of Economic, Energy and Business Affairs, told Bloomberg Law March 14.

Pompeo’s leadership at the CIA could give him a more keen eye toward cybersecurity and mean he would be more effective at grasping the relevancy of security concerns to the U.S., he said.

Critical to Pompeo’s success will be his ability to regain the trust of international allies that may have seen conflicting messages from Trump and Tillerson on international and cybersecurity policy issues, former officials said.

Negotiating cybersecurity norms across the world requires trust and consistent messaging from leadership, Nelson said. “Trust is set from the very top,” so it would be imperative for Pompeo to reiterate Trump’s policy proposals while listening to allies’ input to implement these goals, he said.

To contact the reporter on this story: Daniel R. Stoller in Washington at dstoller@bloomberglaw.com

To contact the editor responsible for this story: Barbara Yuill at byuill@bloomberglaw.com

Copyright © 2018 The Bureau of National Affairs, Inc. All Rights Reserved.

Request Bloomberg Law: Privacy & Data Security