Cyber Diplomacy: The Bureau of Cyberspace and Digital Policy's Efforts to Advance U.S. Interests

What GAO Found

The Department of State leads U.S. government international cyber diplomacy efforts to advance U.S. interests in cyberspace. To help achieve those objectives, State established the Bureau of Cybersecurity and Digital Policy (CDP) in April 2022. In doing so, State addressed GAO's recommendations to involve federal stakeholders and use data and evidence in planning for the bureau. State created the bureau to elevate cyberspace as an organizing concept for U.S. diplomacy by consolidating efforts and leadership of cyber-related activities into a single unit. CDP's cyber diplomacy strategic objectives include building coalitions, strengthening capacity, and reinforcing norms.

New Entities State Created in 2022 to Elevate Cyber Priorities

In 2024, GAO reported that State conducts a range of diplomatic and foreign assistance activities aligned with U.S. cyber objectives. For example, State works to build coalitions of countries that share U.S. strategic objectives to (1) counter threats to the U.S. digital ecosystem and (2) reinforce global norms of responsible state behavior. CDP leads or coordinates many of these activities for State. For example, CDP rallies countries that share U.S. goals to coordinate policies that advance an open, free, global, interoperable, reliable and secure internet. CDP also facilitates bilateral diplomacy efforts through activities such as interagency whole-of-government cyber dialogues, which involve communication with partner nations.

GAO also reported that CDP faced ongoing organizational challenges, including clarifying roles, hiring staff, and ensuring it had the expertise needed to carry out its goals. Although cyber responsibilities are defined under the new structure, roles remain deliberately shared across government, making clarification an ongoing challenge. CDP was also working to clarify State's role in the interagency process and maintain its lead in cyber diplomacy. CDP officials noted that defining roles across overlapping issues and sustaining internal communication and visibility remain key challenges, especially given the broad scope of cyber issues. Ensuring the bureau has trained staff to carry out its goals may also be a challenge. State must effectively navigate these challenges for CDP to achieve its stated goals.

Why GAO Did This Study

As international trade, communication, and critical infrastructure grow more dependent on cyberspace and digital technology, the U.S. and its allies face intensifying foreign cyber threats in critical areas. Foreign governments and non-state actors are increasingly using cyberspace as a platform from which to target critical infrastructure and U.S. citizens. This undermines democracies and international institutions and organizations. It also undercuts fair competition in the global economy by stealing ideas when they cannot create them. CDP's mission is to promote U.S. national and economic security by leading, coordinating, and elevating foreign policy on cyberspace and digital technologies.

This statement discusses:

• the evolution of cyber diplomacy at State that led to the eventual creation of CDP, including the status of recommendations GAO made during its creation;
• how the bureau has organized itself to accomplish cyber diplomacy goals and the types of efforts it undertakes; and
• challenges the bureau faces in fulfilling its goals.

This statement is based on three GAO reports related to State's cyber diplomacy programs— GAO-20-607R, GAO-21-266R, and GAO-24-105563. For that work, GAO analyzed State documents and data and interviewed agency officials. For a full list of the reports, see Related GAO Products at the conclusion of this statement.

For more information, contact Latesha Love-Grayer at lovegrayerl@gao.gov.