IT, cyber figure in State Dept. 'redesign'

As the Trump administration looks to dramatically reshape the State Department's scope and size, an IT refresh and increased role in cyber policy are on the table.

Deputy Secretary of State John Sullivan told a House panel that the department "urgently needs to integrate IT systems and cybersecurity platforms" and update its aging legacy IT infrastructure. He also noted in written testimony that "a decentralized risk management system hinders fast, forceful incident responses."

"By modernizing, we'll save money in the long run and facilitate better decision making in the future," Sullivan said in a Sept. 26 hearing of the House Foreign Affairs Committee. Sullivan indicated that a move to a cloud-based platform will happen "in the coming months," but more information on the specifics was not forthcoming.

Sullivan also indicated that State had submitted its agency reform plan to the Office of Management and Budget ahead of the Sept. 30 deadline and that it had taken into account feedback from 35,000 employees, including 1,400 submissions to State and U.S. Agency for International Development web portals set up to accept comments .

The agency reorganization, called a "redesign" internally at State, come in the context of a proposed 32 percent reduction in spending for the department in the Trump administration's budget proposal, which totals $37.6 billion. While House and Senate appropriators haven't included such drastic cuts in their funding bills, Sullivan said he believed the department could manage to fulfill its mission under the funding requested. Under questioning, Sullivan said that currently morale at the agency was not high.

However, as programs and headcount shrink, one area that may require more spending is tech.

"'Where we need more resources to do our jobs more effectively we will seek them," Sullivan told the committee during questioning. "IT is one area where I predict we will need assistance in the future in reforming our IT infrastructure."

IT reform is just one plank of the redesign plan which Sullivan said aims to save more than $5 billion over five years.

Rep. Francis Rooney (R-Fla.), who served as the U.S. ambassador to the Vatican during the George W. Bush administration, welcomed the news.

"I'm glad to hear you're upgrading IT," Rooney said. "When I was serving in Rome, we had Windows minus-1."

Sullivan also took pains to indicate that the recent downgrade of the post of cybersecurity coordinator was an intermediate step in rethinking cybersecurity policy at State.

"My expectation is that as part of our redesign, will elevate [the role] to a Senate-confirmed level," Sullivan said, adding that the full title and its situation in the department's bureaucracy were open questions.

"We need to elevate cyber broadly defined," Sullivan said, including cyber defense and cyber diplomacy and State's interaction with the Department of Defense.

The chairman and ranking member of the committee have their own ideas about where cybersecurity policy should reside at State. The Cyber Diplomacy Act of 2017, introduced Sept. 14 by Rep. Ed Royce (R-Calif.) and Rep. Eliot Engel (D-N.Y.) calls for the establishment of an Office of Cyber Issues to be led by a presidential appointee with the rank of ambassador. That official, under the bill, would report to the Undersecretary for Political Affairs or someone of higher rank within the department.

Rep. Michael McCaul (R-Texas), a member of the Foreign Relations committee and chairman of the House Homeland Security Committee, wants to see State take a more clearly defined role in cybersecurity.

"I think State is going to be more and more involved," he said. "Right now, there are no rules of the road."