Bill Chizek - stock.adobe.com
US government launches Bureau of Emerging Threats
The US’ new Bureau of Emerging Threats sits within the State Department and will supposedly help address national security threats arising from cyber attacks, the weaponisation of space, and other emerging technologies.
The US government has formally launched a new Bureau of Emerging Threats within the State Department to protect and mitigate against threats posed to America’s national security by cyber attacks, the weaponisation of space, and emerging technologies such as artificial intelligence (AI)
Although its existence first became public knowledge just under 12 months ago, the State Department has kept a tight lid on the precise nature of the Bureau until this week, when senior officials broke their silence in conversation with reporters from TV network ABC.
“The bureau will address not only the current threats we face today in cyber space, outer space, critical infrastructure, and through the misuse of disruptive technology like AI and quantum, but those we will face in the decades ahead," State Department principal deputy spokesperson Tommy Pigott told ABC News.
Led by career diplomat Anny Vu, the Bureau ultimately reports to the under secretary for arms control and international security Thomas DiNanno, and will contain five distinct offices covering cyber security, critical national infrastructure (CNI), disruptive technology, space security, and threat assessment.
Officials told ABC they would be heavily focused on the activities of the so-called Big Four nation-state threat actors – China, Iran, North Korea and Russia – as well as international terrorist organisations.
The network additionally reported that the State Department has not revealed any details pertaining to the Bureau’s budget, staffing levels, or how it will work alongside the multiple pre-existing US agencies that claim some degree of expertise on cyber security matters – such as the Cybersecurity and Infrastructure Security Agency (Cisa) and the National Security Agency (NSA).
Engagement
Absent further detail at this stage, for the time being security leaders should continue to try to work with their existing US government contacts, said Xcape Inc board member David Small.
“Security leaders should prioritise maintaining relationships with Cisa, which remains the operational bridge between the State Department’s diplomatic goals and the private sector’s technical defence needs,” he said.
“Hiring a fleet of cyber security experts into the State Department is a bit like asking a career diplomat to debug a kernel panic; they’ll handle the negotiations beautifully, but the system is still going to crash.”
The appointment of three long-standing diplomatic experts as its leadership suggests the Bureau’s output will initially lean towards sanctions and treaty-writing, as opposed to technical remediation, he said.
As the new organisation beds in, Small said the business impact for private sector security pros was a period of increased regulatory noise as it attempts to define international security norms that may not always align with current engineering realities.
“To prepare, defenders and policy leaders should look to engage with the Bureau's Office of Disruptive Technology early, treating it as a primary channel for informing the government on the feasibility of proposed AI and space-asset regulations,” added Small.
Suzu Labs senior director for secure AI solutions and cyber security, Jacob Krell, said that in his view, the Bureau of Emerging Threats was named for threats that have long-since emerged.
“Cyber and space capabilities served as the opening instruments in the current campaign against Iran. AI driven systems are compressing military decision cycles from days to minutes. These are the primary tools of state power being deployed right now by every adversary this bureau names. Standing up a bureau to address them through foreign policy is a recognition that the nature of conflict has fundamentally changed,” he said.
“That recognition is what makes the placement under the under secretary for arms control and international security significant. The United States is formally treating cyber, AI, and space as part of the same strategic conversation as conventional and nuclear capabilities. That is the right instinct.”
But like Small, Krell said he saw challenges ahead, in that technologically-driven conflict occurs much quicker than diplomats can handle. For the Bureau to be effective, he said it would need to operate at a pace reflecting technological reality, not at the pace of the State Department.
“The mandate is sound and the recognition is overdue. What matters now is whether this bureau arrives with the resourcing and operational speed to match threats that have already moved well past the planning stage,” he said.
Read more about US cyber policy
- The US communications regulator has enacted a ban on all router hardware made outside America citing security concerns, but experts say the move may risk creating more issues than it solves.
- The US has unveiled a six-pillar national cyber security strategy, with developing technological areas such as post-quantum cryptography and artificial intelligence front and centre.
- The conduct of powerful nations is causing knock-on effects in the cyber world as long-standing security frameworks appear increasingly precarious.
