⚡NIMITZ TECH NEWS FLASH⚡

“Shaping the Future of Cyber Diplomacy: Review for State Department Reauthorization

House Foreign Affairs Europe Subcommittee

April 29, 2025 (recording linked here)

HEARING INFORMATION

Witnesses and Written Testimony (View Here):

• Ms. Annie Fixler: Director, Center on Cyber and Technology Foundation for Defense of Democracies

• Ms. Latesha Love-Grayer: Director, International Affairs and Trade, U.S. Government Accountability Office

• Mr. Theodore Nemeroff: Co-Founder and Vice President for Data and Compliance, Verific AI

HEARING HIGHLIGHTS

IN THEIR WORDS

SUMMARY OF OPENING STATEMENTS FROM THE COMMITTEE AND SUBCOMMITTEE

• Chairman Self highlighted the growing cyber threats from China, Russia, Iran, and North Korea, particularly their attempts to compromise U.S. critical infrastructure and launder cryptocurrency. He emphasized the importance of the State Department's readiness and international cooperation to combat these challenges. He pointed to the Bureau of Cyberspace and Digital Policy (CDP)'s role in supporting Costa Rica during a ransomware attack and in Pacific Island infrastructure projects. However, he questioned CDP’s authority, given conflicting actions by the State Department, and called for improved efficiency through this hearing.

• Ranking Member Keating praised bipartisan efforts in establishing CDP and emphasized its success in strengthening cyber defenses in countries like Costa Rica and Ukraine. He criticized recent reorganization plans that would split CDP’s roles and potentially undermine its integrated mission. He expressed concern over the Trump administration's cuts to foreign assistance and politicization of the cyber workforce. Keating urged the committee to listen to expert testimony and reauthorize the State Department in a way that supports national cyber interests.

SUMMARY OF WITNESS STATEMENT

• Ms. Fixler underscored that the cyber threat landscape is increasingly hostile, with adversaries like China preparing destructive cyber capabilities. She stated that CDP has improved rapid cyber response and helped allies recognize and attribute attacks, thus strengthening collective deterrence. Fixler advocated for resilience in allied infrastructure, noting that this alone can deter adversaries, as demonstrated in a cybersecurity simulation involving Taiwan. She warned that China’s involvement in telecommunications poses a threat, and stressed that without a strong CDP, the U.S. cannot succeed in cyber diplomacy.

• Ms. Love-Grayer reviewed the history and structure of CDP, noting it was created to advance U.S. interests in cyberspace through diplomacy and foreign assistance. She highlighted CDP's diplomatic engagements, including with the EU and at the G20, and its foreign assistance programs aimed at building global cyber capacity. Her report emphasized past shortcomings in planning and coordination but acknowledged improvements after GAO recommendations. She identified ongoing challenges, particularly in clearly defining CDP’s roles and ensuring adequate expertise and resources.

• Mr. Nemerov praised the integration of security, economic, and human rights goals within CDP and recommended enhancing its “full stack” approach to cyber diplomacy. He emphasized the need for persistent cyber deterrence and CDP’s growing operational role in incident response, such as the Falcon capability for rapid deployment. He stressed the importance of development finance to support allies and counter China’s aggressive digital expansion. Nemerov concluded with four questions for the subcommittee, urging it to ensure the restructuring supports integrated leadership, a skilled workforce, and adequate funding.

SUMMARY OF KEY Q&A

• Chairman Self asked for clarification on what it meant when she said Taiwan "survived the attack" in a tabletop exercise. Ms. Fixler explained that the exercise simulated cyber and economic coercion, and Taiwan’s societal and cyber resilience discouraged China from escalating to a kinetic attack.

  Chairman Self cited a European blackout suspected to result from a cyberattack, and asked how vulnerabilities in allies’ infrastructure affect U.S. national security. Ms. Fixler responded that U.S. military mobility depends on civilian infrastructure, both domestic and overseas, making allied infrastructure resilience essential to operational security.

  Chairman Self inquired about CDP’s coordination with other agencies and who holds primary authority in cyber diplomacy. Ms. Love-Grayer explained that CDP partners with agencies like DOD via programs such as Hunt Forward, holds interagency agreements with eleven agencies, and carries the mandate for cyber diplomacy while other agencies contribute capabilities.

• Ranking Member Keating stressed the borderless nature of cyber threats and asked how critical it is to maintain strong alliances despite foreign aid cuts. Mr. Nemeroff emphasized that cybersecurity is a “team sport” and cited foreign assistance to Albania as vital to strengthening NATO-wide cyber resilience.

  Ranking Member Keating asked about the importance of maintaining a trained cyber workforce and risks posed by workforce cuts. Ms. Fixler stated that federal cyber talent pipelines are underdeveloped, and advocated for community college pathways and apprenticeships. Ms. Love-Grayer added that CDP needs personnel with both technical and diplomatic skills, which are difficult to retain due to private sector competition.

  Ranking Member Keating noted that AI could amplify cyber threats and asked about risks from the proposed reorganization fragmenting CDP’s integrated structure. Mr. Nemeroff agreed and warned that siloing could hinder coordinated responses, recommending continued high-level oversight and integration.

• Chairman Rounds asked what “right-sizing” AI models meant and whether it related to battlefield applications like loitering munitions. Mr. Ferris said right-sizing meant tailoring AI models to mission-specific needs, enabling faster, more strategic human decisions through intelligent data analysis.

  Chairman Rounds asked for the differences between “human in the loop,” “on the loop,” and “over the loop,” and for discussion on current and future applications in both offensive and defensive military AI contexts. Mr. Ferris said current systems still rely on humans in or on the loop, but anticipated agentic AI could eventually enable more autonomous actions, though human oversight should remain central. Mr. Tadross said the choice between in, on, or over the loop depends on the use case and speed of decision-making, and emphasized the need for evaluation, retraining, and a robust data infrastructure to support AI responsiveness. Mr. Mitre said effectiveness in context is key, and warned that overdependence on AI could introduce new risks, so safeguards, contingency planning, and clarity about vulnerabilities are essential.

• Rep. Davidson questioned whether cutting USAID cyber aid truly harms allies and asked what kind of assistance the U.S. should provide. Ms. Fixler explained that CDP effectively combines modest U.S. aid with allied and private sector investments, especially in undersea cables, to achieve strategic impact.

  Rep. Davidson asked how to balance outbound investment restrictions in AI and cybersecurity while protecting intellectual property. Mr. Nemeroff warned that securing U.S. AI assets globally is critical and that cybersecurity must be built into data center development wherever located.

• Rep. Davidson criticized agencies like CISA for perceived overreach on misinformation and asked how CDP avoids violating civil liberties. Mr. Nemeroff responded that CDP prioritizes promoting digital freedom abroad and focuses on cyber threats, not speech regulation, affirming First Amendment protections.

• Rep. Amo asked how CDP coordinates with CISA and how the proposed State Department reorganization would affect that relationship. Ms. Love-Grayer stated that CDP's coordination with CISA and others has ensured alignment of foreign and domestic cyber policy, but the reorganization could reduce its influence.

  Rep. Amo raised concerns about public service attrition and asked how terminations have affected cyber workforce retention. Ms. Love-Grayer said GAO has not yet assessed these impacts but confirmed a congressional request to evaluate foreign assistance and workforce issues is underway.

• Rep. McBride asked what resources CDP needs to stay ahead of emerging tech threats. Mr. Nemeroff said CDP must build a full-stack digital strategy that secures every layer—from undersea cables to AI—and leverages U.S. private sector innovation.

  Rep. McBride asked how cuts to foreign assistance have impacted CDP's mission. Ms. Love-Grayer said the effects of these changes are not yet assessed, but GAO plans to examine them.

• Chairman Self (round two) asked if the U.S. should engage allies to protect undersea cables and whether routing can enhance security. Ms. Fixler affirmed the strategic importance of both physical and cyber resilience in cable infrastructure and warned of adversaries seeking control over such systems.

  Chairman Self asked what level of cybersecurity professionals CDP needs and the salary competition with the private sector. Ms. Love-Grayer said internal training and hiring are both needed, and CDP has trained about 250 diplomats. Mr. Nemeroff explained CDP lacks special cyber pay scales and competes against private sector salaries reaching hundreds of thousands of dollars.

  Chairman Self asked for recommendations on CDP reauthorization structure. Ms. Fixler advised preserving integration across digital economy, cybersecurity, and threat missions regardless of reporting lines. Ms. Love-Grayer agreed, stressing placement affects resource access and strategic prioritization. Mr. Nemeroff echoed support for integration and advised ensuring senior leaders still represent CDP’s full mission in interagency meetings.

• Ranking Member Keating (round two) asked if CDP’s tabletop exercise considered threats to undersea cables. Ms. Fixler confirmed that it did, and the scenario included cyber and infrastructure disruption, highlighting the importance of rapid cable repair capabilities.

  Ranking Member Keating asked how CDP can facilitate cooperation between foreign governments and private sectors for quicker cyber incident response. Mr. Nemeroff said private companies often detect and respond faster than governments and are critical partners in shared situational awareness and early warning.

• Rep. Kim asked how private sector expertise could be leveraged to bolster allied cyber resilience. Mr. Nemeroff emphasized that public-private partnerships and cloud adoption are essential and agile private companies should be involved globally. Ms. Fixler added that CDP’s incident response model works through private sector partnerships, not government deployment. Ms. Love-Grayer noted that CDP’s support enabled favorable environments for private investment, citing Costa Rica as a key example.

  Rep. Kim asked how CDP can strengthen such partnerships and address cross-border coordination challenges. Ms. Fixler said the key challenge is strategically identifying the most critical infrastructure to protect and prioritizing accordingly.

  Rep. Kim asked which offices overlap with CDP’s responsibilities and how those overlaps are managed. Ms. Love-Grayer identified the DRL and INL bureaus as overlapping in cyber diplomacy and noted that coordination exists but still faces challenges in defining lead roles.

  Rep. Kim asked how CDP could reduce interagency redundancy and improve coordination with DHS, DOJ, DOD, and Treasury. Ms. Love-Grayer said CDP should ensure regular communication within State and formal agreements across agencies help clarify leadership roles.

ADD TO THE NIMITZ NETWORK

Know someone else who would enjoy our updates? Feel free to forward them this email and have them subscribe here.