House subcommittee presses State Department reauthorization as members warn proposed reorganization could 'break' CDP

The House Foreign Affairs Subcommittee on Europe held a hearing to review reauthorization of the State Department's Bureau of Cyberspace and Digital Policy and to examine a Trump administration proposal to reorganize the department that members and witnesses said risks undercutting U.S. cyber diplomacy.

Chairman Self opened the hearing saying the panel would “be exploring the role of the State Department in cyber and technology matters,” with a special focus on the Bureau of Cyberspace and Digital Policy, or CDP. Ranking Member Keating warned the administration's plan “would decimate the department's cyber policy tools by splitting it in half,” moving CDP’s economic functions into one office and hard-security offices into another.

The hearing brought three outside witnesses: Annie Fixler, Director, Center on Cyber and Technology, Foundation for Defense of Democracies; Leticia Love Grauer, Director, International Affairs and Trade, U.S. Government Accountability Office; and Theodore Nemeroff, Co‑founder and Vice President for Data and Compliance, Verific AI. All three testified that Congress should preserve CDP’s integrated structure when it considers reauthorization.

Why it matters: Witnesses and members said CDP performs a mix of diplomacy, capacity building and operational support—ranging from rapid incident response to long‑term infrastructure work—that they said relies on having economic, security and development tools in a single bureau. “We need the countries that we fight with and through to have resilient infrastructure,” said Annie Fixler. Fixler and other witnesses cited CDP’s role after the 2022 ransomware attacks in Costa Rica and during cyber support to Ukraine as examples of the bureau’s operational and diplomatic reach.

Testimony and oversight findings

Leticia Love Grauer summarized GAO audits that track CDP’s evolution. “State established CDP in April 2022 to lead the U.S. government’s international cyber diplomacy,” she said, and GAO found the bureau consolidated several functions and elevated senior leadership, but still faces challenges defining roles across bureaus and ensuring sufficient in‑house expertise. GAO’s review also documented CDP’s use of formal interagency agreements—she told the committee the bureau had 11 such agreements with agencies including the Department of Defense, Department of Commerce, FCC, DHS and USAID to coordinate technical capacity building.

Theodore Nemeroff recommended a “full stack approach” that treats undersea cables, data centers and network infrastructure together with software‑level defenses. “Whether our adversaries gain access to critical systems through hacking or by selling untrusted undersea cables, data centers or 5Gs, it all harms our national security,” Nemeroff said.

Operational capabilities and programs

Witnesses described several concrete CDP activities: rapid deployment of private‑sector incident responders (a pilot called “Falcon”), foreign assistance to improve partner countries’ cyber norms and defenses, and strategic investments in trusted undersea cable projects in the Indo‑Pacific. Fixler said the bureau can deploy expertise quickly: “Now, in as little as 2 days, the bureau can air drop expertise into partner countries.”

Love Grauer told members that CDP’s foreign assistance can change investment decisions overseas, citing Costa Rica: “We saw that with Costa Rica … Intel felt more secure in being able to go in and make a $1,200,000,000 investment that they probably would not have made if Costa Rica had not changed many of its cyber norms and policies.”

Threat environment and deterrence

Lawmakers and witnesses framed the reauthorization in the context of persistent state‑sponsored and criminal cyber threats. The chair read from public reporting about outages and possible attacks on grid infrastructure in Europe; witnesses highlighted China, Russia, Iran and North Korea as active threats and emphasized deterrence and allied coordination as key tools. Nemeroff argued that deterrence in cyberspace requires “a dynamic and constant effort” and rapid, ally‑coordinated responses when lines are crossed.

Concerns about the administration’s reorganization and budget cuts

Several members said Secretary Rubio’s reorganization plan—by separating CDP’s economic and security functions—could produce silos and weaken the bureau’s ability to coordinate across diplomatic, defense and development lines. Representative Amo said the proposal “breaks CDP” by separating economic functions from cybersecurity and warned it would jeopardize coordination with DOD, DHS and CISA. Ranking Member Keating and others also criticized proposed cuts to USAID and broader foreign assistance, saying reduced funding would weaken capacity‑building programs that CDP uses to partner with allies.

Workforce, hiring and retention

Witnesses and members repeatedly raised staffing and hiring pressures. GAO found CDP had trained diplomats but still needs more staff with both technical and diplomatic skills; Love Grauer told the committee CDP had trained “about 250 diplomats” but must expand technical capacity. Members warned that federal pay scales make it difficult to compete with private‑sector salaries and that recent personnel actions and proposed cuts could harm recruitment and retention.

Coordination with other agencies and the private sector

Witnesses described CDP as the lead for cyber diplomacy but said it relies on partners for technical and funding authorities. Love Grauer said CDP “has the mandate” for cyber diplomacy but that “other agencies might have the technical expertise or even the funding.” Committee members and witnesses emphasized public‑private partnerships for incident response and resilience; Nemeroff and Fixler highlighted the private sector’s speed in incident remediation and the need to preserve trusting relationships so companies will invest in partner countries.

Record requests and next steps

The subcommittee closed by asking witnesses to submit any follow‑up material in writing. Chairman Self told members they may submit statements and questions for the record and that the committee would keep the record open for additional materials and written responses.

The hearing produced no formal votes or legislative actions; members instead used the forum to press for CDP’s statutory reauthorization, to seek more detail on the proposed reorganization, and to request follow‑up information on staffing, funding and specific programs.