John Brennan, who was nominated by President Barack Obama today to be the director of the Central Intelligence Agency (CIA), has been a vocal advocate for federal cybersecurity legislation in recent months.
As the Deputy National Security Advisor for Homeland Security and Counterterrorism, Brennan has been Obama's chief counterterrorism advisor for four years. In that role, he has frequently called for strong federal legislation to protect government assets and critical infrastructure against cyberattacks.
Last August, Brennan was among four White House officials who called on the U.S. Senate to quickly pass the Cybersecurity Act of 2012, a largely Democrat-backed bill that sought to give the federal government new authority for sharing cyber threat information with the private sector. At the time, the bill was stalled in the Senate; Brennan said passage was "imperative" from a national security standpoint.
Last March, Brennan was part of a team that included the FBI, the National Security Agency and the Department of Justice that conducted a simulated cyberattack on New York City to demonstrate the vulnerability of the city's power grid. The mock attack was part of an effort by the administration to win support for the Cybersecurity Act, a bill that was introduced by Sen. Joseph Lieberman (I-Conn.) but opposed by the Republicans as too prescriptive.
Following the last Congress' failure to pass the bill, the White House said it would consider a cybersecurity executive order that would require government agencies and critical infrastructure owners to implement specific controls for fending off cyberattacks. Brennan is believed to have been heavily involved in writing up a draft version of the order and pushing for it to be issued.
In comments to the Council of Foreign Relations in August, Brennan made it clear that he felt the White House needed to issue guidelines under executive branch authority for securing American interests in cyberspace.
"I would note that executive branch actions under existing authority cannot alter the reality that the United States Government will continue to be hamstrung by outdated and inadequate statutory authorities that the legislation would have addressed," Brennan wrote in a letter to Sen. John (Jay) Rockefeller (D-WVa). "Comprehensive legislation remains essential to improve the cybersecurity of the nation's core critical infrastructure."
John Pescatore, an analyst with Gartner, today said that much of the Brennan's involvement in cybersecurity affairs began only after the departure of White House cybersecurity coordinator Howard Schmidt last May. "He took over the bully pulpit when Schmidt left," Pescatore said. "His real focus [had] been on counterterrorism."
If the nomination is confirmed by the Senate, Brennan will succeed David Petraeus, who quit last year following publicity about an extramarital affair.
Sign up for Computerworld eNewsletters.