Obama's CIA nominee an advocate for federal cybersec regulations
Since White House cybersecurity coordinator Howard Schmidt left, Brennan has been strong voice on the issue
Computerworld - John Brennan, who was nominated by President Barack Obama today to be the director of the Central Intelligence Agency, has been a vocal advocate for federal cybersecurity legislation in recent months.
As the Deputy National Security Advisor for Homeland Security and Counterterrorism, Brennan has been Obama's chief counterterrorism advisor for four years. In that role, he has frequently called for strong federal legislation to protect government assets and critical infrastructure against cyberattacks.
Last August, Brennan was among four White House officials who called on the U.S. Senate to quickly pass the Cybersecurity Act of 2012, a largely Democrat-backed bill that sought to give the federal government new authority for sharing cyber threat information with the private sector. At the time, the bill was stalled in the Senate; Brennan said passage was "imperative" from a national security standpoint.
Last March, Brennan was part of a team that included the FBI, the National Security Agency and the Department of Justice that conducted a simulated cyberattack on New York City to demonstrate the vulnerability of the city's power grid. The mock attack was part of an effort by the administration to win support for the Cybersecurity Act, a bill that was introduced by Sen. Joseph Lieberman (I-Conn.) but opposed by the Republicans as too prescriptive.
Following the last Congress' failure to pass the bill, the White House said it would consider a cybersecurity executive order that would require government agencies and critical infrastructure owners to implement specific controls for fending off cyberattacks. Brennan is believed to have been heavily involved in writing up a draft version of the order and pushing for it to be issued.
In comments to the Council of Foreign Relations in August, Brennan made it clear that he felt the White House needed to issue guidelines under executive branch authority for securing American interests in cyberspace.
"I would note that executive branch actions under existing authority cannot alter the reality that the United States Government will continue to be hamstrung by outdated and inadequate statutory authorities that the legislation would have addressed," Brennan wrote in a letter to Sen. John (Jay) Rockefeller (D-WVa). "Comprehensive legislation remains essential to improve the cybersecurity of the nation's core critical infrastructure."
John Pescatore, an analyst with Gartner, today said that much of the Brennan's involvement in cybersecurity affairs began only after the departure of White House cybersecurity coordinator Howard Schmidt last May. "He took over the bully pulpit when Schmidt left," Pescatore said. "His real focus [had] been on counterterrorism."
If the nomination is confirmed by the Senate, Brennan will succeed David Petraeus, who quit last year following publicity about an extramarital affair.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is firstname.lastname@example.org.
Read more about Cyberwarfare in Computerworld's Cyberwarfare Topic Center.
- 2013 Cyber Risk Report The "Cyber risk report 2013 Executive summary" presents the major findings of HP Security Research's comprehensive dive into today's cyber vulnerability and threat...
- Platfora Big Data Analytics for Network Security Platfora amplifies the effectiveness of network security analysis, providing Big Data Analytics capability to augment existing security infrastructure for known threats, and advanced...
- Big Data, Big Mess: Sound Risk Intelligence Through Complete Context This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk This paper examines the challenges of understanding cyber risks, the importance of having the right cyber risk intelligence, and how to use this...
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to...
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope... All Cyberwarfare White Papers | Webcasts