After five years in Congress and a lengthy confirmation hearing last week before the Senate Intelligence Committee, there are few clues about how Rep. Michael Pompeo will guide the Central Intelligence Agency’s cyber-defense and cyber-espionage efforts.
The Kansas Republican’s two-hour testimony focused on his qualifications and opinions about broad policy topics. When the committee did broach cybersecurity topics, the conversation was hardly in-depth.
“We have an awful lot of work to do [in terms of cybersecurity],” Pompeo said during his testimony Thursday. “There is no reason to expect this threat is going to diminish. And that will take a whole of government effort to do that, shared by the executive branch and legislative branch.”
As a congressman and vocal member of the House Intelligence Committee, Pompeo has been greatly involved in legislation on intelligence-gathering activities and the handling of classified information. Cybersecurity-specific legislation, however, saw his desk less frequently. And Pompeo has rarely spoken on the topic, based on an analysis of the congressman’s statements, social media posts, legislative filings and past votes, conducted using the Quorum analytics tool.
In answering a series of questions at the hearing from Sen. John McCain, R-Ariz., Pompeo said he was in favor of a uniform, consistent cyberattack response framework that would effectively counter the Obama administration’s existing “case-by-case” approach.
“It is very important for government, all of America, to develop a policy with respect to [responding to cyberattacks] and I promise I will work along side you to help develop such a policy with good intelligence,” Pompeo told McCain.
Since joining congress in 2011, Pompeo cosponsored five different cybersecurity bills, each relating to the issue area in varying degrees. All five passed the house, including the DHS Acquisition Accountability and Efficiency Act, but stalled out after arriving in the Senate. He was not the lead sponsor on any significant cybersecurity-focused bill, taking a more active role instead in the passage of legislation on energy policy and business regulation.
Of those five cyber bills, Pompeo was perhaps most engaged with the Cyber Intelligence Sharing and Protection Act of 2012 — a predecessor to the Cybersecurity Information Sharing Act of 2015, establishing a cyber threat intelligence platform between the private sector and federal government. He introduced two separate amendments to the 2012 bill, which clarified relevant liability provisions and government oversight rules. The bill passed the House with a bipartisan vote of 248 to 168 but never made it to the president’s desk.
Pompeo — much like the Homeland Security Secretary nominee, former Gen. John Kelly, and president-elect’s choice for Office of the Director of National Intelligence, former Sen. Dan Coats — was chosen for his national security expertise outside of cybersecurity. Of the current cabinet picks, only former Gen. James Mattis boasts an extensive background in dealing with cybersecurity relevant operations.
“While we have had our share of strong differences — principally on the politicization of the tragedy in Benghazi — I know that he is someone who is willing to listen and engage, both key qualities in a CIA director,” Rep. Adam Schiff, D-Calif., said in a statement following Pompeo’s appointment.
Pompeo said in 2012 that he is particularly concerned about the impact of cyber-espionage on the U.S.
“Perhaps the most significant, dangerous activity in cyberspace [is digital espionage]. Cyberspies lay in wait for years in order to eventually steal precious military and economic secrets,” Pompeo said in a 2012 floor statement. “Unfortunately, some civil liberties and privacy advocates claim that liability protection in [the Cyber Intelligence Sharing and Protection Act] with respect to the use of cybersecurity systems could lead to broader activities than authorized. This legislation doesn’t do that.”
In September, following calls to pardon former NSA contractor-turned whistleblower Edward Snowden, Pompeo’s press office put out a statement that described Russia as a “nation known for cyberattacks and violations of civil liberties.” That opinion appears to broadly contradict comments previously made by Trump, who has encouraged improved bilateral relations with the Kremlin.
A custodian of the U.S. intelligence community and vehement defender of the NSA, which came under intense scrutiny in 2013 when classified documents were published by news outlets, Pompeo continues to support the spy agency’s controversial metadata collection program —a tool phased out by the introduction of the 2015 USA Freedom Act.
“I still continue to stand behind the commitment to keep America safe by conducting lawful intelligence collection,” Pompeo said of the metadata collection program during his testimony last week.