Cybersecurity governance just got a leg up in federal government.
An ongoing effort from the Obama administration to shore up the nation's digital defenses was punctuated Sept. 8 by the creation of the first federal Chief Information Security Officer (CISO). The first to fill the role will be Gregory Touhill, a retired brigadier general and deputy assistant secretary of cybersecurity and communications for the U.S. Department of Homeland Security.
As is typical for a CISO, Touhill will lead cybersecurity policy, planning and implementation across the organization, which in this case includes the federated offices of the U.S. government. This new office, which was created by the Cybersecurity National Action Plan (CNAP) announced by President Obama in February, will follow in the spirit of the White House's vision for short- and long-term cybersecurity planning, according to an official release.
The importance of cybersecurity leadership was highlighted last year with the record-breaking data breach that affected the Office of Personnel Management. A Sept. 7 House committee report blamed OPM leadership for allowing the personal information of 21.5 million people to be leaked.
"Tools were available that could have prevented the breaches, but OPM failed to leverage those tools to mitigate the agency's extensive responsibilities," the report concluded.
The White House now seems intent on preventing future high-profile breaches through stronger cybersecurity governance. In addition to the CNAP that created the new CISO role, the White House also established earlier this year the President’s Commission on Enhancing National Cybersecurity, a 12-person group that gathers recommendations from a variety of public- and private-sector backgrounds. The White House also proposed a bill to create a $3.1 billion Information Technology Modernization Fund (ITMF) that would modernize the government's aging computer systems.
Grant Schneider, director for cybersecurity policy on the National Security Council staff at the White House, will fill the acting deputy CISO role.