After seven months of anticipation among the federal community, the White House has named its first chief information security officer (CISO) and deputy CISO. The positions were announced in February 2016 as part of President Obama’s mandate that his Administration implement a Cybersecurity National Action Plan (CNAP) and were filled in September.
The White House named retired Brig. Gen. Greg Touhill as the first CISO and Grant Schneider as his acting deputy CISO. Touhill has been at the Department of Homeland Security (DHS), serving as the deputy assistant secretary for cybersecurity and communications in the Office of Cybersecurity and Communications (CS&C) and also as acting director of the National Cyber and Communications Integration Center (NCCIC) for some of that time. His experience also includes his time as the Chief Information Officer (CIO) and director of C4 systems for the U.S. Transportation Command, CIO of the Air Mobility Command and director of C4S for the U.S. Central Command Air Forces. Touhill served in the U.S. Air Force for 21 years and retired in 2013. In the deputy position, Schneider brings experience from his work at the Office of Management and Budget (OMB) and from serving as the CIO at the Defense Intelligence Agency prior to that.
Some are concerned that the delay in filling the CISO position could lessen Touhill’s impact, because he has only a bit over four months to serve. However, it is seen as a necessary position and one that could break down siloes that currently exist in the federal government. As the National Security Telecommunications Advisory Committee (NSTAC) stated in a letter to President Obama in March, the new federal CISO “has enormous potential to enhance our Nations’ cybersecurity [by enabling] cross-organizational coordination and collaboration.”
FTI reached out to Ralph Kahn, Tanium Vice President, who recently shared his support of Touhill saying “General Touhill is a great choice for our country’s first-ever federal chief information security officer. He knows how to bring the public and private sectors together to tackle the challenge of securing our nation’s networks while always looking around the bend to the newest threats and solutions. We look forward to working with him.”
In a recent podcast with FTI, Kahn said that federal cybersecurity leaders have come to realize that they cannot create effective cyber defenses against the relentless attacks they are subjected to without effective IT operations, and they can’t have effective IT operations without effective cyber defense. He explained that getting to this mindset requires the courage to throw out accepted norms, such as the Maginot Line of defense, and to question how budget is spent and where it is invested to discover what truly is possible to achieve in cybersecurity.
The president’s CNAP and appointment of Touhill are examples of great first steps in discovering what is possible to achieve in cybersecurity for the federal government.
