The White House today announced that Brigadier General (retired) Gregory J. Touhill has been named the first Federal Chief Information Security Officer (CISO).
Back in February, President Barack Obama unveiled a cybersecurity “national action plan” (CNAP) which called for an overhaul of aging government networks and a high-level commission to boost security awareness. As part of the plan, the White House said it would hire a federal CISO to direct cybersecurity across the federal government.
In a blog post, U.S. CIO Tony Scott and Cybersecurity Coordinator J. Michael Daniel said Touhill will “leverage his considerable experience in managing a range of complex and diverse technical solutions at scale with his strong knowledge of both civilian and military best practices, capabilities, and human capital training, development and retention strategies.”
“Greg will lead a strong team within OMB who have been at the forefront of driving policy and implementation of leading cyber practices across federal agencies, and is the team that conducts periodic cyberstat reviews with federal agencies to insure that implementation plans are effective and achieve the desired outcomes,” Scott and Daniel added.
General Touhill is currently the Deputy Assistant Secretary for Cybersecurity and Communications in the Office of Cybersecurity and Communications (CS&C) at the Department of Homeland Security (DHS).
In addition to the naming Touhill as the first Federal CISO, the White House announced that Grant Schneider has been named as the Acting Deputy CISO. Schneider currently serves as the Director for Cybersecurity Policy on the National Security Council staff at the White House.
“Building on the Cybersecurity Workforce Strategy to identify, recruit, and retain top talent, the CISO will play a central role in helping to ensure the right set of policies, strategies, and practices are adopted across agencies and keeping the Federal Government at the leading edge of 21st century cybersecurity,” the blog post continued.
Earlier this week a report published by the U.S. House of Representatives Committee on Oversight and Government Reform said the data breaches disclosed by the Office of Personnel Management (OPM) last year were a result of culture and leadership failures, and should not be blamed on technology.
“Today’s most advanced cyber threats can no longer be detected by technology alone – experienced, talented cyber threat hunters are now a requirement,” Ryan Shaw, Chief Operating Officer at Raytheon Foreground Security, told SecurityWeek. “The OPM breach, as detailed in the recent Congressional report, is a case in point. The U.S. government has a lot at stake when it comes to protecting data. It’s not a matter of if, but when an attack will strike. Government organizations cannot afford to sit and wait for tool generated alerts; instead, they must proactively hunt for sophisticated and damaging cyberattacks.”
