The White House announced that it has hired their first federal chief information security officer. It is retired Brigadier General Gregory J. Touhill who earned the right, to serve as the CISO.
Touhill will now be responsible for setting strategies,policies and practices across federal agencies. According to White House blog post in which they announced the news. The role of the first federal CISO will also include conducting Cyberstat Reviews with federal agencies in order to ensure security plans are implemented properly and effectively.
The appointment of Touhill as CISO is a part of President Obama’s $19 billion Cybersecurity National Action Plan announced earlier this February. It also comes on the heels of a scathing oversight committee report released last week on the U.S. Office of Personnel Management breaches which exposed sensitive data containing information of more than 22 million people.
According to people familiar with Touhill, he is well respected by others for his experience and long tenure in the IT field. Touhill has worked for the Department of Homeland Security for the past two years as the deputy assistant secretary for cybersecurity and communications in the Office of Cybersecurity and Communications. Before that he worked in academia, IT consulting, as CIO for C4 Systems, and served 21 years with US Air Force.
“It’s nice that the White House is acknowledging the importance of information security by putting the responsibility on top of one person. But whether Touhill can do anything other than provide general policy guidance is a big question,” said Ray Bjorklund, a former federal program manager and policy officer who is now a consultant with market research firm BirchGrove Consulting. “The Federal Government is made up of such a wide span of diverse agencies – each with their own funding. It’s hard for a central figure – be it CIO or CISO – to really control what the agencies are doing.”