Dive Brief:
- The White House announced Thursday retired Brigadier General Gregory J. Touhill will serve as the first Federal Chief Information Security Officer (CISO). Grant Schneider, the cybersecurity policy director on the White House National Security staff, will serve as the Acting Deputy CISO.
- The appointment is part of the Cybersecurity National Action Plan announced in February by President Barack Obama. The idea behind the plan is to make short-term and long-term steps to improve the federal cybersecurity posture.
- As CISO, Touhill will work within the federal Office of Management and Budget to drive cybersecurity policy, planning and implementation across the federal government, reporting directly to Tony Scott, the federal Chief Information Officer. Touhill currently works for the Department of Homeland Security as the deputy assistant secretary for Cybersecurity and Communications in the cybersecurity office.
Dive Insight:
Appointing a federal CISO is long overdue, especially considering the rash of data breaches at federal agencies over the last two years, including the Office of Personnel and the IRS.
In his new role, Touhill will lead a team within OMB tasked with implementing leading cyber practices across federal agencies, which includes reviews of whether agencies have installed the policies. This should help ensure that federal agencies have policies in place that could help deter such large-scale breaches.
A survey released in May found most federal cybersecurity executives don’t believe multiple efforts at improving federal cybersecurity thus far are having a substantial effect. Respondents did, however, indicate that the Cybersecurity National Action Plan has potential to make a difference, especially in the area of accountability.
But the federal CISO's effectiveness is still to be determined. Though officials can put policies in place, it is still up to agencies to instill the importance of cyber hygiene in their employees, which could help prevent employee cybersecurity errors from sparking another breach.