Retired Brigadier General Gregory J. Touhill has been appointed as the Federal Chief Information Security Officer (CISO). This is the first time an appointee has held this position.
In February, President Barack Obama outlined a “national attack plan” for cybersecurity. Details included updating aging government networks and developing a high-level commission tasked with improving and monitoring national cybersecurity. The plan also called for the appointment of a senior official tasked with directing cybersecurity efforts across government agencies.
The U.S. already has a Federal CIO, Tony Scott, who is responsible for the management of digital government data. In a blog post authored in collaboration with Cybersecurity Coordinator J. Michael Daniel, Scott wrote that General Touhill would “leverage his considerable experience in managing a range of complex and diverse technical solutions at scale with his strong knowledge of both civilian and military best practices, capabilities, and human capital training, development and retention strategies.”
As Federal CISO, General Touhill will oversee a team within the Office of Management and Budget responsible for developing national policies regarding cybersecurity, implementing best practices across agencies, and conducting audits to confirm that cybersecurity is as ironclad as possible in all corners of government.
General Touhill previously served at Deputy Assistant Secretary for Cybersecurity and Communications in the Office of Cybersecurity and Communications, a division within the Department of Homeland Security. The White House also appointed a former Director for Cybersecurity Policy on the National Security Council to serve as acting Deputy CISO.
Data breaches have plagued the national government in recent years. A high-level hack of the Office of Personnel Management in 2015 exposed the personal information of over 20 million government employees. The attack has been blamed on a culture and leadership that dismissed the risk posed by cyber criminals, rather than on distinct technological failures.
A major responsibility of the CISO will be to recruit, train, and retain cybersecurity professionals who can handle the herculean task of safeguarding government networks against advanced and evolving threats. Historically, the government has faced stiff competition from the private sector to hire top security experts.
Another major responsibility will be to reconfigure national cybersecurity strategies to be more proactive. Currently, most rely on an alert system which only activates preceding an attack. General Touhill and his staff will spearhead an effort to anticipate threats in advance and neutralize them before they can affect data and applications.