In what is a historical event for governmental cybersecurity in the United States, the Obama Administration has appointed Brig. Gen. (ret.) Gregory J. Touhill, a respected member of the military and InfoSec community, as the nation's first chief information security officer. In a White House announcement, Touhill's new job was described as a part of the larger Cybersecurity National Action Plan (CNAP) that seeks to create "a series of near-term actions to enhance cybersecurity capabilities within the Federal Government and across the country."
Gen. Touhill is a holder of the coveted CISSP and CISM certifications, as well as having years of military and IT experience. Gen. Touhill was also the Department of Homeland Security’s deputy assistant secretary for cybersecurity and communications. He is regarded highly by his colleagues in both private and public sectors. In a blog post, Dan Waddell of (ISC)² stated, "I'm fortunate to know Brig. Gen. (ret) Touhill personally as a fellow CISSP and have seen firsthand the great work that his team has accomplished at DHS under his guidance." In accepting the newly created federal CISO position, Gen. Touhill is leaving his current job as cybersecurity director at the White House National Security Council. This job involved mostly policy decisions aimed at protecting sensitive federal networks and infrastructure.
Some experts are raising questions as to how effective the new CISO position will be. Much of this concern stems from the convoluted nature of how government agencies interact with each other. As Ray Bjorklund of Birchgrove Consulting stated to Kaspersky Lab's Threatpost blog, "The Federal Government is made up of such a wide span of diverse agencies – each with their own funding. It’s hard for a central figure – be it CIO or CISO – to really control what the agencies are doing." It may be difficult for Gen. Touhill to set and enforce effective policy with the hydra that is the U.S. government.
As more of CNAP gets implemented, the IT community, as well as federal agencies, will see the effect of Gen. Touhill's appointment. This CISO position is just one small piece of the puzzle, however, and ultimately more positions like this will be created. The policies resulting from the positions are more than likely going to blur the lines between industry and federal cybersecurity. As CNAP itself states, the president is involving "our Nation’s top strategic, business, and technical thinkers from outside of government to study and report on what more we can do to enhance cybersecurity."
These are new waters that the Obama administration is exploring, and it is important for the entire IT world to take note.
Photo credit: U.S. Air Force