White House names first cybersecurity chief, underscoring new priority

Gregory Touhill, who works in cybersecurity for the Department of Homeland Security, will be the first federal chief information security officer.

Jacquelyn Martin/AP
The US Office of Personnel Management is photographed Tuesday, in Washington. Gregory Touhill, who works in cybersecurity for the Department of Homeland Security, will be the first federal CISO, the White House announced on Friday.

President Obama announced Friday that he has appointed the first chief information security officer (CISO) of the federal government, part of a continued effort to bolster cybersecurity during the latter years of his administration.

Gregory Touhill, who is currently the Department of Homeland Security’s deputy assistant secretary for cybersecurity and communications, has accepted the job to protect federal infrastructure and data from hacks and analyze potential security risks – a position that serves to underscore how much cybersecurity issues have become a top White House priority. 

"In the past there has been the federal cyber security 'czar' who reported directly to the White House, but that position was all about outward-facing policy and talking about cyber security," John Pescatore, the director of emerging security trends at the SANS Institute, a cybersecurity company, tells The Christian Science Monitor. "What the federal government has lacked was an inward-facing chief security officer whose goal is to make the federal government more secure, versus to talk about cyber security in general or to weigh in on policy matters."

Mr. Touhill, a retired US Air Force brigadier general, will begin his new job later this month, Reuters reports. Because it is a political appointment, the 45th president of the United States could choose to replace him.

Grant Schneider, a career government employee who is the director of cybersecurity policy at the White House’s National Security Council, will be Touhill’s acting deputy CISO.

The position itself was announced in February as part of Obama’s Cybersecurity National Action Plan (CNAP), but has remained unfilled in the intervening months. Along with the installation of a federal CISO, CNAP included plans to create the Commission on Enhancing National Cybersecurity, to run a cybersecurity awareness campaign, and to encourage Americans secure their online accounts. The president's fiscal year budget proposal for 2017 called for $19 billion to boost cybersecurity.

Although CNAP was announced well before the server hack of the Democratic National Convention or the state election hacks, which US intelligence officials believe Russia was behind in an attempt to influence the Nov. 8th election, those security breaches will create ripples throughout the government.

"All of these other organizations – the DNC, campaigns – that are not part of the government, but are also part of the political system, they also need to have CISOs and they need to take the issue more seriously in terms of what they are doing," Tom Cross, the co-founder and chief technology officer of the cybersecurity firm Drawbridge Networks, tells the Monitor. "There seems to be a leadership gap there, and the appointment of the federal CISO is an important step in terms of having better information security leadership in the federal government, it is sorely needed."

The DNC and state election hacks have served as a wake-up call, not just for the federal government, but also for the American public, which is becoming keenly aware of what a breach in cybersecurity could really mean.

"It really scares me that the Russians are starting to interfere in American elections," Herb Lin, a senior research scholar at the Stanford Center for International Security and Cooperation and a research fellow at the Hoover Institution, told the Monitor in July. "The idea that we might elect a president in part because Putin favored him is a little bit mind-boggling to me. But I'm just one of 323 million people.... Could it shake public confidence in an election?"

With a public that is increasingly aware of what is at stake in cybersecurity threats, and a government that is anxious to get the upper hand on the situation, Touhill will have his work cut out for him – assuming that he will have the authority and resources to be effective in the position, which Mr. Cross  and others in the information security world are worried about.

"The challenge of any CISO is to get an organization to appreciate the value of the changes that they are proposing and be willing to accept additional security control and to understand why those controls are worth the effort and the money," he says.

[Editor's note: In the original story Tom Cross was incorrectly identified.]

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to White House names first cybersecurity chief, underscoring new priority
Read this article in
QR Code to Subscription page
Start your subscription today