President Obama has named Gregory Touhill, a retired Air Force brigadier general, as the U.S. federal government's first chief information security officer.
See Also: From Authentication to Advanced Attack Vectors: Top Trends in Cybercrime in Q1 2016
A Sept. 8 White House blog announced the appointment of Touhill, who now serves as deputy assistant secretary for cybersecurity and communications in the Department of Homeland Security. In his new role, Touhill will report to federal CIO Tony Scott, who's based in the White House Office of Management and Budget.
Grant Schneider, director for cybersecurity in the White House National Security Council, was named acting deputy CISO.
In February, Obama created the federal CISO post as part of a multifaceted initiative known as the Cybersecurity National Action Plan that's aimed at strengthening the nation's IT security (see Obama Creating Federal CISO Post ).
Scott and White House Cybersecurity Coordinator Michael Daniel, in the blog, say Touhill will leverage his considerable experience in managing a range of complex and diverse technical solutions with his strong knowledge of civilian and military best practices, capabilities and human capital training, development and retention strategies.
"Greg will lead a strong team within OMB who have been at the forefront of driving policy and implementation of leading cyber practices across federal agencies and is the team that conducts periodic CyberStat reviews with federal agencies to insure that implementation plans are effective and achieve the desired outcomes," Scott and Daniel write in the blog.
In CyberStat sessions, cybersecurity experts from OMB, the Department of Homeland Security and the national security staff help agency IT security leaders develop action plans to improve their information security posture.
Reaction to the Pick
Greg Garcia, who served as DHS assistant secretary for cybersecurity and communications in the George W. Bush administration, says Touhill is a strong pick for the job.
"As lead for the National Cyber and Communications Integration Center, he knows federal cybersecurity strengths and weaknesses in the context of both preparedness and incident response," Garcia says. "And he has been a participant and convener of numerous industry-government cyber exercises, where participants have gained a better sense of how a given cyberattack can impact critical operational processes, and how response protocols can be improved to mitigate damage."
Garcia characterizes Touhill as a common-sense manager. "Greg recognizes bureaucratic inefficiencies and isn't afraid to call them out," Garcia says. "He is both candid and personable with his stakeholders, which engenders trust."
Clock Ticking
Some cybersecurity and government policy experts wonder if Touhill will have enough time to accomplish anything significant in the final four months of the Obama administration (see Federal CISO Will Face Tough Challenges). The next president could choose a new federal CISO or do away with the job.
Martin Libicki, a national and cybersecurity scholar at the think tank The Rand Corp., says he was impressed with Touhill's knowledge in their one meeting, but questions how much he could do before inauguration day on Jan. 20. "The last few months are hardly time to get much done significantly - particularly if what he wants to get done is something that will run into opposition from someone else in the bureaucracy because snow-rolling someone at this stage is relatively simple at that point."
But Garcia notes: "Some flowers are planted to bloom in autumn; others are bulbs that wait until spring. Greg might be able to bridge the seasons by fertilizing agencies' alignment with the newly revised OMB Circular A-130 [which defines administration IT management policy]."
Among Touhill's past positions was a 2-year stint as CIO and director of C4 systems, the nation's military transportation combatant command. He also served for nearly 1½ years as CIO and director for communications and information for the air mobility command. He retired from the Air Force in 2005 after nearly 22 years of service.