US appoints first exec federal cybersecurity head

The White House on Thursday named retired Brig. Gen. Gregory J. Touhill the first-ever federal chief information security officer (CISO).

The announcement was made by Tony Scott, the federal chief technology officer, and J. Michael Daniel, the special assistant to the president and White House cybersecurity coordinator, in a joint blog post.

{mosads}Touhill is the current deputy assistant secretary for cybersecurity and communications in the Office of Cybersecurity and Communications at the Department of Homeland Security. He will report to Scott in the post, which was created in February as part of the the Cybersecurity National Action Plan (CNAP).

Rep. Jim Langevin (D-R.I.) praised the appointment in a written statement.

“I fully support the Administration’s selection of General Touhill as the inaugural federal CISO, as he has a proven record of managing cybersecurity processes both with the Air Force and the Department of Homeland Security,” Langevin wrote.

A three-decade service member in Air Force, Touhill last served as director of command of Control, Communications and Cyber Systems at U.S. Transportation Command, where he was “responsible for the planning, integration, operations and maintenance of U.S. transportation command’s [command, control, communications and cyber systems],” according to his 2013 Air Force bio.

Touhill holds a bachelor of arts degree in political science from Penn State University and a master’s degree in systems management from the University of Southern California.

In the job posting for the CISO position, Touhill’s upcoming role was described as the senior Office of Management and Budget official “responsible for advising OMB and agencies on federal cybersecurity policy strategy and oversight across federal information technology systems,” advising on policy, recruitment and security practices across federal agencies.

“Touhill has his work cut out for him. While the federal government has taken important steps to better secure its networks throughout President Obama’s time in office, too many components continue to fail to properly assess their cybersecurity risk and thus underinvest in attack prevention, mitigation, and resilience,” wrote Langevin in his statement.

The White House also appointed Touhill’s first staff member. Grant Schneider, the current director of cybersecurity policy at the National Security Council, will serve as acting deputy CISO.

Describing the deputy CIO position in the blog post, Scott and Daniel explained the post, at least in part, will address the strange timing of his appointment — with the coming election, it is unclear what happens to Touhill in just a matter of months.

“In creating the CISO role, and looking at successful organizational models across government, it became apparent that having a career role partnered with a senior official is not only the norm but also provides needed continuity over time,” the blog explained.