The creation of the position was part of the National Cybersecurity Plan announced in February
The White House has announced the appointment of the first Federal Chief Information Security Officer (CISO). Retired Air Force officer Brigadier General Gregory J Touhill will occupy the post.
General Touhill will report to Federal CIO Tony Scott.
The appointment of a federal CISO was part of the National Cybersecurity Action Plan (NCAP) announced by President Barack Obama in February, which in turn followed the passage of Cybersecurity Act of 2015 in December last year.
General Touhill is currently the Deputy Assistant Secretary for Cybersecurity and Communications in the Office of Cybersecurity and Communications (CS&C) at the Department of Homeland Security (DHS), where he focuses on the development and implementation of operational programs designed to protect government networks and critical infrastructure.
“In his new role as Federal CISO, Greg will leverage his considerable experience in managing a range of complex and diverse technical solutions at scale with his strong knowledge of both civilian and military best practices, capabilities, and human capital training, development and retention strategies,” said an official release from the White House.
Knowing well that it would be almost impossible to secure the legacy government IT infrastructure, NCAP had a proposal to form of a $3.1 billion Information Technology Modernization Fund, which “will enable the retirement, replacement, and modernization of legacy IT that is difficult to secure and expensive to maintain,” the announcement in February had outlined. The Federal CISO position was envisaged to “drive these changes across the government.”
The White House also has a Cybersecurity Coordinator position, which is held by Micheal Daniel.
India does not have a designated Chief Information Officer or Chief Information Security Officer. However, Dr Gulshan Rai serves as a special secretary in the Prime Minister’s Office in charge of cybersecurity. In his role, Dr Rai is responsible for all cybersecurity related planning and policy—right from capacity creation through skill development to international coordination as well as broader cybersecurity policy and strategy formulation. It does not include technology implementation for the entire government’s IT infrastructure.
The White House, on the other hand, has decided to follow the prevalent enterprise model where the CISOs report to the CIOs.