Go to the profile of Gregory Mooney
Gregory Mooney
Information Security, Geek Life, and Technology

Can The New U.S. CISO Solve The Cyber Security Problem?

Following up President Obama’s enactment of Cybersecurity National Action Plan(CNAP) in February, the US government has finally hired someone to manage cyber security policy for all government departments and agencies. Welcome Brigadier General Gregory J. Touhill as the first acting Federal CISO (Chief Information Security Officer)!

The new hire is a positive step considering the US government doesn’t have the cleanest record when it comes to managing and improving cyber security. However, there is a lot of work to be done and it’s hard to believe that one person can fix the cyber security issues the US government has to overcome.

But at least it’s a start.

The New CISO’s Credentials

If anybody should be the United States’ official CISO, General Touhill has the chops. On top of being a decorated US Air Force general and over the past couple years he has been working in the Office of Cybersecurity and Communications for the Department of Homeland Security.

According to the U.S. Federal government’s official CIO, Tony Scott, “In his new role as Federal CISO, Greg will leverage his considerable experience in managing a range of complex and diverse technical solutions at scale with his strong knowledge of both civilian and military best practices, capabilities, and human capital training, development and retention strategies.”

What’s the CISO Strategy?

Mr. Touhill is going to develop and oversee government policies p1ertaining to cybersecurity, as well as hold departments accountable for how they handle data security. From the top down this may be the beginning of a transformation for how the U.S. government operates and trains its employees. But what strategies will Mr. Touhill need to take to accomplish such a monumental task?

Former Atlanta CISO Taiye Lambo recently explained to Government Technology Magazine what a new CISO strategy involves:

“As the cyber threat landscape continues to evolve, a breach in security could impact public safety, hinder economic growth and financial stability for federal as well as state, local, tribal and territorial (SLTT) government entities. The need for a top-down approach to information/cyber security with vocal buy-in from the highest level of executive leadership is the most critical success factor for implementing a winning CISO strategy.”

The Magnitude of Cyber Security Issues

The magnitude of risk across the U.S. Federal government is frightening when considering that many departments choose to outsource IT projects to government contractors. In addition, the Federal government’s IT infrastructure is riddled with legacy systems that are both hard to maintain and secure.

Then there are the budget issues. There has been proposed legislation to establish a $3.1 billion Information Technology Modernization Fund in 2017, and a total of $12 billion over the next 10 years. That may seem like a lot of money, but it wouldn’t be surprising to see that number go up over the next few years. New hardware equipment, software, and experienced IT staff doesn’t come cheap. And we all know how government contractors find ways to overspend taxpayer money.

To say the least, it will be interesting to see is how Mr. Touhill can deal with the scale of cyber security risk within the public sector.

But we should all be glad that he was appointed and that the government is taking the situation very seriously. This certainly is history in the making, but the government and Mr. Touhill have a lot of work to do to regain the trust of US citizens when it comes to Internet and data security.

This article originally appeared on the Ipswitch Blog.