The US Has Its First Cybersecurity Director
Gregory Touhill, a retired Air Force one-star, will be the first to hold the job, which was created in the wake of the OPM hack.
The White House named its first-ever chief information security officer Thursday, part of its broader effort to shore up cyber practices after last year's massive intrusion into federal background check databases.
The administration named Gregory Touhill, the Homeland Security Department's deputy assistant secretary for cybersecurity and communications, and a retired Air Force brigadier general, to the top information security position. Grant Schneider, the National Security Council's cybersecurity policy director and former Defense Intelligence Agency chief information officer, was named acting deputy CISO.
The White House's Cybersecurity National Action Plan, announced in February and overseen by U.S. CIO Tony Scott, outlined the need for a federal CISO. That plan was issued alongside President Obama's 2017 budget, which proposed raising IT security spending by 35 percent. Those proposals came months after news surfaced that a massive hack into the records held by the Office of Personnel Management exposed sensitive information on more than 20 million people.
In his new role, Touhill's responsibilities will include driving "cybersecurity policy, planning and implementation" across federal agencies, and also leading periodic reviews of agencies' progress, according to the White House blog post. The Cybersecurity National Action Plan noted the CISO would be involved with the White House's proposed $3.1 billion IT modernization fund—a pot of money to which agencies could apply for specific technology projects.
One of the CISO's most important roles will be to "pull together all of the people in the federal government and make sure we have a well-thought through and then executed strategy in terms of how all of those entities work together,” Scott said at an April event.