In February, President Obama announced a Cybersecurity National Action Plan (CNAP) that takes a series of short-term and long-term actions to improve our cybersecurity posture within the Federal Government and across the country. The CNAP builds upon a comprehensive series of actions over the last nearly eight years that have fundamentally shifted the way we approach security in the digital age and raised the level of cybersecurity across the country.
Over the last year alone we’ve made significant progress. For example, we’ve:
- established the Commission on Enhancing National Cybersecurity, consisting of top strategic, business, and technical thinkers from outside the government to make critical recommendations on actions that can be taken over the next decade to strengthen cybersecurity in both the public and private sectors while protecting privacy and public safety;
- proposed legislation to establish a $3.1 billion Information Technology Modernization Fund (ITMF) to modernize government IT and retire and replace legacy IT that is difficult to secure and expensive to maintain;
- directed implementation of a Cybersecurity Strategy and Implementation Plan (CSIP) for the Federal civilian government as well as the first-ever Federal Cybersecurity Workforce Strategy to identify, recruit, develop, retain, and expand the pipeline of the best, brightest, and most diverse cybersecurity talent for Federal service and for our Nation.
While we’ve seen progress, and as the President has made clear on many occasions, there’s much more to do. That’s why today we are proud to announce Brigadier General (retired) Gregory J. Touhill as the first Federal Chief Information Security Officer (CISO).
A key feature of the CNAP is creation of the first CISO to drive cybersecurity policy, planning, and implementation across the Federal Government. General Touhill is currently the Deputy Assistant Secretary for Cybersecurity and Communications in the Office of Cybersecurity and Communications (CS&C) at the Department of Homeland Security (DHS), where he focuses on the development and implementation of operational programs designed to protect our government networks and critical infrastructure. In his new role as Federal CISO, Greg will leverage his considerable experience in managing a range of complex and diverse technical solutions at scale with his strong knowledge of both civilian and military best practices, capabilities, and human capital training, development and retention strategies. Greg will lead a strong team within OMB who have been at the forefront of driving policy and implementation of leading cyber practices across federal agencies, and is the team that conducts periodic cyberstat reviews with federal agencies to insure that implementation plans are effective and achieve the desired outcomes.
In addition to the naming the first Federal CISO, we are also proud to announce Grant Schneider as the Acting Deputy CISO. In creating the CISO role, and looking at successful organizational models across government, it became apparent that having a career role partnered with a senior official is not only the norm but also provides needed continuity over time. Grant currently serves as the Director for Cybersecurity Policy on the National Security Council staff at the White House where he focuses on development and oversight of cybersecurity policies to protect government data, networks, and systems, and brings over 20 years of technical skills to the role.
Strong cybersecurity depends on robust policies, secure networks and systems and, importantly, a cadre of highly skilled cybersecurity talent. Building on the Cybersecurity Workforce Strategy to identify, recruit, and retain top talent, the CISO will play a central role in helping to ensure the right set of policies, strategies, and practices are adopted across agencies and keeping the Federal Government at the leading edge of 21st century cybersecurity.