The United States Government now has its first Chief Information Security Officer: Brigadier General (retired) Gregory Touhill.
Touhill will play the strategic role you’d expect America’s CISO to handle: “driv[ing] cybersecurity policy, planning, and implementation across the Government.”
Per the government’s welcome-aboard press release, he’ll:
…leverage his considerable experience in managing a range of complex and diverse technical solutions at scale with his strong knowledge of both civilian and military best practices, capabilities, and human capital training, development and retention strategies.
Whatever you may think of the Obama administration, they do know the jargon…
Touhill spent the past two-and-a-half years as “Deputy Assistant Secretary for Cybersecurity and Communications in the Office of Cybersecurity and Communications (CS&C) at the Department of Homeland Security (DHS)”.
That’s a mouthful: in something closer to English, he’s been focusing on “the development and implementation of operational programs designed to protect our government networks and critical infrastructure.”
Prior to that, Touhill worked his way up through military roles in security, IT, and elsewhere – including two years as CIO for the U.S. military transportation combatant command, two as US Defense Attache in Kuwait, and another two as Commander of the 81st Training Wing at Keesler Air Force Base, where he led a billion-dollar rebuilding project after Hurricane Katrina. (We learned all this from his LinkedIn page, which you can check out yourself. Yay for transparency.)
Touhill’s appointment is part of the outgoing Obama administration’s effort to build out a professional government-wide information security organization before splitting town in January.
Obama’s February Cybersecurity National Action Plan (CNAP) included a laundry list of plans, ranging from public/private partnerships to promote multifactor authentication to a proposed $3.1 billion fund for upgrading insecure legacy systems.
It aims to ramp up more federal civilian cyberdefense teams, identify at-risk IT assets more aggressively, and widen access to shared services, so individual agencies needn’t build, own, run, or defend their own IT “when more efficient, effective, and secure options are available.”
Touhill reports to US government CIO Tony Scott, formerly of VMware and Microsoft. (We told you about some of his work late last year.) He’ll also have temporary help from Grant Schneider, the government’s new Acting Deputy CISO.
Of course, as Fortune points out, all of this might be temporary. These appointments are made by the President, and can be unmade by the next President, whether that’s Clinton or Trump.
Clinton has seemed generally comfortable with the Obama administration’s direction on cybersecurity (though she might be a bit busy with other cybersecurity issues of her own at the moment.) As for Trump, well, there’s this, this, this, and this, and we’ll let you judge for yourself.