CISO Exchange no more

Industry Advisory Council could create forum for chief info security officers

Steve O’Keeffe’s defense of a for-profit forum for government and private-sector chief information security officers (CISOs) ended April 14 when he decided to disband the initiative.

O’Keeffe, principal of public relations firm O’Keeffe and Co., had spearheaded the CISO Exchange, an effort announced by House Government Reform Committee Chairman Rep. Tom Davis (R-Va.) in February.

Participants cut ties to the exchange when government and industry officials charged that the organization appeared

to sell access to policy-makers. A select number of companies were to pay $75,000 for full memberships, while others could have paid $5,000 or $25,000 for restricted memberships.

O’Keeffe said last week that he is releasing “any organizations that have made commitments to the CISO Exchange, whether contractual or financial,” a few hours after CIO Council officials announced they would end any relations with the exchange. Council members said they will establish a new, open and accessible forum for the public and private sectors.

Council officials recommended the organization’s Best Practices Committee begin addressing ways to improve agency grades on an annual federal cybersecurity score card. Among the possibilities they are discussing is issuing a general call for white papers on cybersecurity and holding a symposium on the best ones.

Industry Advisory Council board members voted unanimously to create a forum for public- and private-sector CISOs if the CIO Council requests it. Such a forum would be supported by IAC’s Information Security and Privacy Shared Interest Group, said Bob Woods, IAC’s chairman.

Nothing from O’Keeffe’s structure would remain if IAC sets up a cybersecurity forum, Woods said. “It’s not a hand-off deal.”

Two companies, Computer Sciences Corp. and NetSec, had committed to full participation in the exchange, agreeing to pay the $75,000 membership fee, O’Keeffe said earlier this month. CSC, however, withdrew from the initiative early last week.

“Any time there is a question or a perception of buying client access, we’re not going to be involved,” said a spokesman for Austin Yerks, CSC’s president of federalsector business development.

NetSec let the project’s abrupt end speak for itself. “It’s our understanding that it has dissolved, so there’s nothing to withdraw from,” a company spokesman said April 14, adding that company officials are disappointed that the CISO Exchange did not come to fruition.

A major cause of the controversy surrounding the exchange was a plan to publish an annual report. CISO Exchange publicity materials had listed Melissa Wojciak, staff director of the House Government Reform Committee, and Vance Hitch, the Justice Department’s chief information officer and the CIO Council’s privacy and security liaison, as co-chairpeople of the group’s advisory board.

Given the involvement of senior members of Davis’ staff and the CIO Council, many feared the group’s report would be perceived as representing government policy.

O’Keeffe and Co. would not have profited from the exchange, O’Keeffe added. Money collected for the exchange would have gone to O’Keeffe’s holding company, Bonaparte Holdings, “which is used to maintain a distinct identity to ensure there is no potential for mixing the funds,” he said.

Security forum’s circle of life

Feb. 16: Rep. Tom Davis (R-Va.) announces the formation of the Chief Information Security Officers (CISOs) Exchange, “a public/private initiative focused on empowering CISOs.” The effort is led by Steve O’Keeffe, principal of marketing firm O’Keeffe and Co.

April 5: O’Keeffe announces two $75,000 industry board members — Computer Sciences Corp. and NetSec — and six nonpaying government board members.

April 7: A Davis spokesman says the congressman “is in the process of re-evaluating his relationship to the program.” A picture of Davis on the exchange’s Web site is removed.

April 8: Davis will withdraw any official participation in the exchange, his spokesman says.

April 12: Vance Hitch, the Justice Department’s chief information officer and an exchange board co-chairman, says he is “uncomfortable with the form that the original proposed exchange has.” CSC withdraws from the exchange, a spokeswoman says. Industry Advisory Council Chairman Bob Woods says government officials have approached him about creating a CISO forum.

April 13: The CIO Council votes to recommend its complete withdrawal from the exchange. IAC board members vote unanimously to create a forum for public- and private-sector CISOs if the CIO Council requests it.

April 14: CIO Council Chairwoman Karen Evans issues a statement accepting the council’s recommendation. O’Keeffe disbands the exchange. A NetSec spokesman says it is unnecessary for the company to withdraw from the exchange because it has been dissolved.

— David Perera

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above