CIO Council seeks to clarify boundaries

Group formalizing private initiative guidelines

CIO Council members may institute a formal process for industry organizations to legitimately claim the council's support.

"What I think you're going to see is better rules of the road because of what's happened in this particular environment," said Karen Evans, the Office of Management and Budget's administrator for e-government and information technology. Evans is also the council's director.

The council recently withdrew its participation from the Chief Information Security Officer (CISO) Exchange, a for-profit initiative led by Steve O'Keeffe, principal of marketing firm O'Keeffe and Co. O'Keeffe ended his efforts to promote the CISO Exchange April 14, shortly after OMB officials issued a statement to announce that the council would withdraw from the organization.

"We're looking to have a little more distance between the council and specific events," said Marty Wagner, a General Services Administration associate administrator and ex officio liaison to the council. Issues needing clarification include when private-sector initiatives can display the council's logo and what constitutes "an event that we are glad is occurring, but we're not supporting it per se," he said.

Council members may set up an application process for organizations seeking their support, said Vance Hitch, the Justice Department's chief information officer, who was listed as a co-chairman of the CISO Exchange.

Such a process might require "asking some of the harder questions that you typically wouldn't ask off the top of your head, like, 'How do you make your money and what do you do with it?' " Hitch said.

Although the CIO Council neither formally endorsed nor sponsored the CISO Exchange, Hitch's participation as advisory board co-chairman created the impression that the council sponsored the initiative, Evans said.

"There is an implication of CIO Council sponsorship because he's our official liaison for cybersecurity," she said. Participants cut ties to the exchange when government and industry officials said the organization appeared to sell access to policy-makers. A select number of companies were to pay $75,000 for full memberships, while others could have paid $25,000 or $5,000 for restricted memberships.

Council endorsement carries more weight than support, said Dan Matthews, the council's vice chairman. When council members endorse, "they're in essence putting their reputation behind" something, Matthews said. The council is not in the business of endorsing the private sector, he added.

Hitch said he made a presentation to the council's executive committee about a need for a forum in which officials from the public and private sectors could exchange best cybersecurity practices. But he said he was unaware of O'Keeffe's three-tiered structure for access to the exchange.

"That's something that I didn't even know until the information came out," he said. O'Keeffe's statements about the exchange's structure were premature, Hitch added.

Council members continue to believe a cybersecurity best practices organization is a pressing need, Matthews said. But "then the Web site went up saying it was going to collect this kind of money, and that's when we said, 'That's interesting, tell me more,'" he said. Hitch's presentation made no reference to O'Keeffe, Matthews said.

O'Keeffe said he cleared a CISO Exchange press release with the council. He had no comment on whether he considered the council a sponsor.

Determining which private-sector organizations can legitimately claim council backing is complicated because a majority of federal IT workers are contractors, said Mark Forman, Evans' predecessor.

"You want to make an environment where people want to contribute, but people have to understand that lurking in the shadows of the desire to contribute are people that would like to abuse the opportunities to contribute," he said.

A CIO is not the council

When chief information officers attend events as representatives of their agencies or of the CIO Council, their roles need to be clear, said Justice Department CIO Vance Hitch, below. "That's something I will have to make sure that is clear to me. In what capacity are you asking me to talk to a group or perform a function?" he said.

The approval process would be different for each person, Hitch said. Departmental ethics offices would have a role in clearing participation for agency representations. Hitch said he favors implementing a new process for council representations.

"I don't want to get involved with something that's not viewed as something that's open and supportive," he said. "I think if we do the things we're talking about, we'll get more clarity."

— David Perera

About the Author

David Perera is a special contributor to Defense Systems.

Rising Stars

Meet 21 early-career leaders who are doing great things in federal IT.


  • SEC Chairman Jay Clayton

    SEC owns up to 2016 breach

    A key database of financial information was breached in 2016, possibly in support of insider trading, said the Securities and Exchange Commission.

  • Image from

    DOD looks to get aggressive about cloud adoption

    Defense leaders and Congress are looking to encourage more aggressive cloud policies and prod reluctant agencies to embrace experimentation and risk-taking.

  • Shutterstock / Pictofigo

    The next big thing in IT procurement

    Steve Kelman talks to the agencies that have embraced tech demos in their acquisition efforts -- and urges others in government to give it a try.

  • broken lock

    DHS bans Kaspersky from federal systems

    The Department of Homeland Security banned the Russian cybersecurity company Kaspersky Lab’s products from federal agencies in a new binding operational directive.

  • man planning layoffs

    USDA looks to cut CIOs as part of reorg

    The Department of Agriculture is looking to cut down on the number of agency CIOs in the name of efficiency and better communication across mission areas.

  • What's next for agency cyber efforts?

    Ninety days after the Trump administration's executive order, FCW sat down with agency cyber leaders to discuss what’s changing.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group