CIOs urged to flex their financial muscle

Shutterstock image (by Tatiana Popova): businessman burning money with a lighter.

(Tatiana Popova / Shutterstock)

CIOs, CISOs, use your hammers.

Retired Brig. Gen. Gregory Touhill, deputy assistant secretary for cybersecurity and communications at the Department of Homeland Security, urged top federal techs to use the powers Congress has given them to keep things on track in their agencies.

“The CIOs and the CISOs have a hammer that in the past they haven’t necessarily exercised well,” Touhill said in a panel discussion on cloud security issues at the Sept. 17 Billington Cybersecurity Summit.

The hammer lies in the form of another C-level leader.       

“CFOs aren’t supposed to be certifying funds unless the CIO says [any given project] has met all the different standards,” Touhill noted. “CIOs have the opportunity with all the different legislation that’s out there to actually go and enforce all of these things.”

He pointed to the Federal IT Acquisition Reform Act (FITARA), which beefed up the power of the CIO over funding and, ostensibly, strengthened the CIO-CFO working relationship.

But too few CIOs and CISOs are using their power for good, or at all.

“I’m not aware, and I sit on the federal CIO council, of any great exemplar right now,” Touhill said.

As if on cue, an audience member piped up with a tale of a CISO struggling to even understand what agency leadership was trying to do.

“My agency is about to move to full cloud implementation,” a woman, who said she was a security engineer working under the Corporation for National and Community Service CISO, began.

“Is it public cloud?” the panelists interrupted.

“I don’t know!” she responded. “That’s part of it. I’m not exactly sure, from the security standpoint I’m like, ‘OK, well what stance do I need to take as the security person as far as guiding this move to the cloud?’”

Michael Cassidy, the Justice Department’s chief cybersecurity architect, stayed after the panel to talk through problems and potential solutions with the CNCS engineer, who explained that she and the CISO had been included in the cloud move discussions only midway through the process.

“We don’t want to stop any good work,” she told FCW. “We just want to understand, and make sure it’s secure.”

The visibility and control issue obviously varies from agency to agency. At highly decentralized NASA, for instance, outgoing CIO Larry Sweet controls only about 10 percent of the IT budget.

But wherever they can, CIOs need to be directing funds into well-planned investments to counteract the trend of federal IT spending “head[ing] the wrong way.”

One upside of cloud, DOJ’s Cassidy noted, is that vendors can potentially force updates and patching on which agencies have lagged.

“As we go more and more to the cloud we’re going to see, ‘Well, your IE 9, 10 browser even though Microsoft might support it, we’re not going to support it in the cloud,’” Cassidy said. “We’ve seen that with several [software as a service] providers over the last couple months.”

But Cassidy and Touhill both affirmed that agencies shouldn’t have to rely on outside forces to keep them up-to-date and secure. That power lies with the CIO and CISO, if only they’ll use it.

About the Author

Zach Noble is a staff writer covering digital citizen services, workforce issues and a range of civilian federal agencies.

Before joining FCW in 2015, Noble served as assistant editor at the viral news site TheBlaze, where he wrote a mix of business, political and breaking news stories and managed weekend news coverage. He has also written for online and print publications including The Washington Free Beacon, The Santa Barbara News-Press, The Federalist and Washington Technology.

Noble is a graduate of Saint Vincent College, where he studied English, economics and mathematics.

Click here for previous articles by Noble, or connect with him on Twitter: @thezachnoble.


  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.