CIOs urged to flex their financial muscle

Shutterstock image (by Tatiana Popova): businessman burning money with a lighter.

(Tatiana Popova / Shutterstock)

CIOs, CISOs, use your hammers.

Retired Brig. Gen. Gregory Touhill, deputy assistant secretary for cybersecurity and communications at the Department of Homeland Security, urged top federal techs to use the powers Congress has given them to keep things on track in their agencies.

“The CIOs and the CISOs have a hammer that in the past they haven’t necessarily exercised well,” Touhill said in a panel discussion on cloud security issues at the Sept. 17 Billington Cybersecurity Summit.

The hammer lies in the form of another C-level leader.       

“CFOs aren’t supposed to be certifying funds unless the CIO says [any given project] has met all the different standards,” Touhill noted. “CIOs have the opportunity with all the different legislation that’s out there to actually go and enforce all of these things.”

He pointed to the Federal IT Acquisition Reform Act (FITARA), which beefed up the power of the CIO over funding and, ostensibly, strengthened the CIO-CFO working relationship.

But too few CIOs and CISOs are using their power for good, or at all.

“I’m not aware, and I sit on the federal CIO council, of any great exemplar right now,” Touhill said.

As if on cue, an audience member piped up with a tale of a CISO struggling to even understand what agency leadership was trying to do.

“My agency is about to move to full cloud implementation,” a woman, who said she was a security engineer working under the Corporation for National and Community Service CISO, began.

“Is it public cloud?” the panelists interrupted.

“I don’t know!” she responded. “That’s part of it. I’m not exactly sure, from the security standpoint I’m like, ‘OK, well what stance do I need to take as the security person as far as guiding this move to the cloud?’”

Michael Cassidy, the Justice Department’s chief cybersecurity architect, stayed after the panel to talk through problems and potential solutions with the CNCS engineer, who explained that she and the CISO had been included in the cloud move discussions only midway through the process.

“We don’t want to stop any good work,” she told FCW. “We just want to understand, and make sure it’s secure.”

The visibility and control issue obviously varies from agency to agency. At highly decentralized NASA, for instance, outgoing CIO Larry Sweet controls only about 10 percent of the IT budget.

But wherever they can, CIOs need to be directing funds into well-planned investments to counteract the trend of federal IT spending “head[ing] the wrong way.”

One upside of cloud, DOJ’s Cassidy noted, is that vendors can potentially force updates and patching on which agencies have lagged.

“As we go more and more to the cloud we’re going to see, ‘Well, your IE 9, 10 browser even though Microsoft might support it, we’re not going to support it in the cloud,’” Cassidy said. “We’ve seen that with several [software as a service] providers over the last couple months.”

But Cassidy and Touhill both affirmed that agencies shouldn’t have to rely on outside forces to keep them up-to-date and secure. That power lies with the CIO and CISO, if only they’ll use it.

About the Author

Zach Noble is a staff writer covering digital citizen services, workforce issues and a range of civilian federal agencies.

Before joining FCW in 2015, Noble served as assistant editor at the viral news site TheBlaze, where he wrote a mix of business, political and breaking news stories and managed weekend news coverage. He has also written for online and print publications including The Washington Free Beacon, The Santa Barbara News-Press, The Federalist and Washington Technology.

Noble is a graduate of Saint Vincent College, where he studied English, economics and mathematics.

Click here for previous articles by Noble, or connect with him on Twitter: @thezachnoble.


    sensor network (agsandrew/

    Are agencies really ready for EIS?

    The telecom contract has the potential to reinvent IT infrastructure, but finding the bandwidth to take full advantage could prove difficult.

  • People
    Dave Powner, GAO

    Dave Powner audits the state of federal IT

    The GAO director of information technology issues is leaving government after 16 years. On his way out the door, Dave Powner details how far govtech has come in the past two decades and flags the most critical issues he sees facing federal IT leaders.

  • FCW Illustration.  Original Images: Shutterstock, Airbnb

    Should federal contracting be more like Airbnb?

    Steve Kelman believes a lighter touch and a bit more trust could transform today's compliance culture.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.