DHS' Touhill tapped as top federal cybersecurity officer

The White House announced Sept. 8 that Greg Touhill will be the first governmentwide chief information security officer.

The announcement has been anticipated for months because the position is a key component of the Obama administration's $19 billion Cybersecurity National Action Plan, which was unveiled in February. The strategy to better secure federal IT systems includes a fund to replace legacy systems and the creation of the CISO position, which would oversee cybersecurity policy, planning and implementation across the federal government.

Touhill, a retired Air Force brigadier general, currently serves as the deputy assistant secretary for cybersecurity and communications at the Department of Homeland Security.

In a blog post, U.S. CIO Tony Scott and Michael Daniel, special assistant to the president and cybersecurity coordinator, said Touhil's work at DHS has focused on developing and implementing the government's efforts to protect critical infrastructure networks. That experience would help him develop a range of complex and diverse technical solutions for large federal IT assets, Scott said.

Top security officials in the government and industry have said the CISO can be a critical addition, while agency security chiefs are looking to the position to help them build on their ideas and give them more of a voice in federal policy circles.

In April, Scott said he hoped to have a CISO named within 30 days, but the appointment was delayed.

Touhill, who won an FCW Federal 100 award in 2016, also has strong experience with civilian and military best practices and workforce training, development and retention strategies, Scott and Daniels wrote. Before retiring from the Air Force, Touhill was director of the service's Command, Control, Communications and Cyber Systems at U.S. Transportation Command and had served as the command's CIO, where he was responsible for the investment strategy for all IT resources.

Touhill will lead a team at the Office of Management and Budget that has been driving cybersecurity best practices across the federal government and is also responsible for federal agencies' CyberStat reviews.

Grant Schneider, a top cybersecurity adviser to Scott, will serve as acting deputy CISO.

He has been ubiquitous in federal cybersecurity circles in recent years and was widely rumored to be in the running for the federal CISO job. After seven years as CIO at the Defense Intelligence Agency, Schneider moved to the White House in late 2014 to advise Scott and help establish OMB's new E-Gov Cyber and National Security Unit, which oversees agency cybersecurity programs using the CyberStat process.

After the Office of Personnel Management breach was discovered last year, Schneider was detailed to help Acting OPM Director Beth Cobert strengthen the agency's cybersecurity.

Schneider has also helped implement the Continuous Diagnostics and Mitigation program that is jointly administered with DHS.