The White House named Brigadier General (retired) Greg Touhill as the first federal chief information security officer, and Grant Schneider as the first acting deputy CISO.
Touhill comes to the new role from the Homeland Security Department, where he is the deputy assistant secretary for cybersecurity and communications in the Office of Cybersecurity and Communications (CS&C). Schneider has been on detail to the Office of Management and Budget since 2014 after serving seven years as the chief information officer at the Defense Intelligence Agency.
The White House announced the creation of a federal CISO in the Cybersecurity National Action Plan in February.
“In his new role as Federal CISO, Greg will leverage his considerable experience in managing a range of complex and diverse technical solutions at scale with his strong knowledge of both civilian and military best practices, capabilities, and human capital training, development and retention strategies,” wrote Michael Daniel, the Special Assistant to the President and Cybersecurity Coordinator and Tony Scott, the federal chief information officer, in a Sept. 8 blog post. “Greg will lead a strong team within OMB who have been at the forefront of driving policy and implementation of leading cyber practices across federal agencies, and is the team that conducts periodic cyberstat reviews with federal agencies to insure that implementation plans are effective and achieve the desired outcomes.”
Touhill has spent the last two-and-a-half years at DHS where he also served as acting director of the National Cyber and Communications Integration Center (NCCIC) for a time.
Before coming to DHS, Touhill served as CIO and director of C4 systems for the U.S. Transportation Command, CIO of the Air Mobility Command and director of C4S for the U.S. Central Command Air Forces.
Touhill served in the Air Force for 21 years before retiring in May 2013.
Schneider, who many in the community thought was the leading candidate to be federal CISO, has been at OMB on detail for two years, which would end in October. He served as federal cybersecurity advisor at OMB, spent time at the Office of Personnel Management working on its cyber challenges and since January has been the director of government cybersecurity for the National Security Council.
The concern has been how much impact this person could have in a short amount of time. OMB says the federal CISO is a political position and the deputy CISO is a career position. Touhill will have about four-and-a-half months as Federal CISO.
“Strong cybersecurity depends on robust policies, secure networks and systems and, importantly, a cadre of highly skilled cybersecurity talent,” Daniel and Scott wrote. “Building on the Cybersecurity Workforce Strategy to identify, recruit, and retain top talent, the CISO will play a central role in helping to ensure the right set of policies, strategies, and practices are adopted across agencies and keeping the federal government at the leading edge of 21st century cybersecurity.”
Industry reaction to the White House naming Touhill is positive.
“Gen. Touhill is a great choice for our country’s first-ever federal chief information security officer,” said Tanium vice president, Ralph Kahn in an email comment. “He knows how to bring the public and private sectors together to tackle the challenge of securing our nation’s networks while always looking around the bend to the newest threats and solutions. We look forward to working with him.”