The Homeland Security Department isn’t waiting around to get its new National Risk Management Center up and running. DHS name Bob Kolasky to serve as the center’s first director. Kolasky currently is the assistant secretary for infrastructure protection in the National Protection and Programs Directorate (NPPD).
“Bob is uniquely qualified to lead this significant undertaking and I am confident he is ready for the challenge,” wrote Chris Krebs, the DHS undersecretary of NPPD, in an email to staff obtained by Federal News Radio. “Bob will stand up a planning team and begin his transition to lead the center.”
DHS Secretary Kristjen Nielsen announced the new National Risk Management Center on July 31 at DHS’ Cybersecurity Summit. Nielsen said the new center would help break down some of the communication barriers that exist between the government and sectors when it comes to sharing cybersecurity threats.
“Our goal is to simplify the process, to provide a single point of focus for the single point of access to the full range of government activities to defend against cyber threats,” Nielsen said. “I occasionally still hear of companies and state and local [governments] who call 911 when they believe they’ve been under a cyber attack. The best thing to do would be to call this center — this will provide that focal point.”
Insight by MFGS, Inc.: In this exclusive Federal News Network survey, cybersecurity experts from the military services and intelligence community offer insights into how their agencies are transforming their approaches to cybersecurity to address the ever-changing threats.
Krebs said Steve Harris will serve as acting principal deputy assistant secretary alongside Scott Breor who will continue to serve as acting deputy assistant secretary.
“Steve, along with the rest of the IP leadership team, will continue the work Bob has undertaken, including enhancing our physical security capability and continuing regionalization efforts,” Krebs wrote.
Kolasky has been with DHS since 2007 serving in a variety of roles, including the assistant director in the Office of Risk Management and for the last six years in OIP. He also spent time as an analyst for the Government Accountability Office and worked in industry.
In addition to naming Kolasky and making other related personnel moves, Krebs offered more insight into how the new center will work with existing DHS programs, including the National Cybersecurity and Communications Integration Center (NCCIC) and the National Infrastructure Coordinating Center (NICC).
“[W]e identified a clear need for tighter collaboration across industry and government, not just in cybersecurity efforts, but in generally understanding and addressing existing and emerging risks. So as we continue to integrate the watch and warning functions of the NCCIC and NICC, we must also enhance efforts to understand holistic risk conditions across our nation’s infrastructure, whether cyber or physical — what’s essential, what’s a potential single point of failure, and what functions and services underpin our very society, government, and economy,” he wrote. “The NCCIC will continue to be our eyes and ears for cyber and the NICC for physical threats. The National Risk Management Center will be the engine for how we understand and the platform by which we’ll collectively defend our infrastructure.”
Krebs said pulling the eyes, ears and body together is part of how DHS will operationalize risk management.
“That higher order understanding of risk, criticality, and how to increase resilience has been at the heart of Office of Cyber and Infrastructure Analysis’ (OCIA) mission since its inception,” he wrote. “The establishment of the center represents the elevation of that mission and the operationalization of the secretary’s authorities to lead and coordinate national critical infrastructure protection efforts alongside our government and industry partners.”
Along with the changes at DHS, there are several other important people on the move in the federal technology and acquisition communities.
Mittal Desai moved to the Federal Deposit Insurance Corporation (FDIC) from the Federal Energy Regulatory Commission (FERC) to be the deputy chief information security officer.
Desai had been at FERC for 11 years, including the last four as its CISO.
The FDIC has replaced a good portion of its CIO executives over the last year with Howard Whyte rising to be FDIC’s chief information officer in October. Whyte hired Zach Brown in from the Consumer Financial Protection Bureau April to be the permanent CISO and now Desai.
The Marines Corps named Brig. Gen. Lorna Mahlock as its new CIO in July. Mahlock is the first African-American woman to achieve the rank of brigadier general in the Marines. She received the promotion in April.
Before becoming CIO, Mahlock served as the deputy director for plans, policy and operations and commanding officer of the Marine Air Control Group 18 in Okinawa, Japan.
The Marine Corps had been without a permanent CIO since Brig. Gen. Dennis Crall left in February for a new position in the Office of the Secretary of Defense. Ken Bible, deputy director of C4 and deputy CIO, had been acting CIO.
Additionally, Andy Blumenthal started a new position as program manager in the Office of Associate Director for Management Resources (ADMR) at National Institute of Standards and Technology.
Blumenthal joined the government in 2000 and served in a variety of senior IT roles including chief enterprise architect for the Secret Service and the State Department’s CIO for Global Information Services. Since 2017, he worked in the Department of Health and Human Services as the deputy chief operating officer in the Office of the Assistant Secretary for Preparedness and Response.
Finally, former Veterans Affairs CIO Scott Blackburn returned to his former company, McKinsey & Company, after leaving the government in early July.
Blackburn, who previously spent nine years with McKinsey, came back to the consulting firm in the public sector office focusing on health care, technology and large-scale transformation.
He spent more than three years at VA, including the eight months as interim CIO.