CIO Council ponders security forum

The CIO Council may issue a general call for white papers on federal cybersecurity and hold a symposium on the best ones, a government spokesman said today.

"It's something that's being considered, but no call has gone out at this point," said Bill Mosley, a spokesman for the CIO Council’s vice chairman, Dan Matthews.

The white paper call and symposium could be the way the council creates an open and accessible forum for chief information security officers (CISOs), Mosley said. The CIO Council’s director, Karen Evans, who is also the Office of Management and Budget’s administrator for e-government and information technology, could not be reached for comment.

The concept of a forum in which government and industry information security officials could exchange best practices continues to have widespread support. However, an effort by public relations and marketing firm O'Keeffe and Co. to create a for-profit CISO Exchange has come under fire by government and industry officials.

Mosley's statement comes after people identified by O'Keeffe as exchange members have distanced themselves from the initiative.

CIO Council officials are "trying to see if we can keep the concept alive, because we like the concept, but do it in a form we're comfortable with," said Vance Hitch, the Justice Department’s chief information officer. Hitch spoke to Federal Computer Week April 12.

Critics have objected to the idea of paying to join a forum that would produce an annual security report. Under the exchange’s structure, full industry participation costs $75,000 and is limited to six representatives of systems integrators. Other industry officials can join for $25,000 or $5,000, with decreasing levels of access and authority over exchange efforts.

Many industry officials have expressed concern that the exchange's report could be perceived as an official government document if prominent federal information security officials are part of the organization.