CISO Exchange no more

Steve O’Keeffe’s defense of a for-profit forum for government and private-sector chief information security officers (CISOs) ended April 14 when he decided to disband the initiative.

O’Keeffe, principal of public relations firm O’Keeffe and Co., had spearheaded the CISO Exchange, an effort announced by House Government Reform Committee Chairman Rep. Tom Davis (R-Va.) in February.

Participants cut ties to the exchange when government and industry officials charged that the organization appeared

to sell access to policy-makers. A select number of companies were to pay $75,000 for full memberships, while others could have paid $5,000 or $25,000 for restricted memberships.

O’Keeffe said last week that he is releasing “any organizations that have made commitments to the CISO Exchange, whether contractual or financial,” a few hours after CIO Council officials announced they would end any relations with the exchange. Council members said they will establish a new, open and accessible forum for the public and private sectors.

Council officials recommended the organization’s Best Practices Committee begin addressing ways to improve agency grades on an annual federal cybersecurity score card. Among the possibilities they are discussing is issuing a general call for white papers on cybersecurity and holding a symposium on the best ones.

Industry Advisory Council board members voted unanimously to create a forum for public- and private-sector CISOs if the CIO Council requests it. Such a forum would be supported by IAC’s Information Security and Privacy Shared Interest Group, said Bob Woods, IAC’s chairman.

Nothing from O’Keeffe’s structure would remain if IAC sets up a cybersecurity forum, Woods said. “It’s not a hand-off deal.”

Two companies, Computer Sciences Corp. and NetSec, had committed to full participation in the exchange, agreeing to pay the $75,000 membership fee, O’Keeffe said earlier this month. CSC, however, withdrew from the initiative early last week.

“Any time there is a question or a perception of buying client access, we’re not going to be involved,” said a spokesman for Austin Yerks, CSC’s president of federalsector business development.

NetSec let the project’s abrupt end speak for itself. “It’s our understanding that it has dissolved, so there’s nothing to withdraw from,” a company spokesman said April 14, adding that company officials are disappointed that the CISO Exchange did not come to fruition.

A major cause of the controversy surrounding the exchange was a plan to publish an annual report. CISO Exchange publicity materials had listed Melissa Wojciak, staff director of the House Government Reform Committee, and Vance Hitch, the Justice Department’s chief information officer and the CIO Council’s privacy and security liaison, as co-chairpeople of the group’s advisory board.

Given the involvement of senior members of Davis’ staff and the CIO Council, many feared the group’s report would be perceived as representing government policy.

O’Keeffe and Co. would not have profited from the exchange, O’Keeffe added. Money collected for the exchange would have gone to O’Keeffe’s holding company, Bonaparte Holdings, “which is used to maintain a distinct identity to ensure there is no potential for mixing the funds,” he said.