Touhill steps down as CISO

The federal government's first CISO has stepped down, and it's not clear if the position will survive.

Gregory Touhill
 

Greg Touhill stepped down from the post of federal chief information security officer.

The first governmentwide chief information security officer has stepped down.

Greg Touhill, was appointed to the new CISO position by President Barack Obama in September, stepped down on Jan. 17.

Touhill, a retired Air Force brigadier general, had been deputy assistant secretary for cybersecurity and communications at the Department of Homeland Security before he got the call from the Office of Management and Budget for the CISO job. The CISO position was created by the OMB as part of the Cybersecurity National Action Plan.

News of the resignation was first reported by Politico.

In October, at an AFCEA Cybersecurity summit in Washington, Touhill said he hoped to stay in the job through the transition. But, at the same event, Touhill said although he was confident his mission and strategy to protect federal IT were vital to any administration, he hedged. "Like all [political appointees], I'm on a Cinderella clock," he said.

The position is a tricky one to pin down anyway, according to former top White House cybersecurity advisor.

"The CISO position is a tough one to unpack," said Trevor Rudolph, former chief of the Cyber and National Security Unit Office housed at OMB. "On the one hand -- a great idea. It should have been done."

But Rudolph told FCW that the CISO position itself had problems from the beginning. "The position itself was rushed," he said. "There was not broad federal-wide agreement on the authorities of the position."

The job of CISO under Touhill has been about elevating the conversation inside and outside government about the importance of basic cybersecurity hygiene. He backed an idea to create a cybersecurity animal mascot along the lines of Smokey Bear or McGruff the Crime Dog. He was charged with convening a governmentwide CISO council and he wanted to publish cybersecurity best practices on a website at Cyber.gov. That URL is live at the Office of Management and Budget, but the page is currently blank.

The president-elect hasn't said whether he intends on appointing a new federal CISO.