The Obama Administration will reportedly tap retired Air Force Brigadier General Gregory Touhill to become the U.S.’s first cybersecurity chief, in order to shore up the country’s defenses against hackers. It’s said that the announcement could come happen later today, and Touhill would assume his post later this month.
According to Reuters, Touhill’s job will be to protect the government’s networks and critical infrastructure from cyber attacks in his capacity as the chief information security officer (CISO). This would be a promotion for him, as previously he served as the deputy assistant secretary for cybersecurity and communications within the Department of Homeland Security.
The naming of a CISO comes near the end of President Obama’s second term and also in a time when the country is plagued by numerous cyberattacks, including perhaps most prominently the hacks against the Democratic National Committee (DNC), which U.S. intelligence agencies said they have “high confidence” that the Russian government was behind the attacks. Also, the government has seen its Office of Personnel Management department hacked, with more than 22 million records stolen. A Congressional report issued this week found that “rudimentary cyber security recommendations that could have mitigated or even prevented” the attack were not followed.
Obama has called cybersecurity “one of the most important challenges we face as a nation” and naming Touhill to the CISO position would be the latest effort he’s taken over the past 7 years, including passing the Cybersecurity Act of 2013 and implementing his Cybersecurity National Action Plan (CNAP), which involves establishing a commission to study vulnerabilities in the public and private sectors, modernizing the government’s infrastructure, supporting stronger security for online accounts, and spending $19 billion in investments to secure the nation. The cybersecurity chief is a core component of this plan.
“I am concerned about it, I don’t think we have it perfect,” Obama said at a news conference in July talking about cybersecurity. “We have to do better, we have to learn from mistakes. We know that we have had hackers in the White House.”
This December, the president is expected to receive a report from his cybersecurity commission on how to strengthen critical systems and ways to attract experts to work with the government.
While Touhill’s role is new, the Obama Administration has had people in similar capacities advising the president on these matters. “[The chief information security officer] is a key role that many private-sector companies have long implemented, and it’s a good practice for the federal government,” said Tony Scott, the U.S. Chief Information Officer.
Touhill is described on his LinkedIn profile as “one of the nation’s premier cybersecurity and information technology senior executives.” For more than 2 years, he’s been at the Department of Homeland Security, serving in a capacity similar to the one that he’ll reportedly soon have, leading more than 20 national cyber incident response actions, “ranging from the [Office of Personnel Management] data breach to major private sector cyber incidents.”
He served in the U.S. Air Force for more than 21 years until 2005 before working in technical positions with the U.S. Central Command, U.S. Embassy in Kuwait City, U.S. Transportation Command, and even running his own I.T. consultancy, Touhill Technology Management.