An open letter to the first U.S. cybersecurity chief
Gregory Touhill, the United States' first federal chief information security officer.
The Obama administration recently appointed the United States' first federal chief information security officer, in the latest of a series of moves aimed at shoring up cybersecurity both within the government and the country at large. Former Air Force general Gregory Touhill has been named to the post, the duties of which were described in the administration's announcement:
General Touhill is currently the Deputy Assistant Secretary for Cybersecurity and Communications in the Office of Cybersecurity and Communications (CS&C) at the Department of Homeland Security (DHS), where he focuses on the development and implementation of operational programs designed to protect our government networks and critical infrastructure.
In his new role as Federal CISO, Greg will leverage his considerable experience in managing a range of complex and diverse technical solutions at scale with his strong knowledge of both civilian and military best practices, capabilities, and human capital training, development and retention strategies.
Historically, the U.S. government has placed a lot of emphasis on fighting hackers and stopping cybersecurity attacks, but that's just a small piece of the overall security puzzle, says Constellation Research VP and principal analyst Steve Wilson. There's a major opportunity for Touhill to drive a much broader and more valuable cybersecurity agenda with a focus on authentication and encryption. (It should be noted that Touhill, as an appointee, could be replaced by the incoming administration.)
"Giving citizens the ability to manage their diverse identities and attributes online is critical when it comes to the digital economy," Wilson says. "The root cause of so much cyber insecurity right now is stolen passwords and identity theft."
Moreover, many U.S. government agencies are going toward a mobile-first strategy for service delivery. It makes perfect sense for the government to back efforts such as the FIDO Alliance, an industry consortium working on a set of specifications for advanced authentication leveraging the features of smart devices, such as biometrics.
Last year, the government office charged with implementing the National Strategy for Trusted Identities in Cyberspace joined FIDO. In his high-profile role, Touhill could serve as a strong advocate for more U.S. agencies to join the effort.
Of course, there's the question of how much the U.S. public would trust stronger advocacy for authentication from the government in light of the domestic surveillance revelations of recent years, and controversial actions such as the FBI's demands for a security backdoor on a suspected terrorist's iPhone.
It's important for the public to take a measured view, Wilson says. While the FBI may have overreached, you have to assume that its general goal is go after the bad guys, he adds.
However, the U.S. government "still has to have a genuine conversation with the public about privacy," he says. "Ever since 9/11, there has been a thesis that the world has changed and the security-privacy balance needs to be shifted. I don't know if that's true but why don't we have a conversation about it? I don't see many governments having that discussion in good faith. They're saying, 'trust us.'"To that end, Touhill is in a position to kick off just such a conversation. Watch this space.
Constellation Insights is a subscription-based online news service by Constellation Research. Insights analyzes major industry announcements and developments impacting startups and global enterprises. Learn more about Constellation Insights.