Modern field guide to security and privacy

Why the federal CISO could be cybersecurity game changer

Federal Chief Information Officer Tony Scott says the government's first chief information security officer will have the broadest support ever for the new role. 

|
Tony Avelar/The Christian Science Monitor
From left: Federal CIO Tony Scott, Suzanne Spaulding of the Department of Homeland Security, and Stephen Ward, CISO of TIAA, appeared at the second annual Beat the Breach event in San Francisco on March 1.

If you thought about applying to be the government's first ever chief information security officer, it's too late. The job posting closed this week, and White House appears to moving quickly to select its inaugural CISO.

Since President Obama announced the new position along with Cybersecurity National Action Plan last month, it's been greeted largely with cautious optimism among digital security practitioners.

CISO positions have become increasingly common at many big companies due to the immense financial and legal costs that come with data breaches. However, the question many experts have about the federal CISO position is whether it'll have the authority and support in government to actually make a difference. 

Tony Scott, the government's chief information officer, brushed away those concerns during a panel Passcode moderated on the sidelines of this week's RSA Conference in San Francisco.

"The first person in the role is going to have a great opportunity to show what can be done in the role with the right leadership and the right collaboration," Mr. Scott said. 

In fact, he said, the incoming CISO will likely enjoy the "broadest support for that role that’ll ever exist" due to the recognition across the government that it needs to vastly improve how it handles cybersecurity at the federal level.

Mr. Scott, who became the White House CIO last February, was among the cadre of government officials who traveled from Washington to the conference to deepen connections with the cybersecurity industry as well as to get buy-in from leaders in the field. 

"I would love to have a CISO in the government that I could call and that I could collaborate with," said Stephen Ward, the chief information security officer at TIAA, the financial services giant. 

The new CISO, Mr. Ward said, will face some daunting challenges as the massive federal government attempts to overhaul its digital security and data handling practices. "Anytime you are breaking ground like that you’re going to have your challenges," said Ward, who also spoke on Tuesday's panel. "We’ve all been through these big transformations. The first one is always the hardest."

But the position – at least in theory – appears to have the gained the backing of a wide swath of technology experts. In a recent Passcode Influencer's poll, 77 percent of respondents said the new CISO would be able to improve federal cybersecurity, even though many worried about bureaucratic and cultural obstacles to his or her success. 

"While it is unclear how much authority, budget, support, and direct reports the new position will have, at this point a CISO advocate for the federal government is a good thing," said Jeff Moss, noted security researcher and founder of DEF CON Communications, in response to the poll. "That said, the position should be larger in scope."

In addition to the recent announcement of the CISO position, this year's RSA Conference came on the heels of a series of Obama initiatives to update government computers, implement more robust security practices, and encourage the sharing of threat intelligence between companies and government.

"We really need to embrace this sharing of cyberthreat indicators and cyberthreat information," said Suzanne Spaulding, under secretary for the National Protection and Programs Directorate at the Department of Homeland Security, who also participated in the Passcode panel. 

Ms. Spaulding stressed to the crowd of some 200 industry executives that they should embrace the idea of sharing intelligence about cyberthreats with the government – and among other companies – to lessen the blow that could be caused by a malicious hacker.

"If we can get that information out," she said, "that adversary might be able to get away with it once, but only once."

 

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to Why the federal CISO could be cybersecurity game changer
Read this article in
https://www.csmonitor.com/World/Passcode/2016/0304/Why-the-federal-CISO-could-be-cybersecurity-game-changer
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe