recommended reading

Federal CISO Unveils Plans to ‘Proportionally’ Protect Data, Create a Cyber Mascot

Army Cyber Institute/YouTube

The White House's first chief information security officer has ambitious plans to shore up government cybersecurity, including elaborate educational campaigns for employees and ensuring investments in data protection are proportional to the value of that data. 

In one of his first public appearances since his appointment last month, Gregory Touhill told an audience in Washington Tuesday his approach to cybersecurity was multipronged with separate goals for hiring cyber talent; educating federal workers about cyber hygiene; and encouraging agencies to treat information as an "asset" by considering whether it's worth it to invest in high-tech protections for low-value data sets. 

"We focus too much on the technology and the keyboard stuff," he said. "Protecting information could be as simple as not discussing certain information over the phone, guarding the paperwork that you provide, shredding information that appropriately needs to be disposed of." 

In 2017, his team plans to come up with new ways to "educate and train and hopefully entertain our workforce, to help them better understand both the 'why' as well as the 'how' of cybersecurity," Touhill said. 

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

Annual reviews of computer programs, he added, won't be enough to ensure proper cyber protection.

In the near term, the administration plans to launch, a repository for information about cybersecurity-related goals and strategies, in the next couple of weeks. A group of federal CISOs will have their first meeting Oct. 28; Touhill is also considering setting up a volunteer CISO advisory council. 

Longer term, there will be an increased push for continuous diagnostic mitigation technology, and eventually, hunt-teams could actively look throughout dot-gov domains for hackers, he said.

"If I had my way, we'll do a bug bounty across dot-gov, and the program office that fielded the flawed code would reimburse the bug bounty pool," he added. 

Part of Touhill's plan is to help agencies make more deliberate investment decisions, he explained.

"I don't want to spend 10 bucks guarding a $5 piece of information," he said. "I want to go out there and have proportional defense," which requires a deep understanding of all the information being protected. 

Some of his ideas were more whimsical. For instance, he has already spoken to the Education Department about creating a competition asking school children to come up with a manifestation for a cyber mascot, called "Byte," modeled after Smokey the Bear, and McGruff the Crime Dog, both used to spread awareness among children about public safety issues. 

"Wouldn't it be cool if the school kids in America got their energy and their enthusiasm and their creativity and ... help us define something that will be an enduring reminder of the importance of cybersecurity in society?" he said.

Despite the fact he joined the White House near the end of the administration, Touhill said he expects to be in the office through the transition and aims to train incoming senior executives about cyber response.

"I raised my hand and I expect a full tour of duty," he said. "I'm playing it for the long game as opposed to 'I'm only to be around for a couple of weeks.'"

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.


When you download a report, your information may be shared with the underwriters of that document.