Federal Chief Information Security Officer Unveils Plans to 'Proportionally' Protect Data

The White House's first chief information security officer has ambitious plans to shore up government cybersecurity, including elaborate educational campaigns for employees and ensuring investments in data protection are proportional to the value of that data. In one of his first public appearances since his appointment in Sept, Gregory Touhill said his approach to cybersecurity was multipronged with separate goals for hiring cyber talent; educating federal workers about cyber hygiene; and encouraging agencies to treat information as an "asset" by considering whether it's worth it to invest in high-tech protections for low-value data sets.

"We focus too much on the technology and the keyboard stuff," he said. "Protecting information could be as simple as not discussing certain information over the phone, guarding the paperwork that you provide, shredding information that appropriately needs to be disposed of." In 2017, his team plans to come up with new ways to "educate and train and hopefully entertain our workforce, to help them better understand both the 'why' as well as the 'how' of cybersecurity," Touhill said. Annual reviews of computer programs, he added, won't be enough to ensure proper cyber protection. In the near term, the administration plans to launch Cyber.gov, a repository for information about cybersecurity-related goals and strategies, in the next couple of weeks. A group of federal CISOs will have their first meeting Oct 28; Touhill is also considering setting up a volunteer CISO advisory council.