The Obama administration has announced its intention to appoint the United States' first ever federal chief information security officer (CISO). On Tuesday, the President is expected to roll out a budget of $19 billion for federal information security spending. That budget, which marks a 35 percent increase over last year's allotment of $14 billion, will create a presidential commission on information security as well as the nation's first federal CISO position.
“That’s a key role that many private-sector companies have long implemented and it’s good practice for the federal government,” Federal CIO Tony Scott said ahead of the president’s budget rollout, as quoted in Federal Times.
Danny Yadron of The Guardian observes that the creation of a federal CISO is a long-overdue move by the Obama administration. He argues that in the absence of this position, the federal government has at times struggled to respond to a number of high-profile attacks and breaches, including the hack against the Office of Personnel Management (2014), the State Department email system attack (2014), and a breach of DOJ employees' information just recently.
The role, which the Obama administration hopes to fill within the next few months, will be housed in the Office of Management and Budget at the White House and will coordinate information security across federal agencies. Those efforts will be augmented by the forthcoming budget's creation of an "Information Technology Modernization Fund", a $3.1 billion allotment which can help to upgrade the systems that interconnect various federal agencies, reports The Hill. The CISO will also be in charge of improving government workers' overall security awareness. Such attempts at security hygiene will hopefully communicate to them the importance of regular patch implementation and the dangers of social engineering, thereby helping to prevent similar events such as the recent DOJ breach in which an employee gave the attacker a valid login token from happening again in the future.
