Government , Industry Specific , Standards, Regulations & Compliance

Former US CISO on New US Cybersecurity Strategy: 'It's Bold'

Gen. Gregory Touhill Weighs in on Merits of Product Security by Design and Default
Gregory Touhill, director, CERT Division, Carnegie Mellon University, Software Engineering Institute

Retired Air Force Gen. Gregory Touhill was the very first U.S. federal CISO back in the Obama administration, and he's encouraged by the new national cybersecurity strategy.

See Also: Making Sense of FedRAMP and StateRAMP

"I think it's bold, really bold," Touhill says of the strategy, released Thursday. He's most encouraged by how it shifts cybersecurity responsibility from consumers to manufacturers of vulnerable products and realigns incentives to promote long-term investments to overcome obstacles such as technical debt.

"I think they're bold, but I also recognize they're probably not going to be well received in all circles," says Touhill, who is currently the director of the CERT Division at Carnegie Mellon University's Software Engineering Institute. "I think this is going to start a very public and open conversation as to how we want to address cyber risk to the nation and our critical infrastructure."

In this video interview with Information Security Media Group, Touhill discusses:

  • What the new strategy does and does not cover sufficiently;
  • Why information sharing and collaboration are no longer enough;
  • Ideas to address critical infrastructure security and the workforce skills gap.

Touhill, one of the nation's premier cybersecurity and information technology senior executives, is a highly experienced leader of large, complex, diverse and global cybersecurity and information technology operations. He was selected by President Barack Obama as the U.S. government's first chief information security officer. His other civilian government service includes duties as the deputy assistant secretary for cybersecurity and communications in the U.S. Department of Homeland Security and as director of the National Cybersecurity and Communications Integration Center, where he led national programs to protect the United States and its critical infrastructure. Touhill is a retired Air Force general, a highly decorated combat leader, an author and a former American diplomat.


About the Author

Tom Field

Tom Field

Senior Vice President, Editorial, ISMG

Field is responsible for all of ISMG's 28 global media properties and its team of journalists. He also helped to develop and lead ISMG's award-winning summit series that has brought together security practitioners and industry influencers from around the world, as well as ISMG's series of exclusive executive roundtables.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.