The Obama administration’s move to hire the first-ever federal chief information security officer in the wake of wide-scale hacking of government computer systems is a positive step, according to a group of industry executives that advises the president.
But adding the new role could be “disruptive,” the execs warn and the CISO needs clearly defined job responsibilities and “top-down support” to be effective.
That’s one of the recommendations from the National Security Telecommunications Advisory Committee, a group of 30 industry executives who advise President Barack Obama on technology and national security.
The group presented the recommendations in a March 10 letter to Obama.
Earlier this year, the committee was tasked with weighing in on the administration’s Cybersecurity National Action Plan, released last month in connection with the president’s fiscal 2017 budget request. Along with hiring a CISO, the plan also called for upping annual spending on information security by more than 35 percent and establishing a federal commission on cybersecurity.
CISO Needs Top-Down Support
The committee recommended the CISO have the authority to assess risks across agencies, establish baseline security requirements and measure compliance.
In addition, the committee recommended the CISO play a key role in setting and approving IT security-spending priorities.
“In industry’s experience, CISOs must have the authority to approve or escalate inquiries about the development of appropriate technologies and processes being considered for deployment,” the letter stated.
Still, the committee cautioned, carving out a new IT security chief can be “disruptive,” especially if the new position’s authority overlaps with or…