Greg Touhill OMB CISO Spoke today at an AFCEA Lunchen in McLean VA.
I had the opportunity to ask him the following Questions:
How can we measure the effectiveness of efforts to enhance cyber resiliency? What can government and industry learn from each other through Collaboration?
The Baldrige-Cyber initiative is mentioned in the transition documents. How do you think we can take advantage of this?
Audio Response from Greg Touhill OMB CISO for questions from Charlie Tupitza of our Forum. Below
A few notes from Greg Touhill’s talk at the Tyson Sheraton Hotel 2 December 2016
He talked about the Government protecting the peoples information while preserving civil rights and civil liberties. “Keeping the fighter-pilot simple”.
He wants to harden the workforce with cyber carrier work-paths.
He asks us to look at information as an asset. We need to determine the value of information we are protecting and using.
When we try to defend everything we defend nothing. priories must be established. the focus needs to be on high value assets. He mentioned that the OMB will release guidance for the government on how to do this.
We need to do the right things the right way up and down the chain and understand each role and responsibility. He suggests regular exercises to aide in the understanding of this. He mentioned the creation of hunt teems during this year within the government to patrol high value assets.
We need to continuously innovate and invest wisely. Touhill’s Law: “One human year is equal to 25 computer years.”
We must make informed risk decisions at the right level.
Board and C Suite need to pay attention.
Greg said CIO’s need to focus in the application layer.
The government will look to consolidate access points.