Feds Abandon Vendor-Backed Cybersecurity Forum - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Infrastructure

Feds Abandon Vendor-Backed Cybersecurity Forum

Following the lead of an influential congressman, the White House announced the CIO Council's withdrawal from security-vendor-funded CISO Exchange.

Count the federal CIO Council as the latest government institution to rapidly retreat from the nascent but ill-fated Chief Information Security Officers Exchange because of fund-raising practices.

Karen Evans, the administration's top IT official, said in a White House statement issued Thursday that she accepts the CIO Council's recommendation to withdraw from the CISO Exchange, a privately financed group headed by government IT experts to help develop practices to improve cybersecurity. Evans said she's asking the CIO Council's best-practices committee to develop ways to improve weak cybersecurity scores among federal departments and agencies.

"While we firmly support the CISO Exchange's objective of improving the federal government's security posture and improving cybersecurity scorecard grades, we believe the most appropriate context for doing so is through the [CIO Council's] best-practices committee," said Evans, administrator for E-government and IT in the White House Office of Management and Budget. The administrator also chairs the CIO Council, a group composed of the CIOs of major federal departments and agencies.

If the government hadn't withdrawn from the exchange, the fellows would have served on the advisory board with CIO Lisa Schlosser of the Department of Housing and Urban Development and CISOs Dennis Heretick of Justice, Robert Lentz of Defense, Jane Scott Norris of State, and Robert West of Homeland Security.

Evans' comments came nearly a week after House Reform Committee chairman Tom Davis, R.-Va., announced his withdrawal of support for the CISO Exchange because of the way the group solicited money from vendors to support its operations. The CISO Exchange was to hold quarterly education meetings as well as produce a report on federal IT security priorities and operations.

Earlier this month, the CISO Exchange established a $75,000 fee for companies to join as an industry member of its advisory board, with lower-level memberships ranging from $5,000 to $25,000. Critics say the fee scheme gives the impression that vendors could pay to gain access to top government officials who decide on IT budgets and purchases.

A Davis spokesman suggested the pay structure reeks of payola and said the chairman wasn't involved in any decision on how to finance the exchange's activities. "We did not know anything about play to pay," the spokesman said. "We had no role in or input in any fees."

The idea of the exchange came from Stephen O'Keefe, whose public-relations firm manages the CISO Exchange, the spokesman said. O'Keefe said he didn't see a problem with the way the organization was to raise money since government IT officials have participated in IT-industry-financed organizations for years.

Indeed, government IT leaders actively participate in events sponsored by groups such as the Industry Advisory Council, which is financed by technology vendors, as well as trade shows sponsored by publications that solicit tens of thousands of dollars in sponsorships from IT companies. "It's one thing to have a business pay for a lunch, but another to exclude interested parties with exorbitant fees," the spokesman said.

The Industry Advisory Council is considering taking over CISO Exchange activities.

In February, with much fanfare, Davis and the CIO Council revealed the formation of CISO Exchange, which was to be co-chaired by Justice Department CIO Vance Hitch, head of the CIO Council's cybersecurity and privacy committee, and a top aide to Davis, Melissa Wojciak, staff director of the House Government Reform Committee. The committee provides oversight to government IT.

At that time, another Davis aide said the congressman didn't see a problem with businesses funding a government group, pointing out that government procurement laws and regulations require multiple bidders, so companies financing the exchange won't have undue influence on federal IT officials. Said Drew Crockett, the House panel's deputy communications director, "Statutes are in place to prohibit cronyism."

How exclusive was industry board membership? According to the exchange, only six fellows would have served on the advisory board for one-year terms.

According to a press release posted on the exchange's Web site, two industry fellows were named earlier this month to its advisory board: Austin Yerks, president of business development-federal sector at IT services firm Computer Sciences Corp., and Ken Ammon, president and co-founder of IT security services provider Network Security Technologies Inc., also known as NetSec.

A brochure on the Web site touts the closeness between the fellows and federal CIOs. "The CISO Exchange advisory board meets face to face quarterly and communicates on an ongoing basis through online dialogue," the brochure reads. "CISO Exchange fellows roll up their shirtsleeves to work side by side with federal CISOs to develop innovative solutions to federal IT security challenges."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Commentary
IT Salary Report 2020: Get Paid What You Are Worth
Jessica Davis, Senior Editor, Enterprise Apps,  2/12/2020
Slideshows
10 Analytics and AI Startups You Should Know About
Cynthia Harvey, Freelance Journalist, InformationWeek,  2/19/2020
News
Fighting the Coronavirus with Analytics and GIS
Jessica Davis, Senior Editor, Enterprise Apps,  2/3/2020
White Papers
Register for InformationWeek Newsletters
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Video
Current Issue
IT Careers: Tech Drives Constant Change
Advances in information technology and management concepts mean that IT professionals must update their skill sets, even their career goals on an almost yearly basis. In this IT Trend Report, experts share advice on how IT pros can keep up with this every-changing job market. Read it today!
Slideshows
Flash Poll