Agencies join new cybersecurity group

A new advisory board will meet this month with hopes of improving the government's flagging cybersecurity grades.

The group will consist of seven government cybersecurity executives, two private sector corporations and a representative of Rep. Tom Davis, R-Va.

With several agencies struggling to maintain the security of their computer systems, the founders of the for-profit Chief Information Security Officers Exchange believe that a forum for the cybersecurity industry and the government will improve agencies' information technology security, which recently received a D+ in an annual review by the House Government Reform Committee.

The CISO Exchange's advisory board includes chief information security officers from the departments of Defense, Homeland Security, Housing and Urban Development, Justice and State and the Internal Revenue Service chief information officer. Representatives from the internationally-based Computer Sciences Corp. and Herndon, Va.-based NetSec fill two of the six industry seats on the group's steering board and currently fund the work with $75,000 annual membership fees each.

Ken Ammon, president of NetSec's government solutions division, said the private industry groups on the board hope to educate their customer--the government--and by including government security decision-makers on the board, will help eliminate "stove pipes" between agencies.

"Any opportunity to exchange winning strategies is good for everyone," Ammon said. "A confused and unfocused marketplace is not a very good place to do business, and it's difficult for the government official."

The advisory board will be co-chaired by Melissa Wojciak, House Government Reform Committee staff director, and Vance Hitch, the Justice Department's chief information officer.

Hitch, who also chairs the Chief Information Officer Council's committee on cybersecurity and privacy, said the group will exchange ideas with representatives from the Government Accountability Office and the inspectors general.

The group's advisory board will hold its first meeting later this month; the first quarterly program meeting, which will include agencies' CISOs, is scheduled for May. The CISO Exchange will produce an annual report on government cybersecurity issues and will host a black tie awards dinner the same day as the Federal Computer Security Report Card grades are released in 2006.

Steve O'Keeffe, founder of the CISO Exchange's managing partner, O'Keeffe and Co., said the group will provide a platform for sharing best practices in cybersecurity.

Industry members that do not qualify to sit on the board can join the CISO Exchange as "partners" after approval from the board and a $25,000 membership fee. O'Keeffe said board members will not be able to exclude competitors from joining the organization, and the purpose of vetting companies is to ensure that members have enough resources to contribute.

A third membership level costs $5,000 and allows limited participation in events, including the opportunity for two companies drawn from a lottery to sit in on the group's events.

"We deliberately established this so that it would not be cost prohibitive, but it would be inclusive," O'Keeffe said. "Those people that are stepping up to sit on the advisory board are going to bring significant resources in order to move the ball forward."

As the managing partner of the CISO Exchange, O'Keeffe said his company would treat the group as one of their clients, which pay by the hour for its services.

"We've put forth a significant amount of effort on this initiative and still have not generated any membership revenue," O'Keeffe said. "There's been an enormous amount of work that has gone into this program to date, and it is all work that's been taken on our expense."