Grant Schneider, the acting federal CISO who has been running the shop since his boss left just before the inauguration, is getting a second role within the White House as a senior director for cybersecurity at the National Security Council, an administration official tells CyberScoop.
Schneider will take over one of the “recently vacated senior director positions within the cybersecurity directorate on the NSC led by Rob Joyce,” the official said in an email. Schneider is the deputy CISO, but has been acting since federal CISO Gregory Touhill departed in mid-January.
“In order to increase synergy and alignment of national and federal cybersecurity strategy, policy, and guidance,” Schneider will continue to do the CISO job at the Office of Management and Budget, the official added. “He will continue to lead and manage the federal CISO team at OMB as well as the ‘homeland’ portfolio within the NSC Cybersecurity Directorate.” That homeland position was most recently filled in an acting capacity by another holdover from the Obama administration, Heather King, who left along with her colleague Cheryl Davis at the end of July.
The administration official said that dual hatting Schneider would improve federal cybersecurity in three ways: “Overall defensive posture of federal and critical infrastructure cybersecurity; ability to leverage [U.S. intelligence agencies] to support Federal cybersecurity; [and] incident response.”
But Schneider’s former boss, while emphasizing his admiration for the man, questioned the choices underlying the move, which was first reported by Politico.
Touhill told CyberScoop that the restructuring was “well within the authority of the executive branch.”
But he added “While I was CISO I worked very closely with [Joyce’s predecessor as White House Cyber Coordinator] Michael Daniel and his team in the NSC … Our major challenge wasn’t the effective linkages between NSC and OMB, it was for the departments and agencies to execute well.”
“These are both full time jobs,” Touhill noted. “The two positions have two distinct chains of command as well as authorities … NSC focuses on strategic policy and operations while OMB focuses on management and budget. The outline of proposed duties for [Schneider] on the NSC is hefty, yet so are those of the CISO in OMB. Straddling between the two will present some significant challenges.”
The homeland portfolio in the NSC cybersecurity directorate includes federal cybersecurity, critical infrastructure, information sharing, privacy, and support to state and local governments. Other portfolios cover global issues, intelligence and military cyber matters.
“Who will he report to?” Touhill asked of Schneider. “And what happens when they appoint a federal CISO, if they do? … Will the new CISO be assigned to OMB while the deputy straddles both organizations?”
“It will be a huge challenge for [Schneider] to balance these two important and challenging jobs,” concluded Touhill, “He’s a good man and I’ll support him any way I can.”
The administration official said only that Schneider “will have responsibilities and duties for each organization,” pointing out that he is “well known as a cybersecurity expert” and has held several high-stakes cybersecurity jobs in the previous administration.