The CISO Exchange, a newly formed public-private partnership that hoped to improve federal IT security, has been dismantled after key participants withdrew from the effort.
Steve O’Keefe, executive director of the CISO Exchange, confirmed Thursday that he ended the effort. The group was launched earlier this year by the House Government Reform Committee after federal agencies received another poor annual IT security report card.
O’Keefe’s announcement comes after the group’s co-chairs withdrew from the program. A spokesman for the House committee said Wednesday that neither the committee’s chairman, Rep. Tom Davis (R-Va.), nor the committee would be involved in the exchange, citing concerns with the group’s structure and fees.
On Thursday, the CIO Council (CIOC) formally withdrew its membership from the exchange and reassigned the task of improving federal cybersecurity grades to its best practices committee.
“While we firmly support the CISO Exchange’s objective of improving the federal government’s security posture and improving cybersecurity scorecard grades, we believe the most appropriate context for doing so is through the CIOC’s Best Practices Committee,” Karen Evans, administrator for e-government and IT at the Office of Management and Budget and CIOC director, said in a statement.
Controvery about the exchange started last week, after the group unveiled its structure and fees. It planned to charge fees to industry advisory board members and participants, ranging from $75,000 for full participation to $5,000 for a lower level of membership. The fees would support the exchange.
Officials expressed concern that the fees could appear to buy access to government policy makers.
In response, O’Keefe said, “We think there needs to be a bright line to clarify any ambiguity about what is and what is not appropriate in a public-private partnership and clearly, a public-private partnership is critical to move the ball forward on this issue of national import.”