The Lamont administration has parted ways with Connecticut’s first-ever chief cybersecurity risk officer, and plans to create a new position to oversee cyberdefenses, the Hartford Business Journal has learned.
Arthur House worked his final day as the state’s cybersecurity czar Oct. 11, a day after the state released the results of a major annual review of utility cyber defenses — a process House helped negotiate and design when he was chairman of the Public Utilities Regulatory Authority.
In an interview, House said he was proud to have helped Connecticut become a “national leader in the review of critical infrastructure cybersecurity.”
“That’s good and I hope that continues,” he said.
He didn’t have a clear answer, however, for how the state might tackle cybersecurity challenges moving forward.
“There’s some uncertainty about where cybersecurity fits into the state’s plans, but I’m not the one to provide the answer to that,” he said.
Reached Friday, Lamont spokesman Max Reiss praised the work House had done as cybersecurity czar and said he may play a consulting role in the future. Reiss insisted that cybersecurity is a priority for Lamont.
Reiss said the administration is planning to create a new position, called chief information security officer, or CISO.
It wasn’t clear exactly when that might happen, but Reiss said the state would conduct a nationwide search.
”The administration is still fleshing out the precise qualifications for the CISO,” he said.
Department of Administrative Services Commissioner Josh Geballe, a former IBM executive, is leading that effort.
Former Gov. Dannel P. Malloy named House the state’s first-ever cybersecurity czar in 2016. It was technically a “durational project manager” position, with a two-year limit, but Malloy extended it by another year a few months before leaving office.
House has a broad resume. He previously worked in communications roles for the Office of the Director of National Intelligence and the National Geospatial-Intelligence Agency, a combat support agency of the U.S. Department of Defense. He’s also worked for Cigna, Aetna, and held several positions for elected members of the U.S. Senate.
Despite the fact that utilities here have thwarted the many hacking attempts they encounter each year, House consistently sounded the alarm about cybersecurity, warning that the state should not be complacent.
“I have no idea how to shake loose those who are still complacent,” House said last year at an event in East Hartford. “Some say it’s not going to happen until there’s a cyber ‘9/11.’ ”
An action plan co-authored by House last year detailed a number of perceived challenges. It called for ways to effect better coordination and greater focus on cybersecurity across a variety of sectors, including state agencies, municipalities and colleges.
How the state pursues those efforts moving forward, as well as the annual utility review, will be up to whoever fills the planned CISO role, Reiss said.
