2019 National Cyber Summit

Keynote Speaker Dr. Ron Ross

Session Information

Building Trustworthy, Secure Systems for the United States Critical Infrastructure: An Urgent National Imperative
Wednesday, June 06, 2018 09:15AM - 10:15AM
Today, the cybersecurity threats to our government, businesses, critical infrastructure, industrial base, and people are as severe as threats of terrorism or the threats we experienced during the Cold War. Overcoming these threats will require a significant investment of resources and the involvement of government, industry, and the academic community.

Cybersecurity efforts today are largely focused on what is commonly referred to as cyber hygiene, which includes such activities as inventorying hardware and software assets; configuring firewalls and other commercial products; scanning for vulnerabilities; patching systems; and monitoring. While practicing good cyber hygiene is certainly necessary, it’s not sufficient. This is because these activities don’t affect the basic architecture and design of the systems that we depend on. Even if we were to achieve perfection in our cyber hygiene activities, we would still be leaving our most critical systems highly vulnerable due to our inability to manage and reduce the complexity of the technology.

Creating more trustworthy, secure systems requires a holistic view of the problem and the application of the concepts and principles of science and engineering to solve the problem. Implementing well-defined engineering-based security design principles at every level, from the physical to the virtual must be a top priority. The concepts and principles should be driven by mission and business objectives, stakeholder protection needs, and the security requirements of the individual organizations. While these solutions may not be appropriate in every situation, they should be available to those entities that are critical to the economic and national security interests of the United States including, for example, the electric grid, manufacturing facilities, financial institutions, transportation vehicles, medical devices, water treatment plants, and military systems.

Solving our cybersecurity problems will take a concerted effort on a level we haven’t seen since President Kennedy dared us to do the impossible and put a man on the moon over a half century ago. We can do it again, but the clock is ticking, the time is short, and the stakes could not be higher.
South Hall - Ballroom 3 - 5
Dr. Ron Ross photo
Dr. Ron Ross
Fellow
National Institute of Standards and Technology
Ron Ross is a Fellow at the National Institute of Standards and Technology. His focus areas include information security, systems security engineering, and risk management. Dr. Ross leads the Federal Information Security Modernization Act (FISMA) Implementation Project, which includes the development of security standards and guidelines for the federal government, contractors, and the United States critical infrastructure. His current publications include Federal Information Processing Standards (FIPS) 199 (security categorization), FIPS 200 (security requirements), and NIST Special Publication (SP) 800-39 (enterprise risk management), SP 800-53 (security and privacy controls), SP 800-53A (security assessment), SP 800- 37 (Risk Management Framework), SP 800-30 (risk assessment), SP 800-160 (systems security engineering), and SP 800-171 (security requirements for nonfederal systems and organizations). Dr. Ross also leads the Joint Task Force, an interagency partnership with the Department of Defense, Office of the Director National Intelligence, U.S. Intelligence Community, and the Committee on National Security Systems, with responsibility for the development of the Unified Information Security Framework for the federal government and its contractors.

Dr. Ross previously served as the Director of the National Information Assurance Partnership, a joint activity of NIST and the National Security Agency. In addition to his responsibilities at NIST, Dr. Ross supports the U.S. State Department in the international outreach program for information security and critical infrastructure protection. He has also lectured at many universities and colleges across the country including the Massachusetts Institute of Technology, Dartmouth College, Stanford University, the George Washington University, and the Naval Postgraduate School. A graduate of the United States Military Academy at West Point, Dr. Ross served in many leadership and technical positions during his twenty-year career in the United States Army. While assigned to the National Security Agency, Dr. Ross received the Scientific Achievement Award for his work on an inter-agency national security project and was awarded the Defense Superior Service Medal upon his departure from the agency. Dr. Ross is a four-time recipient of the Federal 100 award for his leadership and technical contributions to critical information security projects affecting the federal government and is a recipient of the Presidential Rank Award. He has also received the Department of Commerce Gold and Silver Medal Awards and has been inducted into the National Cyber Security Hall of Fame. In addition, Dr. Ross has been inducted into the Information Systems Security Association Hall of Fame and given its highest honor of Distinguished Fellow.

Dr. Ross has received numerous private sector cybersecurity awards including the Partnership for Public Service Samuel J. Heyman Service to America Medal for Homeland Security and Law Enforcement, Applied Computer Security Associates Distinguished Practitioner Award, Government Computer News Government Executive of the Year Award, Vanguard Chairman’s Award, Government Technology Research Alliance Award, InformationWeek’s Government CIO 50 Award, Billington Cybersecurity Leadership Award, ISACA National Capital Area Conyers Award, ISACA Joseph J. Wasserman Award, Symantec Cyber 7 Award, SC Magazine’s Cyber Security Luminaries, (ISC)2 Inaugural Lynn F. McNulty Tribute Award, 1105 Media Gov30 Award, and three-time Top 10 Influencers in Government IT Security.

During his military career, Dr. Ross served as a White House aide and a senior technical advisor to the Department of the Army. He is a graduate of the Defense Systems Management College and holds Masters and Ph.D. degrees in Computer Science from the U.S. Naval Postgraduate School specializing in artificial intelligence and robotics.