by Peter High, published on Forbes
Ron Ross is a Fellow at the National Institute of Standards and Technology, or NIST, a non-regulatory agency of the U.S. Department of Commerce. NIST’s mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life.
Ross’ role at NIST is in the information technology laboratory, where he leads the Federal Information Security Management Act Implementation Project. He is also the principal architect of the NIST Risk Management Framework, and leads the joint taskforce between the Department of Defense, the Intelligence Community, and the Committee on National Security Systems that developed the Unified Information Security Framework for the federal government. To my mind, he has one of the clearest and most comprehensive approaches to data security, a topic we drill down into great depth in this article. Last week at a Forbes CIO dinner in Washington, DC that I co-hosted with Forbes Managing Editor, multiple government and private sector CIOs noted how influential Ross has been on their approaches to cybersecurity. For that reason, I’m particularly excited to share some of his biggest ideas.
(To listen to an unabridged audio version of this article in podcast form, please click this link. This is the 15th article in the “IT Influencers” series. To read past interviews with Meg Whitman, Sal Khan, Sebastian Thrun, Sir James Dyson, Jim Goodnight, and Walt Mossberg among others, please click this link. To read future articles in this series, please click the “Follow” link above.)
Peter High: For those who may not be familiar, I thought we would begin with a description of your organizations, the National Institute of Standards and Technology, as well as your role in it.
Ron Ross: NIST is an organization that is part of the Department of Commerce. We are one of several bureaus within the department. NIST has three thousand scientists and engineers that work across many different laboratories, from chemistry to physics. The division that I am in – the Computer Security division – is part of the Information Technology Laboratory. We work on standards and guidelines and work closely with industry to collaborate so that the standards and guidelines that we produce are implementable and cost-effective. It is a collaborative way to do business.
High: You have talked about how our appetite for advanced technology is far exceeding our ability to protect it. I wonder if you could talk a bit about the paradigm shift that is happening, the drivers behind that appetite and what makes today different from years past.
Ross: I think what makes the world so much different today is that we are literally living through a transformation from a fully paper-based world to a digital world. Technology is moving forward at such a rapid pace. Every day we see new things with tablets, smartphones, and the Internet of Things. We are driven to the technology because it is so powerful and affordable. When you have those two things, consumers are going to buy a lot of it.
It is an exciting time to be alive because the things that we are seeing computers do today, were not anticipated five or ten years ago. It is great to be a part of this digital revolution, but with that comes some other things that can be troubling. That is where the information security part of the problem comes in.