NIST's Ron Ross: 'The Adversary Lives in the Cracks'SolarWinds Breach Calls Attention to Fundamental Need for Better DevSecOps
In the wake of the SolarWinds breach, Ron Ross of the National Institute of Standards and Technology has turned his attention to systems security engineering - and the reality that the adversaries are exploiting it to their advantage better than the defenders are. This disparity, Ross says, has to change.
In this video interview with Information Security Media Group, Ross discusses:
- How the adversaries "live in the cracks";
- The urgency to change defensive strategies and tactics;
- How to approach systems security engineering going forward.
Ross specializes in information security, systems security engineering and risk management. He leads NIST's Federal Information Security Management Act Implementation Project, which includes the development of key security standards and guidelines for the federal government and critical information infrastructure. Ross also leads the Joint Task Force, an interagency partnership with the Department of Defense, Office of the Director National Intelligence, the U.S. Intelligence Community and the Committee on National Security Systems, with responsibility for developing the Unified Information Security Framework for the federal government and its contractors. In addition to his responsibilities at NIST, Ross supports the U.S. State Department in the international outreach program for information security and critical infrastructure protection.