NIST Fellow Ron Ross Discussed Critical Infrastructure in Cotton Cyber Lecture

Ron Ross

Ron Ross gave the second Hood College Cotton Cyber Lecture on Oct. 18. He discussed numerous aspects of cybersecurity and critical infrastructure and how nearly everybody is affected.

Ron Ross




Fellow, National Institute of Standards and Technology

By Tommy Riggs

Ron Ross, Ph.D., gave the second Hood College Cotton Cyber Lecture on Thursday night. In his talk, titled “Rethinking Cybersecurity from the Inside Out,” he discussed numerous aspects of cybersecurity and critical infrastructure and how nearly everybody is affected.

“Today, the digital world is affecting everybody in every walk of life,” he said. “Federal, state, local, private sector, international—because we’re all using computing technology.”

Ross is a fellow at the National Institute of Standards and Technology (NIST). His focus areas include information security, systems security engineering and risk management. He leads the Federal Information Security Modernization Act (FISMA) Implementation Project, which includes the development of security standards and guidelines for the federal government, contractors and U.S. critical infrastructure.

Students from the cybersecurity programs at Frederick Community College, Mount St. Mary’s University and Hood College were at the talk. The three schools have an agreement to provide a seamless transition from an associate degree at FCC to a bachelor’s degree at the Mount, to a master’s degree at Hood.

According to Ross, there are three main focuses of cybersecurity—hardening the target, limiting damage and resiliency. Hardening the target means putting security measures in place to make it less susceptible to cyber attacks, such as passwords and firewalls. However, 10 percent of cyber attacks will breach the first layers of defense. If the attack penetrates the initial barriers, there must be systems in place to limit the damage. For example, the most important information must be behind extra layers of security, like having bank records in a safe inside a locked house. Finally, targets must be resilient—they must be capable of functioning in a degraded state. If an attack aims to shut down a power plant, the most critical parts of the plant must be able to function even if 50 percent of the plant is down.

“When it’s all wrapped together as part of a coordinated, realistic strategy—that’s what you’re going to learn here in these cybersecurity programs (at FCC, the Mount and Hood),” he said. “You’re going to learn more than just being a Microsoft network engineer—you can get a certificate for that, and that’s good. But you all are going to understand how these systems are built. You’re going to ask the important questions. You’re going to be critical thinkers. You’re going to be the ones who come forward and design solutions we can trust in the future. That’s why you picked the right program, and that’s why you picked the right school. You are going to be part of the solution.”

Ross stressed that the cybersecurity field isn’t just for people interested in coding and network systems.

“Cybersecurity is going to draw on many disciplines—mathematics, computer engineering, software engineering, computer science,” he said. “If you’re not into the bits and bytes, you can be in the policy end of the house because cybersecurity has a place for everybody. You have to find your niche.”

The Cotton Cybersecurity Lecture Series is made possible by a generous gift from John C. and Janet Hobbs Cotton ’59 and brings nationally and internationally recognized leaders in cybersecurity to Hood College to speak.

There is an expected 100 percent employment rate in cybersecurity through 2021. Globally by 2019, there will be demand for an estimated 6 million jobs in cybersecurity. In 2017, there were 350,000 cybersecurity job opening in the U.S. alone.