GCN Government Executive of the Year: Ron Ross


Government Executive of the Year: Ron Ross

Ron Ross got his start in cybersecurity by accident. The West Point graduate served in many leadership positions during his 20-year Army career. In the early 1980s, while still in the military, he attended graduate school to learn about artificial intelligence and robotics. He earned a master’s degree in 1982 and a Ph.D. in 1989 in computer science from the Naval Postgraduate School in hopes of joining a group of military officers familiar with robotic vehicles.


Celebrating IT excellence

Ten public sector IT systems, including federal projects to expand digital services to users on global scale as well as local government apps designed to streamline citizens' online experiences, were named winners of the 2015 GCN Awards for IT excellence. Read more.

But the day before Ross was to start his new assignment, he found out that the person currently in the robotics position would be staying for another year. Ross talked to his buddies, and they suggested he try the National Security Agency. He joined NSA in 1990.

“I didn’t know anything about computer security at that time, but I had my two advanced degrees,” Ross told GCN. “So I had a good grounding in the fundamentals of the system and software.”

He said he read everything he could about computers, and “I just fell in love with the field. It was such a fascinating area because back in 1990 computers were important but nowhere near as important as they are today.”

Today, of course, IT is woven into everything from weapons systems and power plants to the banking system and government records. And Ross is on the cutting edge of keeping all that technology safe in his current role as a fellow at the National Institute of Standards and Technology and leader of the Federal Information Security Management Act implementation project.

He’s the main architect of the Risk Management Framework, a multi-tiered methodology for agencies to integrate FISMA standards. FISMA is the first unified system of security standards and guidelines to protect the federal government from cyberattacks. Ross also co-authored NIST Special Publication 800-160, which provides security engineering guidelines for federal agencies and the private sector. The first draft debuted in May 2014, and the second is expected by December of this year.

Ross compared building stronger computer systems to building stronger airplanes or bridges. “We have confidence because we trust that competent people designed the bridge and the airplane,” he said. “That’s what we’re trying to achieve in this new publication — helping people get the same kind of confidence in the systems and software they deploy in their day-to-day lives.”

Another major challenge for cybersecurity is protecting the Internet of Things. Ross raised eyebrows in April when he said the IoT might be indefensible, but he said there are ways to design systems to control the complexity.

“It’s not a hopeless situation,” he told GCN. “We may have to hang on and be trailing that technological revolution, but we’re going to be close behind.”

Although all the facets of cybersecurity can be overwhelming, Ross said that the key is having a vision and knowing the steps to achieve it. In the military, he learned to divide huge tasks into smaller, more manageable ones. And as a big NASCAR fan who watches races on TV and at the track whenever he can, he views the sport as “the perfect metaphor for cybersecurity — drivers operating at high speed in a threat-laden environment.”

He said his most satisfying accomplishment so far is being able to give back to the military and intelligence communities through the Joint Task Force, an interagency partnership among NIST, the Defense Department, the intelligence community and the Committee on National Security Systems.

When Ross arrived at NIST, the intelligence community and the Defense Department each had their own set of cybersecurity standards. Through the task force, he helped create the Unified Information Security Framework so everyone could focus on their jobs. Today, NIST continues to lead that effort.

“To be able to give back…it’s just very gratifying,” Ross said. “NIST allows you to do the work you love to do. I’ve been doing it a long time, and I still love doing it.”

About the Author

Bianca Spinosa is an Editorial Fellow at FCW.

Spinosa covers a variety of federal technology news for FCW including workforce development, women in tech, and the intersection of start-ups and agencies. Prior to joining FCW, she was a TV journalist for more than six years, reporting local news in Virginia, Kentucky, and North Carolina. Spinosa is currently pursuing her Master’s degree in Writing at George Mason University, where she also teaches composition. She earned her B.A. from the University of Virginia.

Click here for previous articles by Spinosa, or connect with her on Twitter: @BSpinosa.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected