Her peers and bosses credit her with a powerful role in establishing the highly-regarded Cybersecurity Framework developed by the National Institute of Standards and Technology. They call her a world leader in cybersecurity. Now she’s a finalist in this year’s Service to America Medals program. Donna Dodson joined Federal Drive with Tom Temin.
Insight by GitLab: During this webinar executives from the State Department, U.S. Securities and Exchange Commission, U.S. Patent and Trademark Office and GitLab will discuss how institutionalizing a DevSecOps approach to software development is a journey that must bring together the technology and business sides to change an organization’s culture.
Tom Temin: Ms. Dodson, good to have you on.
Donna Dodson: Thanks so much for having me today.
Tom Temin: And we should point out that you were the chief cybersecurity adviser to NIST in the computer lab. And I say “were” because just recently you have retired, true?
Donna Dodson: That is correct. I retired from the federal government and from 30-plus year career at NIST two weeks ago.
Tom Temin: Wow. Well, you’re still a finalist in the Service to America Medals program. So we’re glad to have you on. Retirees have have a warm place in our hearts around here. Tell us about your career. You were a cyber person before it got to be on everybody’s lips.
Donna Dodson: That is correct. I have been in the cybersecurity space for over 30 years, at a time when we didn’t have CIOs and CISOs. Cybersecurity was not the strong discipline that we have today. So it’s been a very exciting career. And I’m so pleased and proud to be part of the Sammies program this year.
Tom Temin: And you and I are talking on your landline. And there was a time when landline telephones were the way that cyber hackers got into mainframe computer systems. I think it all started maybe 40 years ago with a man who could imitate the sound of touch tones and figure out how to get in and all of this. Does it ever amaze you how far this has all come?
Donna Dodson: I am always impressed with the advances and the opportunities that technology has brought to our lives every day to make our lives richer, and really to provide capabilities that many people couldn’t even imagine 40 years ago. And the opportunity from my career at NIST to help protect that change that we’ve had to this digital infrastructure has been incredibly rewarding.
Tom Temin: Tell us how the Cybersecurity Framework, how the idea came about and how the development happened, because it really has become a touchstone for I think every federal agency and many, many large organizations outside of government.
Donna Dodson: The cybersecurity framework has been adopted by large and small organizations in industry and government, including local, state, national governments and really been accepted internationally. And I think the reason for the development of the framework was through that development process led to its success. As we think about public-private partnerships with industry, academia and government agencies, we see the opportunities that they bring to create a strong infrastructure for all of us to use together. The cybersecurity framework is one example of those important public-private partnerships. We worked with industry and academia, across the nation and really around the world in the development of the framework. And I think by convening and having that technical expertise that NIST brought to the table, made a very big difference in terms of it being accepted worldwide.
Tom Temin: We’re speaking with Donna Dodson. She’s the recently retired chief cybersecurity adviser at NIST. And as the cybersecurity adviser, what did you actually do, as opposed to someone that might have written down all of the controls and so forth that go into those frameworks?
Donna Dodson: So collectively, we all helped to write those controls, from the technical folks to the different business sectors. We worked collaboratively. And I had the great privilege to help lead the team at NIST in the development of the framework. But really, for the NIST folks, it was an opportunity to listen to the requirements that industry and government needed as they thought about protecting their individual infrastructures and then how to be able to talk to others in their supply chain and across the technology infrastructures. So for us it started by listening to those requirements, and then bringing our experience in our expertise in cybersecurity risk management. As well as our experience and expertise in other technical areas to bear as we develop the framework and bringing it out in a way that we could communicate to others and use it as a communications tool, as well as a technical tool to help protect in organizations infrastructures.
Tom Temin: And I get the sense that the almost collegiate type of atmosphere at NIST, which is very different from a lot of federal agencies, was really a contributing factor into the success of this group. I think of some of the other people I’ve talked to over the years there. The great Ron Ross, Doug Maugham – I mean, you’ve got quite a crew there in the cybersecurity and in the computer laboratory. Is that a factor? Has that been a factor in your view?
Donna Dodson: It certainly is a factor. NIST has the world’s technical experts in in many areas. However, the way NIST has always designed its work is around inclusivity. You know, we have four core principles at NIST around integrity excellence inclusivity. And as we look at these, and we persevere, which is our fourth one, to meet the requirements that were laid out in projects and programs, and you can see this in the development of the framework, I think that inclusivity is critical as we need to work with industry since industry owns most of the infrastructure that we all need to protect, in order to protect our individual applications, in order to protect our individual environments within an organization. So bringing those skills to bear really made a huge difference in the development of the Cybersecurity Framework, but we can’t forget the importance of the private sector participation and the way the private sector rolled up its sleeves to come to the table and work. And I think when you bring both government and industry experts to the table, from the technical perspective and the business perspective, we can make great strides. And we see this in that public-private partnership in the development of the Cybersecurity Framework.
Tom Temin: And of course, nobody can work forever. But if you had another five years in your career, what would you have done next? What do you think is the next round of development in the cybersecurity struggle?
Donna Dodson: I think, again, we all need to be collaborating and working together. I think we need to take a look at cybersecurity at supply chain risk management and also thinking about privacy and privacy risk management, which is an endeavor that we took on shortly before I left NIST with the development of the privacy framework. The fourth pillar there for success is a workforce that is engaged and thinking about cybersecurity and privacy as they develop this digital infrastructure. So I think all four of those areas has tremendous impact on the platform that we need today to protect our environments and that platform for innovation for tomorrow.
Tom Temin: Donna Dodson is the recently retired chief cyber security adviser to NIST, and a finalist in this year’s Service to America MeDals program. Thanks so much for joining me.
Donna Dodson: Thank you so much for having me. I hope everyone stays safe and I look forward to friendship and fellowship in the in the future as we break through the challenges in cybersecurity and we continue to work on these challenges together.
Tom Temin: All right. We’ll post this interview and a link to more information at www.FederalNewsNetwork.com/FederalDrive. Hear the Federal Drive on demand and on your device. Subscribe at Apple Podcasts or Podcastone.