Dr. Ron Ross: Well, there is a brand new one that we just started about three or four months ago. It has to do with the other side of the security problem. We talked about continuous diagnostics and mitigation.
JIm Flyzik: Right.
Dr. Ron Ross:[Continuing] I talk about the problem of cyber as an “above the water line” discussion and a “below the water line”. So, in the CDM program, we are talking about managing assets, patching our systems as fast as we can, configuring our components – that’s all stuff that happens above the water line. But, a lot of the real problems that we have in cyber are below the water line. This gets to the quality and the development of hardware, software, firmware and systems. So we have a new publication that is on the street now and in draft. It’s the special publication 800–160. It’s a system security engineering guideline. So what we’re trying to do there is, to get to the “build it right” part of the problem. The strategy “build it right”, then “continuously monitor” – those two things taken together are going to really help us button down the infrastructure. Build it right – to begin with, make sure that we deploy the most trustworthy systems we possibly can.
JIm Flyzik: Right.
Dr. Ron Ross:[Continuing] It is going to make continuous monitoring a whole lot more effective. So this publication talks about what are the best practices in developing more trustworthy, more highly assured software. I equate it to building a bridge or flying an airplane. We have physics involved in bridge building…
JIm Flyzik: Right.
Dr. Ron Ross:[Continuing] …and engineering involved in airplane development and we trust those things implicitly.
JIm Flyzik: Right.
Dr. Ron Ross:[Continuing] We need to bring that same type of thing into our cyber security business…
[END OF VIDEO] [00:01:28]
…Read more
Less…