2020 Safety, Security and International Affairs

Donna F. Dodson

Recognized as one of the nation’s premier cybersecurity experts, having helped develop the first commercially available encryption standards as well as state-of-the-art guidelines for government and industry to prevent, detect and respond to cyberattacks.   

Listen to Donna Dodson discuss her work:

As federal agencies and private industry seek to defend against millions cyberattacks on their computer networks, they frequently turn for guidance to Donna Dodson, one of the nation’s premier experts on managing and reducing cyber risks. 

“Donna Dodson has provided powerful leadership, technical direction and coalition building for new U.S. capabilities in cybersecurity in the federal government, industry and the nation,” said Charles Romine, director of the Information Technology Laboratory at the National Institute of Standards and Technology. “She is a renowned world leader in the cybersecurity field.” 

Dodson, NIST’s chief cybersecurity advisor, was instrumental in the development of the NIST Cybersecurity Framework, the seminal guide used by thousands of public and private organizations around the world to help make decisions on how to prevent, detect and respond to cyberattacks from criminal hackers and foreign governments. 

The framework not only helps organizations understand their cybersecurity threats and vulnerabilities, but also how to mitigate these risks with customized measures. The framework also offers guidance for organizations to respond to and recover from cybersecurity incidents. 

Besides the federal government, many companies have embraced the framework, including JP Morgan Chase, Microsoft, Boeing, Intel, Bank of England, Nippon Telegraph and Telephone Corporation, and the Ontario Energy Board. 

“Donna sits at the crossroads between government’s needs in cybersecurity, between government and business, and between the research community and those on the frontlines,” said Patrick Gallagher, the chancellor of the University of Pittsburgh and former director of NIST.  

Gallagher, whose institution has partnered with Dodson on cybersecurity research, said she is “an unmatched interagency, business, government broker able to help solve complicated, multiparty security challenges.” 

Dodson has worked for more than 30 years to improve the nation’s cybersecurity. She was a key member of the NIST team that established the nation’s first open and commercially available encryption standards—the core security used in commercial products to protect information, electronic commerce and personal data. 

Without these encryption standards, government and private industry systems would be more easily penetrated, according Vinton Cerf, Google’s vice president and chief internet evangelist.  

As a result of Dodson’s work, Cerf said, numerous indirect and direct cyberattacks have been prevented. 

“Donna built the trust network that made this happen,” Cerf said. 

Thanks in large measure to Dodson’s efforts, Romine said Congress and successive administrations have trusted the cybersecurity experts at NIST. 

For example, Dodson and her team offered guidance to the Obama administration when it grappled with balancing the need for strong encryption with permitting law enforcement to access encrypted devices of suspected terrorists and criminals. Dodson also was a steady hand on cybersecurity policy in 2017, when the Trump administration came into office, providing guidance to the White House and the departments of Homeland Security and Defense. 

In addition to developing the NIST Cybersecurity Framework, Dodson is the founding director of the National Cybersecurity Center of Excellence, a facility near Washington, D.C., where engineers from 40 different partner companies go to tackle major IT security problems with the help of government experts. 

For example, manufacturers of wireless infusion pumps, which administer liquids and medications intravenously to hospital patients, worried that the devices were vulnerable to hacking. Going wireless brought efficiency—nurses didn’t need to operate the devices manually—but also exposed patients to malicious intruders. 

Dodson’s team worked with the manufacturers to secure the pumps. As a result, up to 80 percent of infusion pump makers now include cybersecurity measures in the manufacturing process, drastically reducing the pumps’ vulnerability. 

In addition, the cybersecurity center, under Dodson’s direction, produced a guide on how health care organizations can protect the personal information of patients. 

Such partnerships have enabled a variety of different industries to solve some of their thorniest security problems, Romine said. And, more broadly, Dodson understands the cybersecurity needs of both government and industry, and how adopting best practices promotes economic security and innovation, he added. 

Dodson said that when she started at NIST three decades ago, a lot of the focus was on data processing issues, but with the growth of the internet and digital influence, her attention quickly turned to securely using the technology in a secure way. 

“I’m most proud of the collaboration that we have with other agencies, industry and academia, and being able to provide thought leadership for the nation in cybersecurity,” Dodson said.