David Mussington is a senior fellow with CIGI’s Global Security & Politics Program, effective August 2016. David works on issues centered around cybersecurity, cyberdefense and cybercrime.
David is also a Professor of the Practice and Director at the University of Maryland`s Center for Public Policy and Private Enterprise. From 2014-2016, David served as an Assistant Director of the Information Technology and Systems Division at the Institute for Defense Analyses (IDA). While at IDA, he led innovative projects on cyberspace operations, cyber doctrine and collective defense strategy for NATO, conducted the first evaluation of cybersecurity information sharing programs for the US Department of Homeland Security (DHS) and directed an analysis for the Office of the Director of National Intelligence (ODNI) of federal information security reporting standards and metrics.
In addition, he led studies for the Federal Communications Commission (FCC) on Cybersecurity reporting, consulted on cyber norms of armed conflict for the Office of the Secretary of Defense, and worked on cybersecurity R&D priorities for the White House Office of Science and Technology Policy.
In 2014, Dr. Mussington led a cybersecurity gap analysis and strategy study for the Bank of Canada – Canada’s central bank. As a consulting chief information security officer (CISO), he produced that institution’s first cybersecurity strategy, completed a cybersecurity gap analysis and risk remediation program, and gained funding and support from the Bank’s governors for a multi-year cyber risk mitigation initiative.
From 2011-2013, Dr. Mussington worked at the White House on the Obama Administration National Security Council Staff as Director for Surface Transportation Security Policy. During this time, he had oversight over DHS, TSA, and Pipeline and Hazardous Materials Safety Administration (PHMSA) critical infrastructure protection plans and programs in passenger and freight rail, pipelines, ports and mail and shipping, and chemical facilities hazardous materials safety. He participated in cyber and cyber-physical risk management policymaking and planning.
In 2010, Dr. Mussington was appointed to the Federal Senior Executive Service (SES), and assigned as Senior Advisor for Cyber Policy in the Office of the Secretary of Defense. At OSD he led development of the first department wide enterprise cybersecurity strategy – the Defense Strategy for Operating in Cyberspace - signed by former Secretary of Defense Robert Gates in July of 2011.
From 2006-2010, Dr. Mussington served in leadership roles at the Office of Inspector General, and as Chief of Corporate Security at the National Railroad Passenger Corporation (Amtrak), where he oversaw critical infrastructure programs and policy – designing the 2009 American Recovery and Reinvestment Act (Recovery Act) – that programmed over $450 Million in infrastructure protection capital projects.
From 1995 to 2006, Dr. Mussington was a Political Scientist at RAND Corporation, leading projects on information assurance, cybercrime, infrastructure protection and countering terrorist use of the Internet. Dr. Mussington conducted Post Doctoral research at the Belfer Center for Science and International Affairs, Harvard University. He participated in the Cooperative Denuclearization project under the leadership of Dr. Ashton Carter. This project was the foundation of the US Government’s Cooperative Threat Reduction Program in Russia and the former Soviet Union.
He has also held post-doctoral appointments at the International Institute for Strategic Studies, and at the Center for Non Proliferation Studies of Middlebury College at Monterey. He holds a PHD in Political Science from Carleton University, a B.A. and M.A. in Economics and Political Science from the University of Toronto, and earned a Certified Information Systems Security Professional (CISSP) credential from ISC2.