ArticlePDF Available

Cyber Resilience – Fundamentals for a Definition

DOI:10.1007/978-3-319-16486-1_31
Authors:
Fredrik Björck at Stockholm University
Fredrik Björck
Martin Henkel at Stockholm University
Martin Henkel
Janis Stirna at Stockholm University
Janis Stirna
Jelena Zdravkovic at Stockholm University
Jelena Zdravkovic
Download full-text PDF
Read full-text
Download citation

Abstract and Figures

This short paper examines the concept of cyber resilience from an organizational perspective. Cyber resilience is defined as “the ability to continuously deliver the intended outcome despite adverse cyber events”, and this definition is systematically described and justified. The fundamental building blocks of cyber resilience are identified and analyzed through the contrasting of cyber resilience against cybersecurity with regards to five central characteristics.
Figures - uploaded by Janis Stirna
Author content
All figure content in this area was uploaded by Janis Stirna
Content may be subject to copyright.
Content uploaded by Janis Stirna
Author content
All content in this area was uploaded by Janis Stirna on Dec 29, 2015
Content may be subject to copyright.
1(7)
Cyber Resiliencefundamentals for a definition
Fredrik Björck, Martin Henkel, Janis Stirna, and Jelena Zdravkovic
Stockholm University, Department of Computer and Systems Sciences, Sweden
{bjorck, martinh, js, jelenaz}@dsv.su.se
Abstract. This short paper examines the concept of cyber resilience from an
organizational perspective. Cyber resilience is defined as “the ability to
continuously deliver the intended outcome despite adverse cyber events”, and
this definition is systematically described and justified. The fundamental
building blocks of cyber resilience are identified and analyzed through the
contrasting of cyber resilience against cybersecurity with regards to five central
characteristics.
1 Introduction
Background
Starting with the 2012 World Economic Forum meeting in Davos, cyber resilience [1]
has been not only an area of growing importance for individuals, businesses and
societies, but also a concept that has gained in attention and usage.
Even though the concept is now widely used among practitioners in the information
security industry and political and business leaders in many countries, Cyber
resilience as an academic research subject is still in its infancy. As an illustration,
only 402 articles in the Google scholar index include “cyber resilience” at all and of
these only 21 articles include it in its title [2].
In order for cyber resilience to gain momentum also as an academic research subject,
it is important to define the term. Once there is a common understanding of what
cyber resilience refers to, research and education will be more efficient and effective.
Individuals, businesses and societies are in need for efficient and effective cyber
resilience, and to get there we need - among other factors - a common language.
There have been some earlier attempts to define cyber resilience, and this paper aims
to build on and integrate some of these attempts so that the fundamentals for a
definition of cyber resilience, mainly from an organizational perspective, can be
formulated.
Published by Springer
http://link.springer.com/chapter/10.1007/978-3-319-16486-1_31
2(7)
2 Cyber Resilience – a definition
This section offers a comprehensive definition of cyber resilience and examines the
suggested definition in detail:
Cyber resilience refers to the ability to continuously deliver the
intended outcome despite adverse cyber events.
This ability can be considered at different levels, as discussed by [3] (see table 1).
Each level offers its unique challenges, methods and conceivable controls in relation
to cyber resilience. Hence, the ability to continuously deliver the intended outcome
can pertain to not only to e.g. a nation, but also an organization or even a specific IT
system. Nevertheless, as will be clarified later, for cyber resilience to be effective and
efficient it needs to be addressed holistically and on several levels and in parallel.
Table 1: Cyber resilience considered at different levels
Level
Description
Example
Supranational
CR for a confederation of nations
European Union
National
CR for a country or society
Sweden
Regional
CR for a region or city
Stockholm
Organizational
CR for an organization
Company, agency, council
Functional
CR for a business function
Division, process, capability
Technical
CR for a technical system
IT system, network
The notion of continuously, means that the ability to deliver the intended outcome
should be working even when regular delivery mechanisms have failed, during a
crisis and after a security breach. The notion also denotes the ability to restore the
regular delivery mechanisms after such events [4] as well as the ability to
continuously change or modify these delivery mechanisms if needed in the face of
changing risks.
The intended outcome refers to that which the unit-of-analysis (e.g. the nation,
organization or IT system) is intended to achieve, such as the goals of a business or
business process or the services delivered by an online service.
Adverse cyber events can be caused by either acts of God or acts of man or a
combination of these (see table 2). For a more detailed discussion on classification of
such adverse cyber events and threats, see [5]. All events that negatively impact the
availability, integrity or confidentiality of networked IT systems and associated
information and services are such adverse cyber events.
This focus on adverse cyber events in relation to networked IT systems also marks
the delimitation between business resilience in general and cyber resilience in
particular.
3(7)
Table 2: Basic types of adverse cyber events
Type of event
Description
Example
Acts of God
Events caused by nature
Fire, flood, earthquake
Acts of man
Events caused by people,
intentional or unintentional
Unintentional deletion of data,
computer intrusion
In brief, cyber resilience - which can be considered at many different levels - refers to
the ability to continuously deliver the intended outcome despite adverse cyber events
caused by humans and nature.
3 Characteristics of Cyber Resilience
Let us examine the most essential characteristics of cyber resilience and thereby also
highlight the differences between cyber resilience and its sibling cybersecurity. Please
note that any given approach to cybersecurity might include components and
characteristics from cyber resilience. We distinguish five defining characteristics of
cyber resilience (table 3):
Table 3: Characteristics of Cybersecurity vs. cyber resilience
Cybersecurity
Cyber Resilience
Protect IT systems
Ensure business delivery
Fail-safe
Safe-to-fail
Apply security from the outside
Build security from within
Single layered protection
Multi layered protection
Atomistic, one organization
Holistic, network of organizations
Objective
While the general objective of cybersecurity is to protect networked IT and
information systems, cyber resilience is focused on the higher-level objective of
ensuring business delivery (table 3). Business delivery is the intended outcome of the
object in question, in other words; the value it aims to generate as conceived by
internal or external stakeholders. Consequently, a system can be said to be resilient
when it is able to deliver business value, even in the face of adverse cyber events, e.g.
by making use of alternative means of business delivery. As a result, any efforts
concerning cyber resilience must take business as its starting point rather than
information technology. For example, one way of starting a cyber resilience review is
to have a clear definition of the overall goals of the business Merrell et al. [6].
Intention
In relation to objective, intention refers to the desired properties of a system or
systems. From a security perspective, the intension is to design, or protect, systems so
4(7)
that they have the property of being fail-safe (table 3). Essentially the system should
be running as usual and be able to withstand cyber events. In addition to this it is
important for resilient systems to be able to fail in a controlled way. We refer to this
as safe-to-fail in table 3. The importance of the ability to fail in a controlled way is
evident in several methods for the design of resilient systems. For example, Linkov et
al. [7] explicitly mentions the need for systems to “adapt and recover, while the
framework from MITRE [3] refers to the similar activities “respond” and “recover”.
Thus, a resilient system needs to be, by design, able to fail.
Approach
The third defining aspect of cyber resilience is the general approach applied. A
somewhat simplified view of security is that it is applied on a system. For example,
encrypted communications can be applied on the communication between a system
and its users. A similar example is that organizations can set up separate security
teams that only deal with the protection of its systems. However, a resilience
approach would have a much more profound effect on the systems being “secured”,
leading to the need to let the resilience be an inner part of the IT systems and the
general operation of the business. Resilience simply needs to be built-in rather than an
add-on. For example, Goldman et al. [8] refers to the need to use several re-active
techniques such as alternative operations, and dynamic composition of features when
building resilient systems.
Architecture
The architecture concerns the inner structure of a system, and is expressed as the
systems constituent modules and their relationships. When it comes to resilient
systems, the architecture needs to be structured to allow for partial failure. Thus, it is
better to view the architecture as consisting of several layers of protection, rather than
constituting of a hard outer shell. Each layer should then be designed to follow the
principle of safe-to-fail as described earlier. While the use of several layers of
protection is commonly advocated when designing secure systems (see for example
Williams et al. [9]), the difference here is that the architecture should be especially
suited for the recovery of each layer.
Scope
The scope of a cyber-resilient analysis cannot only consider a single system or
organization and its immediate surroundings. The reason for this is twofold: firstly the
threat can come from any on the multitude of interconnections the system got.
Secondly, the interconnections with other systems (such as sub-suppliers) can also be
strength when it comes to the capability of the systems to recover from adverse
events. As Joseph [10] states: “If networks expose us to vulnerabilities, they also form
the basis of our resilience”. Thus, it is important to have a wide scope and examine
the network of organizations and systems that the system under study is a part of.
The increased scope forms the basis for both a vulnerability analysis and as a source
for resilience. This is captured in the following principles:
5(7)
4 Summary
The above aspects may seem fundamental, however they capture key concerns when
dealing with resilient systems and provide and way to discuss and contrast security
and resilience approaches. In one way it can be said that the concept of resilience
essentially treats adverse cyber events as a part of normal operations. The difference
to the concept of security can therefore be crucial it allows organizations to
incorporate counter measures and contingency plans as a part of what could be
considered as this new “normal” condition [11].
In table 4 we summarize the aspects of resilience, and provides a few guiding
principles on how to address resilience.
Table 4: Cyber resilience aspects and principles
Aspect
Cyber Resilience Principles
Objective
Ensure business delivery:
1) Resilience focuses on keeping business goals intact, rather than IT
systems, during adverse cyber events. Thus,
2) Resilience analysis needs to have the business as a starting point,
rather than the IT systems.
Intention
Safe-to-fail:
3) Resilient systems should be designed to be able to fail in a controlled
way, rather than being designed to solely protect against failure.
Approach
Build security from within:
4) Resilience is built into organizations and IT systems, rather than
added as separate functions or teams.
Architecture
Multi-layered protection:
5) A resilient architecture contains several layers, each capable of
protection and recovery, rather than having a single layer of
protection.
Scope
Holistic, network of organizations:
6) To manage resilience, the business and IT systems need to be viewed
as an interconnected network, rather than as a single unit of analysis
with an environment. Moreover,
7) Resilience is viewing networked interconnection of organizations
and systems as both strength and a weakness, rather just a source of
threats.
6(7)
5 Conclusion
In this paper we set out to define and analyze the concept of cyber resilience. In
particular, we describe cyber resilience in contrast to the concept of cybersecurity. A
conclusion from the analysis is that cyber resilience is business oriented, in the sense
that it aims to continuously deliver the intended business outcome despite adverse
cyber events. To contrast cyber resilience with cybersecurity we made use of five
aspects; objective, intention, approach, architecture and scope. In each of these
aspects there are a difference in how resilience and security are approached. Finally,
we have outlined as set of fundamental principles that can be applied in order to guide
initial work with cyber resilience as well as lay a foundation for a definition of the
term. Further work entails analysis and extension of existing security methods and
frameworks to cope with the aspects of cyber resilience.
References
1. Partnering for Cyber Resilience, World Economic Forum Davos, 2012. Accessed
2014-12-07.
http://www3.weforum.org/docs/WEF_IT_PartneringCyberResilience_Guidelines_201
2.pdf
2. Google Scholar Search for “Cyber Resilience”. Accessed 2014-12-07.
http://scholar.google.se/scholar?q=%22cyber+resilience%22
3. Bodeau, Deborah, and Richard Graubart, “Cyber Resiliency Engineering
Framework, MITRE Report (2011), page 37
4. Kahan, Jerome H., Andrew C. Allen, and Justin K. George. "An operational
framework for resilience." Journal of Homeland Security and Emergency
Management 6.1 (2009), page 10
5. Luiijf, H. A. M., and A. H. Nieuwenhuijs. "Extensible threat taxonomy for critical
infrastructures." International journal of critical infrastructures 4.4 (2008): 409-417.
6. Merrell, S. A., Moore, A. P., & Stevens, J. F. Goal-based assessment for the
cybersecurity of critical infrastructure.” IEEE International Conference on
Technologies for Homeland Security (HST), pp. 84-88, IEEE, (2010).
7. Linkov, I., Eisenberg, D. A., Plourde, K., Seager, T. P., Allen, J., & Kott, A.:
Resilience metrics for cyber systems. Environment Systems and Decisions, 33(4),
pp471-476, (2013).
8. Goldman, H., McQuaid, R., & Picciotto, J.: Cyber resilience for mission assurance.
In Technologies for Homeland Security (HST), 2011 IEEE International Conference
on (pp. 236-241). IEEE, (2011).
7(7)
9. Williams, Patricia AH, and Rachel J. Manheke.: Small Business-A Cyber
Resilience Vulnerability. Proceedings of the 1st International Cyber Resilience
Conference, Research Online, (2010).
10 Joseph, J.: Resilience in UK and French Security Strategy: An Anglo Saxon Bias?.
Politics, 33(4), pp253-264, (2013).
11. Kaufmann, M: Cyber-resiliens i EU, Internasjonal Politikk, 71(02), pp 274-282,
(2013).
... "Cyber resilience refers to the ability to continuously deliver the intended outcome despite adverse cyber events." [8] Diese ...
Stärkung der Cyber-Resilienz in KMU
Chapter
  • Jun 2022
Der zunehmende Einsatz digitaler Technologien stellt viele Unternehmen vor dem Hintergrund einer angespannten IT-Sicherheitslage vor große Herausforderungen. Das Bewusstsein für Anforderungen und Maßnahmen im Kontext Informationssicherheit wächst zwar kontinuierlich, es besteht jedoch weiter Handlungsbedarf bei den Unternehmen, insbesondere bei kleinen und mittleren Unternehmen (KMU). In diesem Beitrag werden Ergebnisse des Forschungs- und Transferprojektes GrundschutzPLUS Aktivator vorgestellt. Ziel des Projektes ist es, auf Grundlage eines ontologiebasierten Security Management Prozesses die Cyber- Resilienz produktionsnaher KMU zu stärken.
... Objective, intention, approach, architecture, and scope are the five aspects of cyber resilience identified by [19]. According to them, the objective consists in ensuring business delivery, so they recommend keeping business goals intact, rather than IT systems, during adverse cyber events. ...
Digitalization Capabilities for Sustainable Cyber Resilience: A Conceptual Framework
Article
Full-text available
  • Nov 2021
Digital transformation is currently an essential condition for companies to operate in most markets, since it provides a whole new set of competitive skills and strategic tools. On the other hand, the same digitalization puts companies in the face of a whole new series of threats coming from the cyber space. The foundation of business sustainability, which is the maintenance of competitiveness while securing business, is no longer a “plus” feature or a captivating sentence but a true and consistent need for all organizations. This article provides a literature analysis on approaches and models for cyber resilience, digitalization capabilities, and a conceptual framework showing how digitalization capabilities drive cyber resilience. Digitalization capabilities are involved in the plan/prepare phase and in the adaptation phase of the cyber resilience process. In particular, online informational capabilities can drive both these phases. Other capabilities such as the employment of heterogeneous resources and the promotion of continuous learning drive the plan/prepare phase, while the scanning of the evolution of the digital environment and a timely reconfiguration of resources drive the adaptation phase.
... The publication of Presidential Policy Directive 21 (PPD-21/2013) [1] commissioned by past U.S. President Barack Obama, introduced the concept of resilience as "the ability to prepare for and adapt to changing conditions and withstand and recover rapidly from disruptions. Resilience includes the ability to withstand and recover from deliberate attacks, accidents, or naturally occurring threats or incidents", which was used to coin the new term of cyber-resilience as "the ability to continuously deliver the intended outcome despite adverse cyber events" [2]. ...
OT Cyber Security Frameworks Comparison Tool (CSFCTool)
Conference Paper
  • Apr 2021
... It could be said that cyber resilience is the intersection of information security, business continuity and organisational resilience. According to most definitions, cyber resilience incorporates the ability to prepare, withstand, recover and adapt to stresses, attacks or compromises on cyber resources (Bodeau and Graubart, 2017;Larkin et al., 2015;Björck et al., 2015). ...
Cybersecurity, our digital anchor : a European perspective
Book
Full-text available
  • Jan 2020
The Report Cybersecurity – Our Digital Anchor brings together research from different disciplinary fields of the Joint Research Centre (JRC), the European Commission's science and knowledge service. It provides multidimensional insights into the growth of cybersecurity over the last 40 years, identifying weaknesses in the current digital evolution and their impacts on European citizens and industry. The report also sets out the elements that potentially could be used to shape a brighter and more secure future for Europe’s digital society, taking into account the new cybersecurity challenges triggered by the COVID-19 crisis. According to some projections, cybercrime will cost the world EUR 5.5 trillion by the end of 2020, up from EUR 2.7 trillion in 2015, due in part to the exploitation of the COVID-19 pandemic by cyber criminals. This figure represents the largest transfer of economic wealth in history, more profitable than the global trade in all major illegal drugs combined, putting at risk incentives for innovation and investment. Furthermore, cyber threats have moved beyond cybercrime and have become a matter of national security. The report addresses relevant issues including: • Critical Infrastructures: today, digital technologies are at the heart of all our critical infrastructures. Hence, their cybersecurity is already – and will become increasingly – a matter of critical infrastructure protection (see the cases of Estonia and Ukraine). • Magnitude of impact: the number of citizens, organisations and businesses impacted simultaneously by a single attack can be huge. • Complexity and duration of attacks: attacks are becoming more and more complex, demonstrating attackers’ enhanced planning capabilities. Moreover, attacks are often only detected post-mortem1. • Computational power: the spread of malware also able to infect mobile and Internet of Things (IoT) devices (as in the case of Mirai botnet), hugely increases the distributed computational power of the attacks (especially in the case of denial of services (DoS)). The same phenomenon makes the eradication of an attack much more difficult. • Societal aspects: cyber threats can have a potentially massive impact on society, up to the point of undermining the trust citizens have in digital services. As such services are intertwined with our daily life,
Modelling cyber resilience in a water treatment and distribution system
Article
Full-text available
Considering the increasing introduction of cyber-physical systems in modern industrial plants, the analysis of systems’ performance pushes for developing a cyber resilience perspective to complement a traditional physical resilience assessment. This point of view becomes central for critical infrastructures, considering the potential societal and economic consequences a disruption may have. This work provides a cyber-resilience simulation-based assessment for a seawater desalination plant and its connected distribution system. For this purpose, a digital twin has been developed. It integrates a MATLAB/Simulink model of the reverse osmosis treatment plant with a georeferenced water distribution network designed in EPANET. Four stochastic cyber resilience metrics have been proposed and computed to assess the impact of a successful replay cyber attack. The results exemplify the benefits of cyber-physical simulations to understand the behavior of modern water treatment plants, to identify system's criticalities, and eventually to support decision making by identifying hotspots and prioritizing mitigating actions.
Managing Uncertainty and Complexity: Emerging Challenges in Cyber Security
Chapter
  • May 2022
Uncertainty and complexity are two key issues to understand and explore in the current digital context. The management of these two issues becomes relevant for cyber security as the increase in connectivity and convergence of technologies creates not only opportunities for organizations and nations, but also spaces of instability and disruption that must be identified, anticipated and addressed. Therefore, this paper presents some concrete proposals to manage uncertainty and complexity in order to break the status quo of certainties and assume instability and volatility as natural sources in strategic and tactical decision making for both security/cyber security professionals and executives of companies and nations.
An exploratory study of organizational cyber resilience, its precursors and outcomes
Article
  • May 2022
Porušení bezpečnosti osobních údajů v kontextu internetu věcí
Book
  • Jan 2021
The goal of this research was to assess, if the current legal framework of obligations related to personal data breach under GDPR are purposefully applicable also in the context of internet of things and if so, then which changes can help to overcome eventual discovered challenges or obstacles to it. This issue is studied from four perspectives. The introduction to the topic is from the cyber security perspective. The term personal data breach is defined and explained in relation to the term security incident. Next are presented possible forms of personal data breach, offered evidence for the scope and frequency of this phenomenon and outlined the future trend of its development. Pursuant to that the potential harm for individuals from personal data breach is explained. After that, the topic is approached from the legal perspective. Within it is presented a comprehensive analysis of the legal frameworks with obligations aimed at prevention or mitigation of personal data breach in the EU, as well as in the United States. These are then discussed with the aim to identify challenges and limits applicable to them. The next chapter introduces the impact of technological change of the context, which is defined by the term internet of things. The attention is focused on the new challenges, which are brought by it to personal data processing. The variety of situations, which fall under this term, is captured through three partial scenarios: automated machine-to-machines communication, smart city environment and change in the role of microenterprises. These views are completed with an economic perspective. This is used for modelling the decision-making of the obliged parties regarding their compliance with the obligations related to personal data breach. Subsequently, the presented perspectives are merged, the obtained findings regarding personal data breach in the context of internet of things are summarized and then the possible solutions for the discovered challenges of compliance with the respective obligations are discussed.
Boosting Cyber-Physical System Security
Article
  • Jan 2021
Although automation and digital connectivity provide substantial capabilities for boosting efficiency as solutions are introduced in the Industry 4.0 environment, they also spawn a multitude of risks arising from cyberattacks, which affect process stability (safety) and IT security (security). Automation projects currently lack standards for the protection of automated systems, the exchange of data, and performance monitoring in the end-to-end process chain (e.g. container terminals) in critical infrastructures. This paper describes the process model developed in the AUTOSEC research project, which was employed to derive actions and security mechanisms that boost IT security and fend off cyberattacks on IT-systems. The approach developed in this project was prototyped and evaluated in a demonstrator in an automated solution.
Digital Inclusion in Mediated Peace Processes: How Technology Can Enhance Participation
Article
Full-text available
  • Sep 2020
Inclusion in peace processes is conventionally understood in “offline” terms, such as being physically present at the negotiation table. However, digital technology can support a mediator’s efforts to integrate a broad variety of perspectives, interests, and needs into a peace process. This report explores the current and future practice of digital inclusion, giving a framework for understanding the possibilities and risks, and providing examples of practical ways digital technologies can contribute to mediated peace processes.
Resilience metrics for cyber systems
Article
Full-text available
  • Dec 2013
As federal agencies and businesses rely more on cyber infrastructure, they are increasingly vulnerable to cyber attacks that can cause damages disproportionate to the sophistication and cost to launch the attack. In response, regulatory authorities call for focusing attention on enhancing infrastructure resilience. For example, in the USA, President Obama issued an Executive Order and policy directives focusing on improving the resilience and security of cyber infrastructure to a wide range of cyber threats. Despite the national and international importance, resilience metrics to inform management decisions are still in the early stages of development. We apply the resilience matrix framework developed by Linkov et al. (Environ Sci Technol 47:10108–10110, 2013) to develop and organize effective resilience metrics for cyber systems. These metrics link national policy goals to specific system measures, such that resource allocation decisions can be translated into actionable interventions and investments. In this paper, a number of metrics have been identified and assessed using quantitative and qualitative measures found in the literature. We have proposed a generic approach and could integrate actual data, technical judgment, and literature-based measures to assess system resilience across physical, information, cognitive, and social domains.
Extensible threat taxonomy for critical infrastructures
Article
Full-text available
  • Sep 2008
The European Union-sponsored project Vital Infrastructure Threats and Assurance (VITA) has the objective of exploring and showing new paths in Critical Infrastructure Protection (CIP) R&D. This paper describes one of VITA's results: the idea and the development of a novel extensible and generic threat taxonomy for Critical Infrastructures (CIs). Over 300 threats have been categorised. The threat taxonomy makes a sharp distinction between threats, threat cause categories (nature, human or both) and human intent. It is shown that activism, sabotage and terror threats should be regarded as an expression of human intent combined with other existing threats. The taxonomy helps to select in a balanced way all the all-hazard threats which may threaten existing CIs.
Small Business - A Cyber Resilience Vulnerability
Article
Full-text available
  • Mar 2012
Small business in Australia comprise 95% of businesses. As a group this means that they contain increasing volumes of personal and business data. This creates escalating vulnerabilities as information is aggregated by various agencies. These vulnerabilities include identity theft and fraud. The threat environment of small business is extensive with both technical and human vulnerabilities. The problem is that the small business environment is being encouraged to adopt e-commerce by the government yet lacks resources in securing its cyber activity. This paper analysed the threats to this situation and found that questions of responsibility by individual businesses and the government are fundamental to the protection of small businesses information. Ultimately this raises the possibility of an undefined and unrecognised major vulnerability for Australia.
Cyber-resiliens i EU
Article
Resilience in UK and French Security Strategy: An Anglo-Saxon Bias?
Article
The idea of resilience is increasingly prominent across a wide range of policy areas. This contribution looks at the emergence of resilience in UK security discourse and compares this with the situation in France. It argues that although the term is being debated in France, it is considered to be an Anglo-Saxon import. This article suggests that use of the idea of resilience has more to do with particular forms of governance than with security. It develops this argument through the idea of neoliberal governmentality.
Cyber resilience for mission assurance
Article
  • Nov 2011
Our national security and critical infrastructure sectors have become increasingly dependent on commercial information systems and technologies whose pedigree is uncertain given the globalization of the supply chain. Furthermore, these system architectures are brittle and fail or are compromised when subjected to ever-increasingly advanced and adaptive cyber attacks, resulting in failed, disrupted or compromised mission operations. While we must continue to raise the bar to protect mission critical systems from these threats by implementing best security practices, the current philosophy of trying to keep the adversaries out, or the assumption that they will be detected if they get through the first line of defense, is no longer valid. Given the sophistication, adaptiveness, and persistence of cyber threats, we can no longer assume that we can completely defend against intruders and must change our mindset to assume some degree of adversary success and be prepared to “fight through” cyber attacks to ensure mission success even in a degraded or contested environment. This paper will focus on actionable architectural and operational recommendations to address the advanced cyber threat and to enable mission assurance for critical operations. These recommendations can create transformational improvements by helping to reverse adversary advantage, minimize exploit impact to essential operations, increase adversary cost and uncertainty, and act as a deterrent. These approaches go well beyond traditional information assurance, disaster recovery and survivability techniques. The approaches and strategies to be discussed include creative applications of trust technologies and advanced detection capabilities in conjunction with combination of techniques using diversity, redundancy, isolation and containment, least privilege, moving target defense, randomization and unpredictability, deception, and adaptive management and response.
An Operational Framework for Resilience
Article
There is growing interest in the subject of resilience on the part of President Obama's Administration, as well as lively discussion regarding this issue in academic, business, and governmental circles. This article offers an operational framework that can prove useful to the Department of Homeland Security (DHS) and stakeholders at all levels, both public and private, as a basis for incorporating resilience into our infrastructure and society in order to make the nation safer.Three interrelated, mutually reinforcing objectives or end-states shape the approach to resilience: resistance, absorption, and restoration. If these objectives are realized as part of applying practical programs to critical systems and key functions, then these systems and functions will reflect resilience features appropriate to their individual needs.Resilience needs to be planned in advance—before systems are damaged and undesired consequences occur. Such planning can be challenging, given the different interpretations currently attached to “resilience," and the complexity inherent in the concept. Planners need to account for the fact that resilience is both broad and deep. It encompasses “hard" systems (such as infrastructure and assets) as well as “soft" systems (such as communities and individuals).A visually direct technique for assisting resilience planners is to establish a “resilience profile" for key functions within critical systems. Such a profile is delimited by three design parameters: function, latency limit, and minimum performance boundary. Investment strategies can be developed using these profiles to identify cost-effective ways and means to incorporate resilience capabilities across the homeland security mission spectrum for the system in question. Solutions need to be practiced and tested.Operationalizing the resilience framework presented in this article will not be easy. The potential payoff, however, in terms of the enhanced economic, individual, and societal security that such resilience provides can be immense.
Goal-Based Assessment for the Cybersecurtiy of Critical Infrastructure
Conference Paper
  • Nov 2010
Undertaking a comprehensive cybersecurity risk assessment of the networks and systems of a single infrastructure, or even a single organization of moderate size, requires significant resources. Efforts to simplify the assessment instrument usually obscure the ultimate goal of the assessment and the motivations for the assessment questions. This can make it difficult for assessors to justify the questions and can undermine the credibility of the assessment in the eyes of the organizations assessed. This paper describes the use of assurance cases to help address these problems. Viewing an assessment approach in terms of an assurance case clarifies the underlying motivation for the assessment and supports more rigorous analysis. The paper also shows how the assurance case method has been used to guide the development of an assessment approach called the Cyber Resilience Review (CRR), developed for the U.S. Department of Homeland Security.
Cyber Resiliency Engineering Framework
  • B Deborah
  • R Graubart
Cyber Resiliency Engineering Framework
  • Jan 2011
  • 37
  • Deborah Bodeau
  • Richard Graubart
Bodeau, Deborah, and Richard Graubart, "Cyber Resiliency Engineering Framework", MITRE Report (2011), page 37