Cyber resiliency is the ability to maintain mission assurance despite being faced with adversity via cyber threats. It is critical to incorporate it at all levels of your organization, from mission or business function level to organizational level, sector level and system level. When broken down, cyber resiliency is found at the intersection of Active Cyber Defense, Zero Trust and DevSecOps:
- Active Cyber Defense= Proactive, not reactive cybersecurity to include disrupting the attacker and/or raising the cost of the attacker while simultaneously minimizing the cost of the defender
- Zero Trust= Trust no one; assume everyone is a potential hacker and therefore give zero trust/permissions until further verified, then continue verifying and adjust access accordingly
- DevSecOps= Security is incorporated into every aspect of the development lifecycle
Through the confluence of these three approaches, cyber resiliency is easily attainable. Cyber resiliency includes concepts, constructs, engineering practices, and solutions for better risk management practices to be used across systems and organizations alike. Cyber resiliency must be implemented throughout system life cycle processes. According to NIST 800-160 V2 guidance, there are four main goals to achieving cyber resiliency: Anticipate, Withstand, Recover and Adapt. These goals – properties, behaviors, best practices – are fundamental to developing and maintaining cyber resilient systems.
NIST also emphasizes the aspect of trust:
“The concern for cyber resiliency focuses on aspects of trustworthiness—in particular, security and resilience—and risk from the assurance against determined adversaries (e.g., the advanced persistent threat).”
Cyber resiliency combines technologies, architectural frameworks, systems engineering processes, and operational processes to solve problems, meet stakeholder needs, and overall reduce risk to disrupting critical missions in the presence of cyber-attacks, including the Advanced Persistent Threat (APT).
“Cyber Resilience is the emergence of the 6th generation of Cybersecurity,“ said Dr. Allen Harper, EVP of Cybersecurity at T-Rex. “First came the concept of perimeter defense, in the mid 1990’s. Next, came defense in depth, in 2000. Shortly thereafter, Congress passed FISMA which requires continuous monitoring. Around 2014, the DoD and Intel communities began to discuss the concept of Active Cyber Defense (ACD). Since then, Zero Trust and DevSecOps have become more prominent. Now, in 2021, the concept of Cyber Resilience is bringing them all together.”
How can you ensure your systems remain cyber resilient? Start with these four goals:
Anticipate threats before they escalate. Be sure your organization is always prepared for adversity. Adversity in the cyber world, as stated in NIST 800-160 V2, “specifically includes stealthy, persistent, sophisticated, and well-resourced adversaries (i.e. the APT) who may have compromised system components and established a foothold within an organization’s systems.” Protect your organization through cyber situational awareness.
Despite adversity, it is important to withstand all essential mission/business functions throughout. How can your organization continue to function with minimal disruption? This is the primary purpose of this goal. Despite adversarial attacks, the mission must continue.
During or after adversity, recover from any damage that may have occurred to mission/business functions. It is critical to take the necessary steps to recover your systems from any damage that has occurred, whether large-scale or small-scale.
The threat landscape is constantly evolving. To keep up the pace, your cyber resiliency must be adaptive to changes in threat environments, technical or operational. Once you are faced with adversity, you must reconsider your approaches and adapt your methods to better predict and conquer what is yet to come.
As hackers continue to advance, IT organizations and Federal agencies alike must continue to adapt our cybersecurity strategies to maintain cyber resiliency. While traditional cybersecurity methods are centered on prevention of threats, a cyber resilient approach assumes the system will be compromised, placing increased focus on the four goals: Anticipate, Withstand, Recover and Adapt. With this assumption that the APT can always find a way in, we are better able to prepare ourselves for if/when we are faced with adversity.
For more timely and up-to-date content, subscribe to our monthly newsletter.