Modern Cybersecurity: Modern Resilience

Modern Cybersecurity: Modern Resilience

Date: May 10, 2021

Cyber resiliency is the ability to maintain mission assurance despite being faced with adversity via cyber threats. It is critical to incorporate it at all levels of your organization, from mission or business function level to organizational level, sector level and system level. When broken down, cyber resiliency is found at the intersection of Active Cyber Defense, Zero Trust and DevSecOps:

  • Active Cyber Defense= Proactive, not reactive cybersecurity to include disrupting the attacker and/or raising the cost of the attacker while simultaneously minimizing the cost of the defender
  • Zero Trust= Trust no one; assume everyone is a potential hacker and therefore give zero trust/permissions until further verified, then continue verifying and adjust access accordingly
  • DevSecOps= Security is incorporated into every aspect of the development lifecycle

Through the confluence of these three approaches, cyber resiliency is easily attainable. Cyber resiliency includes concepts, constructs, engineering practices, and solutions for better risk management practices to be used across systems and organizations alike. Cyber resiliency must be implemented throughout system life cycle processes. According to NIST 800-160 V2 guidance, there are four main goals to achieving cyber resiliency: Anticipate, Withstand, Recover and Adapt. These goals – properties, behaviors, best practices – are fundamental to developing and maintaining cyber resilient systems.

NIST also emphasizes the aspect of trust:

“The concern for cyber resiliency focuses on aspects of trustworthiness—in particular, security and resilience—and risk from the assurance against determined adversaries (e.g., the advanced persistent threat).”

Cyber resiliency combines technologies, architectural frameworks, systems engineering processes, and operational processes to solve problems, meet stakeholder needs, and overall reduce risk to disrupting critical missions in the presence of cyber-attacks, including the Advanced Persistent Threat (APT).

“Cyber Resilience is the emergence of the 6th generation of Cybersecurity,“ said Dr. Allen Harper, EVP of Cybersecurity at T-Rex. “First came the concept of perimeter defense, in the mid 1990’s. Next, came defense in depth, in 2000. Shortly thereafter, Congress passed FISMA which requires continuous monitoring. Around 2014, the DoD and Intel communities began to discuss the concept of Active Cyber Defense (ACD). Since then, Zero Trust and DevSecOps have become more prominent. Now, in 2021, the concept of Cyber Resilience is bringing them all together.”

How can you ensure your systems remain cyber resilient? Start with these four goals:

Anticipate

Anticipate threats before they escalate. Be sure your organization is always prepared for adversity. Adversity in the cyber world, as stated in NIST 800-160 V2, “specifically includes stealthy, persistent, sophisticated, and well-resourced adversaries (i.e. the APT) who may have compromised system components and established a foothold within an organization’s systems.” Protect your organization through cyber situational awareness.

Withstand

Despite adversity, it is important to withstand all essential mission/business functions throughout. How can your organization continue to function with minimal disruption? This is the primary purpose of this goal. Despite adversarial attacks, the mission must continue.

Recover

During or after adversity, recover from any damage that may have occurred to mission/business functions. It is critical to take the necessary steps to recover your systems from any damage that has occurred, whether large-scale or small-scale.

Adapt

The threat landscape is constantly evolving. To keep up the pace, your cyber resiliency must be adaptive to changes in threat environments, technical or operational. Once you are faced with adversity, you must reconsider your approaches and adapt your methods to better predict and conquer what is yet to come.

As hackers continue to advance, IT organizations and Federal agencies alike must continue to adapt our cybersecurity strategies to maintain cyber resiliency. While traditional cybersecurity methods are centered on prevention of threats, a cyber resilient approach assumes the system will be compromised, placing increased focus on the four goals: Anticipate, Withstand, Recover and Adapt. With this assumption that the APT can always find a way in, we are better able to prepare ourselves for if/when we are faced with adversity.

For more timely and up-to-date content, subscribe to our monthly newsletter.


recently posted
Zero Trust Lift: Network Visibility and Analytics Maturity using Zeek

Zero Trust Lift: Network Visibility and Analytics Maturity using Zeek

Zeek is a proven open-source network visibility and analytics tool that you can leverage to increase your agency’s Network Visibility and Analytics Capability maturity under CISA’s Zero Trust Maturity Model Version 2. Zeek (https://zeek.org, formerly named Bro) is a network […]

T-Rex is Hiring at Hill Air Force Base

T-Rex is Hiring at Hill Air Force Base

Since 2016, T-Rex has been supporting large scale hybrid-cloud migrations and systems modernization, to include the successful deployment of the first-ever online U.S. Census in 2020. We are excited about expanding our IT Modernization services within the National Security market, […]

Secure by Design and Zero Trust: Integrating Supply Chain Risk Management with DevSecOps

Secure by Design and Zero Trust: Integrating Supply Chain Risk Management with DevSecOps

Agencies are seeking innovative ways to mature their Zero Trust posture. In this article, we have focused on improvements to your DevSecOps to increase maturity in two pillars: 1) Devices and Applications and 2) Workloads.

Protecting Government Apps and Workloads from Zero-Day Cyber Threats

Protecting Government Apps and Workloads from Zero-Day Cyber Threats

In April 2023, CISA released Zero Trust Maturity Model Version 2, which added a fourth security maturity level and reaffirmed application and workload cyber requirements. In this article we consider Application Threat Protections security levels within the Applications and Workloads […]