RSS feed Add to your Facebook page Watch us on Youtube

Activity title

Cyber Resilience

Activity Reference

IST-153 (IWA)

Panel

Information Systems Technology

Security Classification

PUBLIC RELEASE

Status

Awaiting Publication

Activity type

RWS

Start date

2017

End date

2017

Keywords

Agile Recovery, Continuity of Operations, Cyber Defence, Metrics, Mission Impact Analysis, Resilience Methods, Risk Assessment, System Architecture, System Engineering

Background

NATO Nationscitizens, businesses and governments -- increasingly rely on cyber infrastructure. This puts national security at considerable risk to unforeseen and unknown cyber threats. The high level of interconnectivity found in modern society has opened many avenues for cyber attacks, including internal and external threats, and vulnerabilities within supply chain networks. Despite continual progress in managing risks in the cyber domain, it is clear that anticipation and prevention of all possible attacks and malfunctions are not feasible for current or future cyber and infrastructure systems. Therefore, interest in cyber resilience (as opposed to merely risk-based approaches) is increasing rapidly, in literature and in practice. For example, the President of the United States released a presidential policy directive (Presidential Policy Directive 21 2013) and executive order (Executive Order 13636 2013), focusing national attention on cyber-infrastructure resilience. Similarly, NATO 2020 report states Responding to the rising danger of cyber-attacks: NATO must accelerate efforts to respond to the danger of cyber-attacks helping Allies to improve their ability to prevent and recover from attacks, etc. Indeed, resilience is defined as the ability to recover from or easily adjust to misfortune or change. It is characterized by four abilities: to plan/prepare, absorb, recover from, and adapt to known and unknown threats. Unlike concepts of risks or robustness which are often and incorrectly conflated with resilience -- resiliency refers to the systems ability to recover or regenerate its performance after an unexpected impact produces a degradation of its performance. However, the exact relation between resilience and risk, and robustness, the appropriate metrics, the engineering and architectural approaches, and role of resilience-by-design in assuring effective recovery and continuity of operations all these issues remain poorly researched and understood.

Objectives

We will structure, organize and execute a 2-day research symposium focused on foundational science of cyber resilience, especially metrics, theories, supporting fundamental models and approaches. This event will bring together experts from NATO member military agencies along with industry leaders and academic visionaries to present and discuss the state-of-the-art foundational developments and hard challenges in cyber resilience, metrics of resilience, recovery and service continuity, resiliency by design, resilient architecture, systems engineering for resiliency. The meeting will result in a raised awareness of our common efforts and the development of collaborative opportunities. It will also produce a technical report and proceedings, which will include specific suggestions for high-priority gaps, and promising research directions.

Topics

The theoretical and empirical topics to be covered may include but are not limited to: Cyber Resilience Concepts Theory and Models of Cyber Resilience Resilience Measures and Metrics Resilience by Design Resilient Cyber Systems Engineering Agile Recovery and Resilience Service and Operations Continuity Resilience Assessment Resilience and Monitoring Resilience and Risk Resilience and Robustness Resilient Architectures Failsafe Modes for Resiliency Formal Methods for Resilience Case Studies

Contact Panel Office