Cyber Resilience

pdf

Abstract: The term resilience has been in various uses for over 400 years and has been applied to characterize the ability of something to withstand unexpected threats, where the “something” can be an individual, a community, an object,  species,  an ecosystem, etc. The dependable community has embraced the term primarily under the threat of natural faults by asserting that a resilient system should fail operational (provide the full service as if no cyber disturbance occurred) but if this is not possible fail safe (preserve a safety requirement) and as a last resort fail stop. Increasingly, organizations embrace cyber resilience as a general strategy for security where the goal is to deliver an intended cyber service in the presence of cyber events to the extent possible.  Although there are differing views of it, Symantec among others associates five “pillars” with the resilience concept:

Prepare/Identify, Protect, Detect, Respond, Recover

In its Cyber R&D Strategic Plan, NITRD has proposed a similar structure, again reflecting a multi-step and a dynamic approach to cyber resilience. In recent years, the security community has under the rubric of resilience begun to consider systems that dynamically cope with attacks, unexpected or previously unseen.  DARPA has run several programs along this line, for example SRS (Self-Regenerative Systems), which explored many techniques towards systems that dynamically respond to attacks. Although there are fairly straightforward approaches, such as intrusion-prevention systems, today’s systems mostly rely on human-driven responses to attacks.  For the rapidly emerging applications, such as connected cars, cyber-controlled processing plants, and smart grids, human-level response is too slow; but fully automated response is considered too dangerous and too easily thwarted by an informed adversary, particularly when triggered by imperfect detection.  Thus there is a clear need for the research community to take on the challenge of resilience.  This breakout session is open to all of the research topics that bear on resilience, including but not limited to:

  • System architectures in support of resilience
  • The specification of “intended” cyber service for different situations
  • The specification of “safety” requirements for different applications
  • Approaches to detection, particularly approaches to cope with imperfect detection.
  • “Moves” a system can take to achieve resilience
  • Overall, does the automation of resilience introduce too many new and undefendable attack surfaces that preclude its serious consideration?
  • Can “risk” to the mission be the overarching principle that characterizes the components of resilience?
  • Are there measurable metrics to characterize cyber resilience? 
Tags:
License: CC-2.5
Submitted by Karl Levitt on