The concept of cyber resiliency has been long recognized as a crucial aspect of protecting organizations from cyber attacks. It goes beyond simply repelling attackers and focuses on ensuring that businesses and missions can continue to operate even in the face of a cyberattack. To achieve cyber resiliency, organizations need to anticipate attacks, withstand them, recover from them, and adapt to future threats.
To simplify this complex challenge, MITRE, a leading cybersecurity company, has developed the Cyber Resiliency Engineering Framework (CREF) NavigatorTM. This free visualization tool helps organizations customize their cyber resiliency goals and techniques in alignment with the National Institute of Standards and Technology’s (NIST) publication on developing cyber-resilient systems.
The first step in achieving cyber resiliency is to anticipate attacks. Organizations must have a plan in place and understand their high-value assets and critical points in their cyber infrastructure. It’s essential to determine what systems and services are necessary for the business or mission to operate. By learning from the experiences of others in the same sector, organizations can better prepare for potential cyber events. Regular testing, such as simulated tabletop exercises, can also help uncover any gaps in planning. It’s crucial to plan for worst-case scenarios and consider external factors that could exacerbate cyber risk.
The second step is to withstand attacks and continue essential business or mission functions. If a cyberattack occurs, organizations need to assess the impact on their assets and determine if they can be moved physically or logically. Redundancy and diversification of systems can help ensure that some functionality is maintained even if certain systems are targeted. Access to backup systems and a cyber resiliency plan is crucial during this phase. Taking time to assess the situation and understand the extent of the attack is important to formulate an effective response.
The third step is to recover from the attack and restore normal functionality. This involves restoring systems from backups or building new systems that are not vulnerable to the same attacks. Organizations should consider segmenting or repositioning their systems to restrict access and prevent re-compromising. The recovery process often happens during a fog of adversity, and having forensic tools in place can help organizations understand the event and ensure a trustworthy recovery.
The final step is to adapt business or mission functions and supporting capabilities to account for potential changes in the threat landscape. Making systems and services unpredictable for future attackers can enhance cyber resiliency. Distributing different tools across the environment in waves can provide insights into potential threats. Creating non-persistent systems or services that are destroyed after use can also reduce vulnerability. Additionally, organizations can incorporate deceptive information or capabilities into their systems, acting as “canary in the coal mine” or trip wires to detect active threats.
The CREF Navigator provides organizations with definitions, mappings, relationships, and visualizations to other frameworks and standards, making it easier to navigate the cyber resiliency journey.
In conclusion, cyber resiliency is a crucial aspect of cybersecurity, allowing organizations to continue their operations even in the face of cyber attacks. By following the steps outlined in the CREF Framework, organizations can better anticipate, withstand, recover, and adapt to cyber threats. It’s essential to have a solid plan in place, regularly test and update it, and be prepared for worst-case scenarios. With the right approach, organizations can achieve cyber resiliency and ensure their business or mission is not compromised by cyberattacks.