Notes on Resilience and Cyber Resilience

What is Resilience?

  • Definition: Resilience is the capacity to recover quickly from difficulties (Oxford Dictionaries) and the ability of a substance to return to its usual shape after being altered (Cambridge Dictionary).
  • Key Idea: Resilience can manifest in diverse fields such as psychology, sociology, economics, climate change, business continuity management, etc.

Organisational Resilience

  • Definition: The ability of an organisation to anticipate, prepare for, respond, and adapt to incremental changes and sudden disruptions in order to survive and prosper.
    • Source: BSI
  • Importance: No organisation can achieve 100% protection; thus, resilience is critical in organizational planning against attacks and mitigating consequences.
  • Threats: Threats to organisations can arise from malicious actors, natural events, or technical maintenance needs. Organisations must be proactive in understanding how digital systems interconnect with people, processes, and physical assets.

Activities Involved in Organisational Resilience

  • CERT Resilience Management Model:
    • Identification and management of core assets and controls.
    • Risk and vulnerability management, including training and awareness campaigns.
  • Key Focus Areas:
    • Asset Management: Identifying, documenting, and managing assets.
    • Incident Response: Effective strategies during and post-incident.
    • Business Continuity Planning: Ensuring essential functions continue through disruptions.

Principles for a Resilience Approach

  • Nature of Resilience:
    • Not static or singular; it's multidimensional and varies across different conditions.
  • Key Considerations: Assets, impacts or harms, and security treatment measures must all be addressed holistically.

Organisational Resilience Models

  • Evolution: Shift from rigid business continuity frameworks to integrated models considering risk and uncertainty.
  • Key Attributes:
    • Strong communication regarding emerging threats and organizational culture commitment.
    • Emphasis on adaptability, emergent leadership, and strengthening every sector to enhance resilience.

Cyber Resilience

  • Definition: Cyber resilience is a broad approach that encompasses cybersecurity and business continuity management, focusing on minimising damage and maintaining operations through attacks.
  • NCSC Perspective:
    • Prepare, Absorb, Recover, Adapt:
    • Preventative measures are crucial, but organizations must accept incidents will happen and develop the capability to recover.

CERT Resilience Maturity Model (CERT-RMM)

  • Overview: A comprehensive approach integrating operational and engineering models to foster resilience.
    • Twelve Categories: Including asset management, controls management, cyber incident management, and more.
  • Goals: Each category contains specific goals and requirements to achieve maturity in resilience practices.

Communication After a Cybersecurity Incident

  • Framework for Effective Communication:
    • Before an Incident: Establish priorities around key stakeholder communications and legal obligations.
    • Response Mechanisms: Consider how to effectively disclose information to affected parties, addressing their concerns and maintaining trust.
  • Key Points to Address:
    • Awareness of security gaps, preparation for reactions, and ensuring clarity in communication throughout the process.

Key Takeaways

  • Effective resilience encompasses understanding assets and harm, solid incident management, and clear communication strategies.
  • Both organisational and cyber resilience require proactive planning, continuous improvement, and strong leadership.