Top

Published in:

2022 | OriginalPaper | Chapter

12. Cyber Resilience: A Pre-Understanding for an Abductive Research Agenda

Authors : Tor Olav Grøtan, Stian Antonsen, Torgeir Kolstø Haavik

Published in: Resilience in a Digital Age

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Digital transformation turns critical infrastructures into cyber-physical systems, introducing unprecedented levels of complexity and vulnerability. As the evidence of surprise and shocks involving cyber-physical systems is high and rising, concepts of resilience are increasingly enrolled in discourses around vulnerability in critical infrastructures. In this chapter, we discuss the theoretical foundations for a concept of cyber resilience, and the needs, potentials, and pitfalls in this respect. Our aim is to point to a research agenda of abductive reasoning, where a concept of resilience is developed through stepwise, reflexive theoretical advances together with ongoing efforts of empirical grounding in particular cyber-physical domains.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter How Can Simulation Support Resilience in a Digital Age?

next chapter How Can Digital Learning Tools be Used to Promote Resilience in Healthcare?

Computing systems can always exhibit dynamics and failure modes beyond what they are designed and tested for, triggered by coincidence or deliberation. Reverse engineering is a systematic attempt of revealing exploitable vulnerabilities. Software supply chains may be exploited to insert malicious code via third parties.

(Based on Wikipedia) A zero-day is a software vulnerability unknown to those who should be interested in its mitigation (including the vendor). Until the vulnerability is mitigated, hackers can exploit it to adversely affect programs, data, additional computers, or a network. Once the vendor learns of the vulnerability, they will usually create patch-es or advise workarounds to mitigate it. The more recently that the vendor has become aware of the vulnerability, the more likely it is that no fix or mitigation has been devel-oped or taken into use. The notion of “forever-days” is sometimes used to denote persis-tent design weaknesses that are not possible to mitigate or eradicate by updates.

Alvesson, M., & Sköldberg, K. (2018). Reflexive methodology: New vistas for qualitative research. SAGE Publications.

Antonsen, S. (n.d.). Between natural and artificial intelligence – digital sustainability in high-risk industries. In Forthcoming book chapter. Springer.

Aven, T. (2017). How some types of risk assessments can support resilience analysis and management. Reliability Engineering & System Safety, 167, 536–543.CrossRef

Bochman, A. (2018). The end of cybersecurity. Harvard Business Review.

ComputerWorld Norway. (2018). Accessed June 23, 2021, from https://www.cw.no/artikkel/digitalisering/har-vi-mistet-kontrollen

ComputerWorld Norway. (2021). Accessed June 23, 2021, from https://www.cw.no/artikkel/dataangrep/sensitiv-informasjon-kan-vaere-pa-avveie-etter-dataangrepet-ostre-toten

Dagens Næringsliv (Norway). (2021). Accessed June 23, 2021, from https://www.dn.no/teknologi/bard-glad-pedersen/solarwinds/oljefondet/sikkerhetstopp-om-solarwinds-hackingen-det-kommer-definitivt-til-a-skje-igjen/2-1-969676

Dewey, J. (1999). In L. Hickman & T. Alexander (Eds.), The essential Dewey. Indiana University Press.

Digi.no. (2018). Accessed June 23, 2021, from https://www.digi.no/artikler/henlegger-saken-om-dataangrepet-mot-helse-sor-ost/452942

Gadamer, H. (2018). Truth and method. Bloomsbury Academic.

Gizmodo. (2021). Accessed June 23, 2021, from https://gizmodo.com/solarwinds-officials-throw-intern-under-the-bus-for-so-1846373445

Grøtan, T. O. (2014). Hunting high and low for resilience: Sensitisation from the contextual shadows of compliance. In Steenbergen et al. (Eds.), Safety, reliability and risk analysis: Beyond the horizon. CRC Press, Taylor & Francis Group.

Grøtan, T. O. (2015). Organising, thinking and acting resiliently under the imperative of compliance. On the potential impact of resilience thinking on safety management and risk consideration. Doctoral theses. NTNU.

Grøtan, T. O. (2020). Training for operational resilience capabilities (TORC); advancing from a positive first response. In Proceedings of the 30th European safety and reliability conference and the 15th probabilistic safety assessment and management conference. Research Publishing. https://doi.org/10.3850/978-981-14-8593-0 CrossRef

Grøtan, T. O., Størseth, F., Rø-Eitrheim, M. H., & Skjerve, A. B. (2008). Resilience, adaptation and improvisation–increasing resilience by organising for successful improvisation. Accessed June 23, 2021, from https://www.researchgate.net/publication/228896677_Resilience_Adaptation_and_Improvisation-increasing_resilience_by_organising_for_successful_improvisation

Hollnagel, E. (2021). Erik Hollnagel homepage. Accessed June 23, 2021, from https://erikhollnagel.com/ideas/resilience-engineering.html

Johannessen, S. O. (2019). Strategies, leadership and complexity in crisis and emergency operations. Routledge.

Kilskar, S. S. (2020). Socio-technical perspectives on cyber security and definitions of digital transformation – a literature review. In P. Baraldi, F. Di Maio, & E. Zio (Ed.), Proceedings of the 30th European safety and reliability conference and the 15th probabilistic safety assessment and management conference, Research Publishing (pp. 3384–3391). https://doi.org/10.3850/978-981-14-8593-0.

Kurtz, C. F., & Snowden, D. J. (2003). The new dynamics of strategy: Sense-making in a complex and complicated world. IBM Systems Journal, 42(3), 462–483.CrossRef

Microsoft. (2021). Accessed June 23, 2021, from https://www.microsoft.com/security/blog/2021/01/14/increasing-resilience-against-solorigate-and-other-sophisticated-attacks-with-microsoft-defender.

New York Times. (2012). Accessed June 23, 2021, from https://www.nytimes.com/2012/10/12/world/panetta-warns-of-dire-threat-of-cyberattack.html.

New York Times. (2020). Accessed June 23, 2021, from https://www.nytimes.com/2020/12/08/technology/fireeye-hacked-russians.html.

NIST. (2019). Cyber resiliency engineering: Final public draft. 2(NIST SP 800-160), available for comment. Accessed June 23, 2021, from https://www.nist.gov/news-events/news/2019/09/cyber-resiliency-engineering-final-public-draft-nist-sp-800-160-volume-2

Norwegian Parliament. (2021, 23 June). Retrieved from https://www.stortinget.no/no/Saker-og-publikasjoner/Publikasjoner/Referater/Stortinget/2018-2019/refs-201819-02-14?all=true

Office of the Auditor General (Norway). (2020). Accessed June 23, 2021, from https://www.riksrevisjonen.no/globalassets/rapporter/no-2020-2021/undersokelse-av-helseforetakenes-forebygging-av-angrep-mot-sine-ikt-systemer.pdf.

Øien, K., Jovanović, A., Grøtan, T. O., Choudhary, A., Øren, A., Tetlak, K., … Jelic, M. (2017). Assessing resilience of SCIs based on indicators. D3.2 from H2020 project: Smart resilience indicators for smart critical infrastructure. Accessed June, 23, 2021, from http://www.smartresilience.eu-vri.eu/sites/default/files/publications/SmartResD3.2.pdf

Pariès, J., Wreathall, J., & Hollnagel, E. (2011). Resilience engineering in practice: A guidebook. CRC Press.

Peirce, C. (1935). Collected papers of Charles Sanders Peirce. Harvard University Press.

Rorty, R. (1980). Philosophy and the Mirror of nature. Blackwell.

Sætre, A. S., & Van de Ven, A. H. (2021). Generating theory by abduction. Academy of Management.CrossRef

Stavland, B., & Bruvoll, J. (2019). Norwegian: Resiliens – Hva er det og hvordan kan det integreres i risikostyring? [resilience – What is it and how can it be integrated in risk management?]. Forsvarets Forskningsinstitutt [Norwegian Defence research establishment]. Accessed June 23, 2021, de https://publications.ffi.no/nb/item/asset/dspace:6458/19-00363.pdf.

US Congress. (2021, 23 June). Retrieved from https://oversight.house.gov/news/press-releases/oversight-and-homeland-security-committees-discussed-next-steps-for-government.

Weick, K. E., & Sutcliffe, K. M. (2017). Managing the unexpected. Resilient performance in an age of uncertainty. John Wiley & Sons.

Wikipedia. (2021, 23 June). Retrieved from https://en.wikipedia.org/wiki/December_2015_Ukraine_power_grid_cyberattack

Wired.com. (2021). Accessed June 23, 2021, from https://www.wired.com/story/opinion-data-brokers-are-a-threat-to-democracy/

Woods, D. (2015). Four concepts for resilience and the implications for the future of resilience engineering. Reliability Engineering & System Safety, 141, 5–9. https://doi.org/10.1016/j.ress.2015.03.018 CrossRef

Woods, D. (2016). Resilience as graceful extensibility to overcome brittleness. In IRGC, IRGC resource guide on resilience. Accessed June 23, 2021, de https://beta.irgc.org/wp-content/uploads/2018/09/Woods-Resilience-as-Graceful-Extensibility-to-Overcome-Brittleness-1.pdf

Woods, D. (2017). Report from the SNAFUcatchers workshop on coping with complexity. Accessed June 23, 2021, de https://snafucatchers.github.io

Woods, D. (2018a). Resilience is a verb. In B. D.-V. Trump (Ed.), IRGC resource guide on resilience (vol. 2): Domains of resilience for complex interconnected systems. EPFL international Risk Governance Center.

Woods, D. (2018b). The theory of graceful extensibility: Basic rules that govern adaptive systems. Environment Systems and Decisions, 38(5), 433–457.CrossRef

Woods, D. (2019). Essentials of resilience revisited. In M. Ruth & S. Goessling-Reisemann (Eds.), Handbook on resilience of socio-technical systems. Elgar. https://doi.org/10.4337/9781786439376 CrossRef

Title: Cyber Resilience: A Pre-Understanding for an Abductive Research Agenda
Authors: Tor Olav Grøtan
Stian Antonsen
Torgeir Kolstø Haavik
Publisher: Springer International Publishing
Book: Resilience in a Digital Age
Print ISBN: 978-3-030-85953-4

Electronic ISBN: 978-3-030-85954-1

Copyright Year: 2022
DOI: https://doi.org/10.1007/978-3-030-85954-1_12

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"