Skip to main content

About this book

This book introduces fundamental concepts of cyber resilience, drawing expertise from academia, industry, and government. Resilience is defined as the ability to recover from or easily adjust to shocks and stresses. Unlike the concept of security - which is often and incorrectly conflated with resilience -- resilience refers to the system's ability to recover or regenerate its performance after an unexpected impact produces a degradation in its performance. A clear understanding of distinction between security, risk and resilience is important for developing appropriate management of cyber threats.

The book presents insightful discussion of the most current technical issues in cyber resilience, along with relevant methods and procedures. Practical aspects of current cyber resilience practices and techniques are described as they are now, and as they are likely to remain in the near term.

The bulk of the material is presented in the book in a way that is easily accessible to non-specialists. Logical, consistent, and continuous discourse covering all key topics relevant to the field will be of use as teaching material as well as source of emerging scholarship in the field. A typical chapter provides introductory, tutorial-like material, detailed examples, in-depth elaboration of a selected technical approach, and a concise summary of key ideas.

Table of Contents


Chapter 1. Fundamental Concepts of Cyber Resilience: Introduction and Overview

Society is increasingly reliant upon complex and interconnected cyber systems to conduct daily life activities. From personal finance to managing defense capabilities to controlling a vast web of aircraft traffic, digitized information systems and software packages have become integrated at virtually all levels of individual and collective activity. While such integration has been met with immense increases in efficiency of service delivery, it has also been subject to a diverse body of threats from nefarious hackers, groups, and even state government bodies. Such cyber threats have shifted over time to affect various cyber functionalities, such as with direct denial of service (DDoS), data theft, changes to data code, infection via computer virus, and many others.
Igor Linkov, Alexander Kott

Quantifying Cyber Resilience


Chapter 2. Metrics Based on the System Performance Perspective

This part of the book presents two alternative – but not incompatible – views on how to quantify cyber resilience via suitable metrics. This chapter – the first of the two – takes the perspective in which system performance is central to the metrics. As discussed in the introduction chapter of this book, cyber resiliency has become an increasingly important, relevant, and timely research and operational concept in cyber security. Although multiple metrics have been proposed for quantifying cyber resiliency, a connection remains to be made between those metrics and operationally measurable and meaningful resilience concepts that can be empirically determined in an objective manner. This chapter describes a concrete quantitative and measureable notion of cyber resiliency that can be tailored to meet specific needs of organizations seeking to introduce resiliency into their assessment of their cyber security posture.
George Cybenko

Chapter 3. Metrics Based on the Mission Risk Perspective

The previous chapter described how to quantify cyber resilience from the perspective of system performance. This chapter presents an alternative view – the perspective of mission risk – that goes beyond performance, making it possible to incorporate cyber effects such as loss of confidentiality that are less performance focused. This chapter enumerates the features that any definition of resilience should include to support measurable assessment and comparison, and it proposes a definition of resilience that incorporates those considerations. It then reviews and discusses in detail the terminology and definitions that have been proposed in the context of the identified considerations. Ultimately, the chapter chooses a definition of resilience that relates to “mission risk.” Being based on risk, the authors of this chapter argue, their resilience definition is clearly defined, measurable, and has a sound theoretical grounding. Since risk relies on both the likelihood of events occurring as well as changes in mission value (i.e., damage) when these events occur, it provides a computable metric that can be tailored to specific systems and that enables assessment and comparison.
Scott Musman, Seli Agbolosu-Amison, Kenneth Crowther

Assessment and Analysis of Cyber Resilience


Chapter 4. Frameworks and Best Practices

The second part of the book focuses on approaches to assessment and analysis of cyber resilience. Having discussed, in the previous two chapters, perspectives on quantifying cyber resilience, we now present several chapters that assemble qualitative and quantitative inputs for a broad range of metrics that might apply to cyber resilience. Some of these approaches (e.g., most of this chapter and the next one) are largely qualitative and based on human review and judgment of pertinent aspects of systems, organization, and processes. Other is based on quantitative and often theoretically rigorous modeling and simulation of systems, networks, and processes.
The purpose of this chapter is to outline best practices in an array of areas related to cyber resilience. While by no means offering an exhaustive list of best practices, the chapter provides an organization with means to “see what works” at other organizations. It offers these best practices within existing frameworks related to dimensions of cyber resilience. The chapter begins with a discussion of several existing frameworks and guidelines that can be utilized to think about cyber resilience. Then, the chapter describes a set of “best practices” based on a selection of metrics from these frameworks. These best practices can help an organization as a guide to implementing specific policies that would improve their cyber resilience.
Brianna Keys, Stuart Shapiro

Chapter 5. Analysis of Dependencies

The general overview of frameworks and best practices of cyber resilience assessments provided in the previous chapter is now followed by the chapter that focuses more specifically on methodologies that use the concept of cyber dependencies. A cyber dependency is a connection between two components, such that these components’ functions depend on one another and loss of any one of them degrades the performance of the system as a whole. Such dependencies must be identified and understood as part of a cyber resilience assessment. This chapter describes two related methodologies that help identify and quantify the impact of the loss of cyber dependencies. One relies on a facilitated survey and dependency curve analysis and helps an organization understand its resiliency to the loss of a dependency. That methodology incorporates the ability of an organization to withstand a loss through backup (recovery) methods and assess its resiliency over time. Another methodology helps an organization consider the indirect dependencies that can cause cascading failures if not sufficiently addressed through protective measures. However, that methodology does not incorporate protective measures such as redundancy or consider the possibility that the loss of a dependency might not have an immediate impact.
Nathaniel Evans, William Horsthemke

Chapter 6. Applying Percolation Theory

Unlike the previous chapter where propagation of failures along the dependency links was studied in a qualitative, human-judgment fashion, this chapter offers an approach to analyzing resilience to failure propagation via a rigorous use of percolation theory. In percolation theory, the basic idea is that a node failure or an edge failure (reverse) percolates throughout a network, and, accordingly, the failure affects the connectivity among nodes. The degree of network resilience can be measured by the size of a largest component (or cluster) after a fraction of nodes or edges are removed in the network. In many cybersecurity applications, the underlying ideas of percolation theory have not been much explored. In this chapter, it is explained how percolation theory can be used to measure network resilience in the process of dealing with different types of network failures. It introduces the measurement of adaptability and recoverability in addition to that of fault tolerance as new contributions to measuring network resilience by applying percolation theory.
Terrence J. Moore, Jin-Hee Cho

Chapter 7. Modeling the Impact of Cyber Attacks

In this chapter, we continue exploring how resilient is a network to a failure propagating through it; however, now we also include an explicit treatment of specific causes of failure – malicious activities of the cyber attacker. This chapter considers cyber attacks and the ability to counteract their implementation as the key factors determining the resilience of computer networks and systems. Indeed, cyber attacks are the most important among destabilizing forces impacting a network. Moreover, the term cyber resilience can be interpreted as the stability of computer networks or systems operating under impact of cyber attacks. The approach in this chapter involves the construction of analytical models to implement the most well-known types of attacks. The result of the modeling is the distribution function of time and average time of implementation of cyber attacks. These estimates are then used to find the indicators of cyber resilience. To construct analytical models of cyber attacks, this chapter introduces an approach based on the stochastic networks conversion, which works well for modeling multi-stage stochastic processes of different natures.
Igor Kotenko, Igor Saenko, Oleg Lauta

Chapter 8. Modeling and Simulation Approaches

The discussion so far has been limited to relatively narrow abstractions of systems and networks. Such abstractions allow effective assessment and analysis methodologies but do not cover the richness and diversity of realistic organizations, systems and processes. Therefore, this chapter explains how to build a multidimensional simulation model of an organization’s business processes. This multidimensional view incorporates physical objects, human factors, time and cyberspace aspects. Not all systems, the components within a system, or the connections and interfaces between systems and domains are equally resilient to attack. It is important to test complex systems under load in a variety of circumstances to both understand the risks inherent in the systems but also to test the effectiveness of redundant and degenerate systems. There is a growing need to test and compare the limitations and consequences of potential mitigation strategies before implementation. Simulation is a valuable tool because it can explore and demonstrate relationships between environmental variables in a controlled and repeatable manner. This chapter introduces the integrated cyber-physical effects (ICPE) model as a means of describing the synergistic results obtained through the simultaneous, parallel or sequential prosecution of attacking and defensive measures in both the physical and cyber domains.
David Ormrod, Benjamin Turnbull

Enhancing Cyber Resilience


Chapter 9. Systems Engineering Approaches

Suppose you assessed or analyzed the resilience of a system using approaches described in Part II of this book or similar approaches. Chances are, you determined that the resilience of the system is inadequate, at least in part. What should you do to improve it? This is the theme of Part III of this book: methods, techniques, and approaches to enhancing cyber resilience of a system, either via an appropriate initial design or by adding mitigation measures or by defensive actions during a cyberattack.
This chapter opens the theme with a broad overview of approaches to enhancing system resilience in the spirit of systems engineering. It starts by providing background on the state of the practice for cyber resilience. Next, the chapter describes how a growing set of frameworks, analytic methods, and technologies, can be used to improve system and mission cyber resilience. For example, technologies and processes created for contingency planning and COOP can be adapted to address advanced cyber threats. These include diversity and redundancy. Cybersecurity technologies and best practices can be extended to consider advanced cyber threats. These include analytic monitoring, coordinated protection, privilege restriction, segmentation, and substantiated integrity.
Deborah J. Bodeau, Richard D. Graubart

Chapter 10. Active Defense Techniques

In the previous chapter, we were introduced to active defense among numerous other approaches. Now is a good time we explore active defense techniques in detail. These are automated- and human-directed activities that attempt to thwart cyberattacks by increasing the diversity, complexity, or variability of the systems and networks. These limit the attacker’s ability to gather intelligence or reduce the usable life-span of the intelligence. Other approaches focus on gathering intelligence on the attackers, either by attracting attackers to instrumented honeypots or by patrolling the systems and networks to hunt for attackers. The intelligence gathering approaches rely upon cybersecurity personnel using semiautomated techniques to respond and repel attackers. Widely available commercial solutions for active defense so far are lacking. Although general purpose products may emerge, meanwhile organizations need to tailor their applications for available solutions or develop their own customized active defense. A successfully architected system or application should include passive defenses, which add protection without requiring human interaction, as well as active defenses.
Nathaniel Evans, William Horsthemke

Chapter 11. Managing Human Factors

For critical infrastructures (CI), technology solutions have been the preferred choice so far. Yet, the human component of CI could be the primary cause of events causing a less than resilient performance of a CI system. This chapter introduces a systemic approach that contextualizes cascading dynamics in the vulnerability of both technological and human elements. It is followed by a description of the evolution of critical infrastructure and management, envisioned as root causes of cascades effects, and explains the role of the human factor in that process. This chapter highlights why investments in technological resilience of cyber assets cannot do without the integration of its human component. Indeed, consensus is growing among security experts that the weakest link in the security chain is the human being, whether as users, customers, administrators, or managers. The technological progress needs to be followed step by step by improvements in users/operators’ skills and routines, adjusting their ability to improvise and resilience.
Giampiero Giacomello, Gianluca Pescaroli

Chapter 12. Rulemaking for Insider Threat Mitigation

This chapter continues the topic we started to discuss in the previous chapter – the human factors. However, it focuses on a specific method of enhancing cyber resilience via establishing appropriate rules for employees of an organization under consideration. Such rules aim at reducing threats from, for example, current or former employees, contractors, and business partners who intentionally use their authorized access to an organization to harm the organization. System users can also unintentionally contribute to cyber-attacks, or themselves become a passive target of a cyber-attack. The implementation of work-related rules is intended to decrease such risks. However, rules implementation can also increase the risks that arise from employee disregard for rules. This can occur when the rules become too restrictive, and employees become more likely to disregard the rules. Furthermore, the more often employees disregard the rules both intentionally and unintentionally, the more likely insider threats are able to observe and mimic employee behavior. This chapter shows how to find an intermediate, optimal collection of rules between the two extremes of “too many rules” and “not enough rules.”
Igor Linkov, Kelsey Poinsatte-Jones, Benjamin D. Trump, Alexander A. Ganin, Jeremy Kepner

Chapter 13. Biologically Inspired Artificial Intelligence Techniques

Recent years have seen continuous, rapid growth in popularity and capabilities of artificial intelligence, and broadly speaking, of other computational techniques inspired by biological analogies. It is most appropriate, therefore, for this book to explore how such techniques might contribute to enhancing cyber resilience. This chapter argues that the fast-paced development of new cyber-related technologies complicates the classical approach of designing problem-specific algorithms for cyber resilience. Instead, “general-purpose” algorithms—such as biologically inspired artificial Intelligence (BIAI)—are more suited for such problems. BIAI techniques allow learning, adaptability, and robustness, which are compatible with cyber resilience scenarios like self-organization, dynamic operation conditions, and performance in adversarial environment. This chapter introduces the readers to BIAI techniques and describes various BIAI techniques and their taxonomy. It also proposes metrics which can be used to compare the techniques in terms of their performance, implementation ease, and requirements. Finally, the chapter illustrates the potential of such techniques via several case studies—applications pertaining to wireless communication systems.
Nistha Tandiya, Edward J. M. Colbert, Vuk Marojevic, Jeffrey H. Reed

Chapter 14. Economic Effectiveness of Mitigation and Resilience

Implementation of means for enhancing cyber resilience, such as those discussed in the preceding chapters, costs money. Is this a worthwhile investment? This chapter provides an economic perspective on how to choose the most economically appropriate approaches to improving cyber resilience. These considerations are rather complex. For example, property damage, except for destruction of data, has thus far been a relatively minor cost of cyber threats, in contrast to instances of significant loss of functionality of a cyber system itself or the system it helps operate. The latter translates into loss of output (sales revenue and profits) and loss of employment, and is often referred to as business interruption (BI). Thus, in addition to pre-event mitigation, post-disaster strategies that enable a system to rebound more efficiently and quickly offer the prospects of greatly reducing BI. Moreover, there are numerous resilience tactics that comprise a strategy on both the cyber service provider side and customer side, many of which are relatively inexpensive. The latter include backup data storage and equipment, substitutes for standard cyber components, conserving on cyber needs, and recapturing lost production once the cyber capability is restored. This chapter describes the analysis based on basic principles of economics and is couched in a benefit-cost analysis (BCA) framework as an aid to decision-making. This chapter goes beyond the conceptual level and offers estimates of the costs and effectiveness of various mitigation and resilience tactics.
Adam Rose, Noah Miller, Jonathan Eyer, Joshua Banks

Cyber Resilience in Selected Classes of Systems and Networks


Chapter 15. Regional Critical Infrastructure

This chapter opens the last, fourth, part of our book. In this part, we explore several cases where cyber resilience was addressed – from different perspectives – in application to complex systems or networks. We collected these cases to answer the question of a practically minded reader, “How do I approach assessing of enhancing resilience of a particular system I am interested in?” While these few cases cannot cover all possible classes of systems or networks, they serve as useful illustrative examples and could inform approaches to resilience in other classes of systems.
The opening chapter of this part discusses large-scale, highly complex web of systems called regional critical infrastructure. These are responsible for providing entire large regions (the size of states or countries) with water, electricity, natural gas, communications, transportation, healthcare, police, fire protection, and ambulances. Often, these are further complicated by multiple, not always fully cooperative owners of these systems, and by the diversity of threats that may attack such systems, ranging from natural disasters to state-sponsored cyber attackers. The chapter focuses mainly on particular cyber resiliency assessment (CRA) methodology. The foundations of the methodology are collective assessments by human stakeholders and experts, seeking areas of concerns and developing options for resilience enhancements. CRA involves analytical and modeling techniques for cyber assessments. The chapter illustrates the application of CRA to a regional critical infrastructure with a realistic case study.
Nathaniel Evans, William Horsthemke

Chapter 16. Internet of Things

This chapter addresses cyber-physical systems resilience with a focus on Internet of Things as a particularly prominent example of large-scale cyber-physical systems. The emphasis is on current and future network architectures and systems, highlighting main research issues, as well as technological trends. This chapter opens by discussing and contrasting resilience of organisation and resilience of communications and computing technologies. It then proceeds to explore issues of resilience in two use cases. One deals with smart cities, a particular application scenario of IoT, and another with large-scale networks. This chapter points out that the Internet of Things is evolving towards an Internet of Everything, where everybody and everything are connected to provide multiple services within various contexts such as smart home, wearables, smart city, smart grid, industrial internet, connected car, connected health, smart retail, smart supply chain, and smart farming. In the context of this evolution, a number of challenges must be addressed, most of which touch on issues of resilience, among others.
Marilia Curado, Henrique Madeira, Paulo Rupino da Cunha, Bruno Cabral, David Perez Abreu, João Barata, Licínio Roque, Roger Immich

Chapter 17. Smart Cities

This chapter continues the discussion of cyber-physical systems (CPS), including the Internet of Things, with a special focus on resilient services for smart cities. The topic of smart cities has been already introduced in the previous chapter, and now, this chapter presents a detailed approach to the design and development of resilient services for smart cities based on moving target defense (MTD) and autonomic computing paradigms. Moving target defense is often seen as a game-changing approach to building self-defending systems. In an earlier chapter, “active defense techniques” have been introduced in a broader context. In the specific instantiation of MTD in this chapter, it dynamically randomizes the resources used and the execution environment to run CPS applications, so that the attackers (outsiders or insiders) cannot determine the resources used to run the provided services and consequently are unable to launch attacks. This chapter discusses both the detailed methodology for applying MTD to enhance resilience of smart and the experimental results obtained with implemented prototypes.
Jesus Pacheco, Cihan Tunc, Salim Hariri

Chapter 18. Transportation Networks

A transportation network is a critical component of a Smart City (considered in the preceding chapter), and therefore it is fitting that a distinguishing element of this chapter is the resilience analysis of transportation networks. The chapter highlights the importance of humans in most cyber-physical systems and uses the term Human Cyber-Physical System (H-CPS). It further argues that H-CPS design processes should use five fundamentally different abstraction layers: the physical layer, the three “cyber” layers: network, service platform, and application layers, and the human layer. It then describes the Cyber-Physical Systems Wind Tunnel (CPSWT), a simulation integration architecture tool kit, and proceeds to illustrate a simulation-based resilience analysis using a transportation network example.
Gabor Karsai, Xenofon Koutsoukos, Himanshu Neema, Peter Volgyesi, Janos Sztipanovits

Chapter 19. Supply Chains

Supply chains are among the most exposed and vulnerable component of any system. This chapter explores the resilience perspective of the supply chain for the ubiquitous electronic hardware embedded within modern cyber-physical systems. The chapter begins by identifying a set of factors that enable resilience. It also explains the nature of actors within the supply chain and discusses possible metrics for characterizing cyber resilience of supply chains, as well as of broader systems in which a supply chain is a component. This chapter provides a review of the research on numerous emerging topics and lays the groundwork for future research efforts aimed at understanding the ways of quantifying, analyzing, and enhancing the cyber resilience of supply chains.
Zachary A. Collier, Madison L. Hassler, James H. Lambert, Daniel DiMase, Igor Linkov


Additional information

Premium Partners

    Image Credits