Cyber resilience metrics needed to meet increased threats

Nov 25, 2013

Cyber threats are rapidly emerging as one of the primary security concerns for the nation and global community as targeted cyber attacks can cause severe consequences to critical infrastructure and sectors of the economy. Recent calls for action, including President Obama's Executive Orders 13636 and Presidential Policy Directive 21, have brought the concept of "resilience" in the face of cyber attacks to the forefront of the nation's consciousness. In a recent special issue of Springer's journal Environment Systems & Decisions, Dr. Igor Linkov and colleagues describe a framework for understanding the concept of cyber resilience, and lay out a systematic method by which to generate resilience metrics for cyber systems.

Resilience is the capacity of a system to withstand and recover quickly from both known and unknown threats. The study describes that managing for resilience has been difficult because the concepts of resilience and risk have been conflated and have tended to focus on narrowly defined system components or on specific networks. However, the definition of cyber systems must be expanded to include rich and varied physical, information, cognitive and social networks – or "domains" – that form an integrated whole. Thus, the discussion of resilience should recognize the role of cross-domain communication before, during and after adverse events such as or natural events that may disrupt the functionality of cyber systems.

The study suggests combining the military concept of network-centric operations and the US National Academies' definition of resilience response stages to quantify and manage the resilience of a cyber system. Together, these factors form a matrix wherein a system's resilience may be quantified using tools of multi-criteria decision.

Regarding cyber resilience, the study describes, "Transition from risk-based approaches focusing on identifying individual vulnerability and fixing them one-at-a-time, to building a whole system for resilience, is required to deal with interconnected global risks and sophisticated adversaries. The resilience matrix approach is just the first step in the process which will lead us to formulating and quantifying resilience as a network property of the system."

Explore further: Researchers link youths' social interactions with grades, self-efficacy

More information: Linkov I. et al [add the other authors?] (2013). Resilience Metrics for Cyber Systems, Environment Systems & Decisions, DOI: 10.1007/s10669-013-9485-y

add to favorites email to friend print save as pdf

Related Stories

London-based banks simulate giant cyber-attack

Nov 12, 2013

Dozens of London-based banks joined other financial institutions in the capital on Tuesday for a giant exercise to test their defences against a cyber-attack, officials said.

Growing cyber threat to US infrastructure: spy chief

Mar 12, 2013

The United States faces a mounting danger from cyber attacks on its infrastructure while digital espionage threatens to undercut the military's technological edge, the intelligence chief said Tuesday.

Recommended for you

Twitter rules out Turkey office amid tax row

13 hours ago

Social networking company Twitter on Wednesday rejected demands from the Turkish government to open an office there, following accusations of tax evasion and a two-week ban on the service.

How does false information spread online?

16 hours ago

Last summer the World Economic Forum (WEF) invited its 1,500 council members to identify top trends facing the world, including what should be done about them. The WEF consists of 80 councils covering a wide range of issues including social media. Members come ...

User comments : 0

More news stories

Simplicity is key to co-operative robots

A way of making hundreds—or even thousands—of tiny robots cluster to carry out tasks without using any memory or processing power has been developed by engineers at the University of Sheffield, UK.

Microsoft CEO is driving data-culture mindset

(Phys.org) —Microsoft's future strategy: is all about leveraging data, from different sources, coming together using one cohesive Microsoft architecture. Microsoft CEO Satya Nadella on Tuesday, both in ...

Floating nuclear plants could ride out tsunamis

When an earthquake and tsunami struck the Fukushima Daiichi nuclear plant complex in 2011, neither the quake nor the inundation caused the ensuing contamination. Rather, it was the aftereffects—specifically, ...

Patent talk: Google sharpens contact lens vision

(Phys.org) —A report from Patent Bolt brings us one step closer to what Google may have in mind in developing smart contact lenses. According to the discussion Google is interested in the concept of contact ...