Cyber Resilience – Part 1 – Assessing Cyber Resilience of Networked Systems
Posted March 12, 2019
As part of our Cyber Resilience series, today’s blog kicks off the important discussion around how cyber attacks can impact the network and ways that ensuring cyber resilience allows the network and the resident applications to deliver the expected service even when under a cyber attack.
Assessing Cyber Resilience of Networked Systems
Cyber attacks take many forms: distributed denial of service (DDOS), eavesdropping, jamming, and viruses spread by malicious email attachments and drive-by downloads, Trojan, spyware, rootkit, spear phishing, etc. They can steal information, degrade operations, or shut down the target system. Large organizations are at risk of targeted attacks, such as the WannaCry ransomware attack on UK’s National Health System, large scale data breaches at Equifax, Uber and Yahoo, the denial of service (DOS) attack against GitHub, and the Crash Override and Triton attacks which targeted infrastructure in Ukraine and the Middle East grab global headlines. It’s almost a cliché that the cyber attackers are getting even more creative; but advanced attacks which can dynamically adapt to exploit zero-day and other network vulnerabilities, which make them particularly pernicious are certainly in the future.
What is Cyber Resilience?
The likelihood of cyber attacks and their potential for dramatic consequences make cyber resilience a critical challenge for networks – be it the communication network supporting a military mission, the regional power grid, or the mixed wired and wireless network of a global enterprise.
Cyber resilience refers to the ability of the network and the resident applications to deliver the expected service even when it is under a cyber attack! It is commonly accepted that communication networks and networked systems cannot be completely protected from cyber attacks, however, it is possible to mitigate the impact of cyber attacks such that the system continues to operate or degrades gracefully while maintaining critical services. In the context of a military mission, the goal is to assure the mission, even when the network is vulnerable to adversarial activities. In the context of a power grid, the goal may be to maintain power supply to hospitals. For an airline, it may be ensuring that the reservation portal does not go down or can be restored quickly if it does.
In practice, then, to ensure cyber resilience, organizations need a way to predict how the networked enterprise, or at least the critical sub-systems, will behave when under cyber attack. One way to test a system’s cyber resilience is to subject it to different cyber attacks and evaluate its behavior. However, tests using physical networks and assets are costly and resource-intensive, and many such tests are not practical. On the other hand, if a mission-critical networked system is deployed without testing its cyber resilience, it can have serious and even disastrous consequences when it is targeted by cyber attackers.
Watch for part 2 in our Cyber Resilience series where we will discuss how network simulation can assist with cyber resilience. We will explore the question “To what extent can network simulation protect networks against relentless cyber attacks?”