|
Cyber Resiliency Engineering Framework
January 2012
Deborah Bodeau, The MITRE Corporation
Richard Graubart, The MITRE Corporation
Jeffrey Picciotto, The MITRE Corporation
Rosalie McQuaid, The MITRE Corporation
ABSTRACT
Missions, business functions, organizations, and nations are increasingly dependent on
cyberspace. The need for cyber resiliency—for information and communications systems and
those who depend on them to be resilient in the face of persistent, stealthy, and sophisticated
attacks focused on cyber resources—is increasingly recognized. While resilience is sometimes
described as an emergent property, resilience in the face of cyber threats must be engineered.
Cyber resiliency engineering is the sub-discipline of mission assurance engineering which
considers (i) the ways in which an evolving set of resilience practices can be applied to improve
cyber resiliency, and (ii) the trade-offs associated with different strategies for applying those
practices. This paper presents an initial framework for cyber resiliency engineering. The
framework identifies
- Cyber resiliency goals, objectives, and practices;
- The threat model for cyber resiliency;
- Architectural layers or domains to which cyber resiliency practices could be applied; and
- Aspects of cost to consider as part of the trade-off analysis for alternative strategies and implementations.
This framework provides a way to structure discussions and analyses of cyber resiliency goals,
objectives, practices, and costs. It also serves to motivate and characterize cyber resiliency
metrics. The framework is intended to evolve as the discipline of cyber resiliency engineering
matures.
Additional Search Keywords
n/a
|
