Resilience Is a Team Sport

May 26, 2015
CyberPhysicalHuman: Post by Rob Simmons, Peter Sheingold, and Chris Folk

The next few articles will discuss resilience in the context of the CyberPhysicalHuman world. Anyone who has experienced a power outage as a result of a severe storm knows that companies and organizations need to plan for extreme weather events. Recurring reports of cyber intrusions remind us that no company or organization is immune to being hacked. In the CyberPhysicalHuman world, our ability to survive and thrive as individuals, communities, and organizations is tied to our ability to adapt and bounce back.

Resilience is a multi-dimensional concept that includes anticipating, withstanding, responding to, and recovering from negative events. Like convergence and risk, resilience is not a new idea and is a rich topic area of its own. One of the implications of the CyberPhysicalHuman world’s countless interconnections and interdependencies is that it is unwise to consider the resilience of an individual, community, or organization in isolation.

For example, when the World Trade Center towers fell on September 11, 2001, major water lines ruptured, flooding electrical substations and a large communications hub. This loss of power and data networks shut down the systems used in the stock market. When Target and Home Depot were hacked, more than the two companies were affected. Millions of customers had their credit and debit card numbers stolen, forcing card issuers to replace millions of cards. When Hurricane Katrina hit the Gulf Coast, it knocked out the electricity that powered oil and petroleum pumping stations for three major transmission pipelines. This temporarily idled the processing of 90% of the crude oil from the Gulf of Mexico. As a result, states in the Midwest, South, and East experienced shortages of gasoline and diesel fuel.

As these events show, resilience in the CyberPhysicalHuman world requires teamwork. The participants include numerous government agencies, private industries, and citizens who own, operate, and use CyberPhysicalHuman capabilities to conduct their daily lives.

Diverse Players on the CyberPhysicalHuman Defense Team

It's probably not a surprise that these different participants don’t operate as if they are playing the same game, by the same set of rules in a predictable manner. They understandably have different perspectives about how they approach resilience based on their specific missions, business challenges, risk tolerances, and the roles they play. For example: a financial institution might place a higher priority on the integrity of its financial records; a power company might place a higher priority on the availability of its industrial control systems; and a medical institution might place a higher priority on the confidentiality of patient records.

These differences inform our current critical infrastructure protection model, in which critical infrastructures are divided into sixteen sectors by industry type to develop sector-specific approaches to address common challenges. The sector-based approach has many benefits, but in a CyberPhysicalHuman world it may not be sufficient when threats so often cut across sectors.

To be resilient in a CyberPhysicalHuman world, cross-sector collaboration is not only desirable, it becomes necessary. The next article will discuss approaches for cross-sector collaboration.

  1. The CyberPhysicalHuman World of Homeland Security
  2. Convergence: A Recent History
  3. Risk: Focus On Your Main Thing(s)
  4. Applying Ancient Wisdom to Help Manage Modern Risks
  5. Resilience Is a Team Sport
  6. Resilience, Moving Beyond Sectors
  7. Enabling Effective Collaboration with Shared Threat Information
  8. Wrapping It Up and Moving Forward
  9. Coming Closer and Closer to You
  10. More Ancient Wisdom for Today's CyberPhysicalHuman World
  11. There is No One-Size Fits All Approach to the CyberPhysicalHuman World