At the upcoming HackMiami5 conference I will be speaking on "Cyber Resilience". I have been looking at this term over the last several months. As an infosec/cybersecurity professional, I wanted to better understand what this "cyber resilience" is and how it fits in.
Now, at my talk at HM2017 I will be going into several "models" for cyber resilience and other resources, and I will NOT be posting that information here on my blog until sometime later. So this posting, which maybe part of a series, is more my thoughts on what cyber resilience is.
Now, the more or less standard definition I hear for cyber resilience is "the ability to recover from attacks quicker and keep losses to a minimum."
Hmmmm. Ok.
Taking this a little further is what I also hear is that cyber resilience goes "beyond" cybersecurity, and that its almost a next step. Further that certain organizations (government, military, commercial) are now focusing more on cyber resilience then cybersecurity.
So, more "hmmmmmm" from me.
For me, I have a problem with this view. My problem is that, FOR ME, what is being described as cyber resilience IS cybersecurity. And that what these people are putting forth as "cybersecurity" is TOO NARROW a use or definition of it.
These people seem to think that cybersecurity is solely PREVENTION. For me, it's not and never should be. IF some are thinking cybersecurity is solely PREVENTION, that's the problem. RESPONSE and RECOVERY, which is said to be cyber resilience IS part of cybersecurity.
This may help:
So, these are the 5 "Functions" that comprise the Core of the NIST Cybersecurity Framework. ALL 5 are needed for the Framework, and for me, all 5 are needed to have cybersecurity.
The people pushing cyber resilience seem to be pushing the idea that cyber security is just PROTECT (and maybe also DETECT). And that we need cyber resilience (RESPOND and RECOVERY).
I think that's wrong. BUT, I think part of it is that OTHERS are at fault here, not necessarily the cyber resilience folk. I think TOO MANY people in our field seem focused on PROTECT and DETECT. They ignore IDENTIFY (that's all inventory work, that's just IT stuff, us cybersecurity folk don't care). They ignore RESPOND (by and large, other then maybe incident handling, blue teaming) and RECOVER (that's all disaster recovery, business continuity stuff, that's just IT stuff, us cybersecurity folk don't care).
The attitude being pushed is that "we" cybersecurity folks are all ethical hackers, pentesting. We are all about PROTECT/DETECT. That's all that's important.
And sometimes it's not helped when I see people talking about getting people into infosec/cybersecurity, but ALL they talk about is ethical hacking, pentesting. NOT all the other stuff.
I'll be revisiting this. If others have ideas, please post comments.
Cyber Security-Computergk.com offers very useful security insight for both IT managers & security decision makers. Hear from trade consultants on however you'll build stronger defences against cyber-attacks & a way to recover if your systems area unit broken.
ReplyDeleteGood day! This is my 1st comment here so I just wanted to give a quick shout out and say I really enjoy reading your posts. Can you suggest any other blogs/websites/forums that go over the same subjects? Thanks a ton!it consulting melbourne
ReplyDeleteNSA Global Security Consultants headquarters are based in Johannesburg, South Africa, with additional operational offices throughout Africa, India and the Middle East and partnerships in the Americas, United Kingdom and Europe
ReplyDeleteI am thankful for this blog to gave me much knowledge regarding my area of work. I also want to make some addition on this platform which must be in knowledge of people who really in need. Thanks. cyber security company
ReplyDeleteNSA Global Security Consultants headquarters are based in Johannesburg, South Africa, with additional operational offices throughout Africa, India and the Middle East and partnerships in the Americas, United Kingdom and Europe
ReplyDeleteWINTER OLYMPICS GETS HACKED As the news of the Winter Olympics cyber-attack broke and the official website was taken offline, OSAC (Overseas Security Advisory Council) has put out this advice on how to take precautions against cyber-attacks that is useful for us all.
ReplyDelete