Abstract
Suppose you assessed or analyzed the resilience of a system using approaches described in Part II of this book or similar approaches. Chances are, you determined that the resilience of the system is inadequate, at least in part. What should you do to improve it? This is the theme of Part III of this book: methods, techniques, and approaches to enhancing cyber resilience of a system, either via an appropriate initial design or by adding mitigation measures or by defensive actions during a cyberattack.
This chapter opens the theme with a broad overview of approaches to enhancing system resilience in the spirit of systems engineering. It starts by providing background on the state of the practice for cyber resilience. Next, the chapter describes how a growing set of frameworks, analytic methods, and technologies, can be used to improve system and mission cyber resilience. For example, technologies and processes created for contingency planning and COOP can be adapted to address advanced cyber threats. These include diversity and redundancy. Cybersecurity technologies and best practices can be extended to consider advanced cyber threats. These include analytic monitoring, coordinated protection, privilege restriction, segmentation, and substantiated integrity.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
In this volume, see the description in Part IV, Chap. 15, Regional Critical Infrastructures.
- 2.
Note that reducing vulnerability in the context of survivability means reducing the likelihood that an adverse event will result in undesirable consequences, either by removing or reducing the exposure of system vulnerabilities (the sense in which the phrase is used in cybersecurity) or by reducing the severity of the consequences.
- 3.
In this volume, see Part III, Chap. 14, Economic Mitigation of and Resilience to Cyber Threats, for further discussion of these broader contexts.
- 4.
The phrase “active cyber defense” refers to “a range of proactive actions that engage the adversary before and during a cyber incident” (Lachow 2013). While that range can include retaliatory hacking, the most common form of active cyber defense involves “the process of analysts monitoring for, responding to, learning from, and applying their knowledge to threats internal to the network” (DoD 2012) – including as part of response such actions as configuration changes, increasing privilege restrictions on critical assets, disabling system components, and isolating system components. In this volume, see Part 3, Chap. 10, Active Defense Techniques, for further discussion.
- 5.
- 6.
“Protection” is used in the sense of NIST SP 800-160: “the protection capability provided by a system goes beyond prevention and has the objective to control the events, conditions, and consequences that constitute asset loss.”
- 7.
“Mission assurance focuses on the protection, continued function, and resilience of capabilities and assets critical to supporting MEFs …” (Musman 2016).
- 8.
See, for example, the Proceedings of the 1st IEEE Workshop on Cyber Resilience Economics, in the Proceedings of the 2016 I.E. International Conference on Software Quality, Reliability and Security Companion (QRS-C).
- 9.
- 10.
In this volume, see Part IV, Chap. 19, Supply Chains, for a discussion of supply chain risk management.
References
Alberts, D. S. (1996, April). Information age transformation, getting to a 21st century military, DOD Command and Control Research Program. [Online]. Available: http://www.dtic.mil/get-trdoc/pdf?AD=ADA457904
Allan, B. A., Armstrong, R. C., Mayo, J. R., Pierson, L. G., Torgerson, M. D., & Walker, A. M. (2010, October). The theory of diversity and redundancy in information system security: LDRD final report. [Online]. Available: http://prod.sandia.gov/techlib/access-control.cgi/2010/107055.pdf
Alves, J., Westphall, C. M., & Schmitt, G. R. (2016). A risk calculus extension to the XACML language. In XII Brazilian Symposium on Information Systems. Brazil: Florianópolis.
Assante, M. J., & Lee, R. M. (2015, October). The industrial control system cyber kill chain. SANS Institute Reading Room. [Online]. Available: https://www.sans.org/reading-room/whitepapers/ICS/industrialcontrol-system-cyber-kill-chain-36297
Bank for International Settlements and International Organization of Securities Commissions. (2016, June). Guidance on cyber resilience for financial market infrastructures. [Online]. Available: https://www.bis.org/cpmi/publ/d146.pdf
Beaudry, B., & Monperrus, M. (2015). The multiple facets of software diversity: Recent developments in year 2000 and beyond. ACM Computing Surveys (CSUR), 48(1), 1–26.
Bodeau, D., & Graubart, R. (2011, September). Cyber resiliency engineering framework (MTR110237, PR 11-4436). [Online]. Available: https://www.mitre.org/sites/default/files/pdf/11_4436.pdf
Bodeau, D., & Graubart, R. (2013a, May). Cyber resiliency assessment: Enabling architectural improvement (MTR 120407, PR 12-3795). [Online]. Available: https://www.mitre.org/sites/default/files/pdf/12_3795.pdf
Bodeau, D., & Graubart, R. (2013b, November). Characterizing effects on the cyber adversary: A vocabulary for analysis and assessment (MTR 130432, PR 13-4173). [Online]. Available: http://www.mitre.org/sites/default/files/publications/characterizing-effects-cyber-adversary-13-4173.pdf
Bodeau, D., & Graubart, R. (2016a, May). Cyber resiliency metrics: Key observations (PR Case No. 16-0779). [Online]. Available: https://www.mitre.org/publications/technical-papers/cyber-resiliency-metricskey-observations
Bodeau, D., & Graubart, R. (2016b, May). Structured cyber resiliency analysis methodology (SCRAM) (PR Case No. 16-0777). [Online]. Available: https://www.mitre.org/sites/default/files/publications/pr-16-0777-structured-cyber-resiliency-analysis-methodology-overview.pdf
Bodeau, D., & Richard, G. (2013, September). Cyber resiliency and NIST special publication 800-53 Rev.4 Controls (MTR 130531, PR 13-4037). [Online]. Available: https://www.mitre.org/sites/default/files/publications/13-4047.pdf
Bodeau, D., Brtis, J., Graubart, R., & Salwen, J. (2013, September). Resiliency techniques for system of systems: Extending and applying the cyber resiliency engineering framework to the space domain (MTR 130515, PR 133513). [Online]. Available: https://www.mitre.org/sites/default/files/publications/13-3513-ResiliencyTechniques_0.pdf
Bodeau, D., Graubart, R., Heinbockel, W., & Laderman, E. (2015, May). Cyber resiliency engineering aid – The updated cyber resiliency engineering framework and guidance on applying cyber resiliency techniques, MTR140499R1, PR 15-1334. [Online]. Available: https://www.mitre.org/sites/default/files/publications/pr-15-1334-cyber-resiliency-engineering-aid-framework-update.pdf
Brahma, S., Kwiat, K., Varshney, P. K., & Kamhoua, C. A. (2016). CSRS: Cyber survive and recover simulator. In Proceedings of the 17th IEEE International Symposium on High Assurance Systems Engineering, HASE 2016, Orlando.
Callegati, F., Cerroni, W., & Contoli, C. (2016). Virtual networking performance in OpenStack platform for network function virtualization. Journal of Electrical and Computer Engineering, 2016(Article ID 5249421), 1–15.
Caralli, R. A., Allen, J. H., White, D. W., Young, L. R., Mehravari, N., & Curtis, P. D. (2016, February). CERT® Resilience management model, Version 1.2. [Online]. Available: http://www.cert.org/downloads/resilience/assets/cert-rmm-v1-2.pdf
Carter, K. M., Okhravi, H., & Riordan, J. (2014, January 31). Quantitative analysis of active cyber defenses based on temporal platform diversity. [Online]. Available: https://arxiv.org/abs/1401.8255
CERT Program. (2010, May). CERT® Resilience management model, Version 1.0: Improving operational resilience processes. [Online]. Available: http://www.cert.org/archive/pdf/10tr012.pdf
Choras, M., Kozik, R., Bruna, P. T. M., Yautsiukhin, A., Churchill, A., Maciejewska, I., Eguinoa, I., & Jomni, A. (2015). Comprehensive approach to increase cyber security and resilience: CAMINO roadmap and research agenda. In 2015 10th International Conference on Availability, Reliability and Security, Toulouse.
Cimek, D., Macera, A., & Tirenin, W. (2016, March 8). Cyber Deception, Journal of Cyber Security and Information Systems, 4(1), Focus on Air Force Research Laboratory’s Information Directorate. [Online]. Available: https://www.csiac.org/journal-article/cyber-deception/
Collier, Z. A., Linkov, I., & Lambert, J. H. (2013). Four domains of cybersecurity: A risk-based systems approach to cyber decisions. Environmental Systems & Decisions, 33(4), 469–470.
Committee on Increasing National Resilience to Hazards and Disasters; Committee on Science, Engineering, and Public Policy; The National Academies. (2012). Disaster resilience: A national imperative. [Online]. Available: http://nap.edu/13457
Council on Cyber Security. (2016, August 31). The critical security controls for effective cyber defense, Version 6.1. [Online]. Available: https://www.cisecurity.org/critical-controls/documents/CSC-MASTERVER61-FINAL.pdf
CPS PWG. (2016, May). Framework for cyber-physical systems, Release 1.0. [Online]. Available: https://s3.amazonaws.com/nistsgcps/cpspwg/files/pwgglobal/CPS_PWG_Framework_for_Cyber_Physical_Systems_Release_1_0Final.pdf
CRO Forum. (2014, December). Cyber resilience: The cyber risk challenge and the role of insurance. [Online]. Available: http://www.thecroforum.org/wp-content/uploads/2014/12/Cyber-Risk-Paper-version-24.pdf
Deputy Assistant Secretary of Defense for Systems Engineering and Department of Defense Chief Information Officer. (2014, March). Software assurance countermeasures in program protection planning. [Online]. Available: http://www.acq.osd.mil/se/docs/SwA-CM-in-PPP.pdf
DHS. (2015, November). National critical infrastructure security and resilience research and development plan. [Online]. Available: https://www.dhs.gov/sites/default/files/publications/National%20CISR%20R%26D%20Plan_Nov%202015.pdf
DHS. Assessments: Cyber resilience review (CRR). US-CERT, [Online]. Available: https://www.uscert.gov/ccubedvp/assessments
DiMase, D., Collier, Z. A., Heffner, K., & Linkov, I. (2015). Systems engineering framework for cyber physical security and resilience. Environmental Systems & Decisions, 35, 291–300.
DiMase, D., Collier, Z. A., Carlson, J., Gray, R. B., Jr., & Linkov, I. (2016). Traceability and risk analysis strategies for addressing counterfeit electronics in supply chains for complex systems. Risk Analysis, 36(10), 1834–1843.
DoD. (2012, April). Department of Defense Mission Assurance Strategy.
DoD CIO/USD(AT&L). (2012, November 5). Protection of mission critical functions to achieve trusted systems and networks (TSN), DoDI 5200.44. [Online]. Available: http://www.esd.whs.mil/Portals/54/Documents/DD/issuances/dodi/520044p.pdf
DoD Defense Science Board. (2013, January). Task force report: Resilient military systems and the advanced cyber threat. [Online]. Available: https://www.acq.osd.mil/dsb/reports/2010s/ResilientMilitarySystemsCyberThreat.pdf
DOE and DHS. (2014, February). Cybersecurity capability maturity model (C2M2) Version 1.1. [Online]. Available: http://energy.gov/sites/prod/files/2014/03/f13/C2M2-v1-1_cor.pdf
Garvey, P. R., & Pinto, C. A. (2012). Advanced risk analysis in engineering enterprise systems. New York: CRC Press.
Global Forum to Advance Cyber Resilience. (2016). Global forum to advance cyber resilience. [Online]. Available: http://gfacr.org/
Hahn, A., Thomas, R., Lozano, I., & Cardenas, A. (2015). A multi-layered and kill-chain based security analysis framework for cyber-physical systems. International Journal of Critical Infrastructure Protection, 11, 39–50.
Hernandez-Castro, J., & Rossman, J. (2013, October 15). Measuring software diversity, with applications to security. [Online]. Available: https://arxiv.org/pdf/1310.3307.pdf
Hole, K. J. (2016). Anti-fragile ICT systems. Cham: Springer.
Hollnagel, E. (2009). The four cornerstones of resilience engineering. In Resilience engineering perspectives. Aldershot: Ashgate.
Hollnagel, E. (2011). Prologue: The scope of resilience engineering. In E. Hollnagel, J. Pariès, D. D. Woods, & J. Wreathall (Eds.), Resilience engineering in practice: A guidebook (Resilience engineering perspectives Volume 3). Farnham: Ashgate.
Hollnagel, E., Woods, D. D., & Leveson, N. (2006). Resilience engineering: Concepts and precepts. Aldershot: Ashgate.
Hollnagel, E., Nemeth, C., & Dekker, S. (2008). Resilience engineering perspectives – Remaining sensitive to the possibility of failure. Aldershot: Ashgate.
IIC. (2016, September 19). Industrial internet of things volume G4: Security framework. [Online]. Available: http://www.iiconsortium.org/pdf/IIC_PUB_G4_V1.00_PB.pdf
INCOSE. (2015). Resilience engineering. In INCOSE systems engineering handbook: A guide for system life cycle processes and activities (4th ed., pp. 229–231). Hoboken: Wiley.
Jajodia, S., Liu, P., Swarup, V., & Wang, C. (2010). Cyber situational awareness: Issues and research. New York: Springer.
Jajodia, S., Ghosh, A. K., Swarup, V., Wang, C., & Wang, X. S. (2011). Moving target defense: Creating asymmetric uncertainty for cyber threats, Advances in information security (Vol. 54). New York: Springer.
Jajodia, S., Ghosh, A. K., Subrahmanian, V. S., Swarup, V., Wang, C., & Wang, X. S. (2012). Moving target defense II: Application of game theory and adversarial modeling, Advances in information security. New York: Springer.
Jajodia, S., Subrahmanian, V. S., Swarup, V., Wang, C., et al. (2016). Cyber deception: Building the scientific foundation. Switzerland: Springer.
Jeun, I., Lee, Y., & Won, D. (2012). A practical study on advanced persistent threats. In Computer applications for security, control and system engineering. Communications in computer and information science (Vol. 339, pp. 144–152). Berlin: Springer.
Khan, O., & Sepúlveda Estay, D. A. (2015). Supply chain cyber-resilience: Creating an agenda for future research. Technology Innovation Management Review, 5(4), 6–12.
Kick, J. (2014, November). Cyber exercise playbook, MP140714. [Online]. Available: https://www.mitre.org/sites/default/files/publications/pr_14-3929-cyber-exercise-playbook.pdf
Knight, J., Davidson, J., Nguyen-Tuong, A., Hiser, J., & Co, M. (2016). Diversity in cybersecurity. IEEE Computer, 49(4), 94–98.
Kott, A., Wang, C., & Erbacher, R. F. (2014). Cyber defense and situational awareness. New York: Springer.
KPMG. Cybersecurity Fortification Initiative (CFI): A new framework initiated by the HKMA to strengthen cybersecurity, 10-6-2016. [Online]. Available: https://assets.kpmg.com/content/dam/kpmg/pdf/2016/06/Cybersecurity-Fortification-Initiative.pdf
Kruse, J., Landsman, S., Smyton, P., Dziewulski, A., Hawley, H., & King, M. (2012). The POET approach: A collaborative means for enhancing C2 systems engineering. In Proceedings of the International Command and Control Research and Technology Symposium, Fairfax, VA.
Kurmus, A., Sorniotti, A., & Kapitza, R. (2011). Attack surface reduction for commodity OS Kernels: Trimmed garden plants may attract less bugs. In Proceedings of the Fourth European Workshop on System Security (EUROSEC ‘11), Salzburg.
Lachow, I. (2013, February). Active cyber defense: A framework for policymakers. [Online]. Available: https://s3.amazonaws.com/files.cnas.org/documents/CNAS_ActiveCyberDefense_Lachow_0.pdf?mtime=20160906080446
Linkov, I., Eisenberg, D. A., Plourde, K., Seager, T. P., Allen, J., & Kott, A. (2013a). Resilience metrics for cyber systems. Environment Systems & Decisions, 33(4), 471–476.
Linkov, I., Eisenberg, D. A., Bates, M. E., Chang, D., Convertino, M., Allen, J. H., Flynn, S. E., & Seager, T. P. (2013b). Measurable resilience for actionable policy. Environmental Science & Technology, 47, 10108–10110.
Lipson, H. (2006, September). Evolutionary systems design: Recognizing changes in security and survivability risks (CMU/SEI-2006-TN-027). [Online]. Available: http://www.sei.cmu.edu/reports/06tn027.pdf
Madni, A. M., & Jackson, S. (2009, June). Towards a conceptual framework for resilience engineering. IEEE Systems Journal, 3(2), 181–191.
Musman, S. (2016). Playing the cyber security game: A rational approach to cyber security and resilience decision making (MTR 150371, PR 15–3140). McLean: The MITRE Corporation.
Musman, S., & Temin, A. (2015). A cyber mission impact assessment tool (PR 14-3545). In 2015 I.E. International Symposium on Technologies for Homeland Security (HST), Waltham.
Nascimento, A. S., Rubira, C. M., Burrows, R., Castor, F., & Brito, P. H. (2014). Designing fault-tolerant SOA based on design diversity. Journal of Software Engineering Research and Development, 2(13), 1–36.
National Science and Technology Council. (2016, February). Federal cybersecurity research and development strategic plan. [Online]. Available: https://www.nitrd.gov/cybersecurity/publications/2016_Federal_Cybersecurity_Research_and_Development_Strategic_Plan.pdf
NAVAIR. (2014). Cyber failure mode, effects, and criticality analysis (FMECA) methodology, SWP4000-001. NAVAIR.
NIST. (2010, November 11). NIST SP 800-34 Rev. 1, Contingency planning guide for federal information systems. [Online]. Available: http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-34r1.pdf
NIST. (2011, March). NIST SP 800-39, Managing information security risk: Organization, mission, and information system view. [Online]. Available: http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-39.pdf
NIST. (2012, September). Guide for conducting risk assessments, NIST SP 800-30 Rev.1. [Online]. Available: http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-30r1.pdf
NIST. (2013, April). Security and privacy controls for federal information systems and organizations (NIST SP 800-53 R4). [Online]. Available: https://doi.org/10.6028/NIST.SP.800-53r4
NIST. (2014, February 12). Framework for improving critical infrastructure security, Version 1.0. [Online]. Available: http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.pdf
NIST. (2016a, November 15). NIST SP 800-160, Systems security engineering: Considerations for a multidisciplinary approach in the engineering of trustworthy secure systems, (includes updates as of 3 January 2018). [Online]. Available: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-160.pdf
NIST. (2016b, May 4). 2nd Public Draft, NIST SP 800-160, Systems security engineering: Considerations for a multidisciplinary approach in the engineering of trustworthy secure systems. [Online]. Available: http://csrc.nist.gov/publications/drafts/800-160/sp800_160_second-draft.pdf
NIST. (2017, December 5). Framework for improving critical infrastructure cybersecurity, Draft Version 1.1, Draft 2. [Online]. Available: https://www.nist.gov/sites/default/files/documents/2017/12/05/draft-2_framework-v1-1_without-markup.pdf
Okhravi, H., Streinlein, W. W., & Bauer, K. S. (2016). Moving target techniques: Leveraging uncertainty for cyber defense. Lincoln Laboratory Journal, 22(1). [Online]. Available: https://www.ll.mit.edu/publications/journal/pdf/vol22_no1/22_1_8_Okhravi.pdf
Pendergrass, J. A., Lee, S. C., & McDonell, C. D. (2013). Theory and practice of mechanized software analysis. Johns Hopkins APL Technical Digest, 32(2), 499–508.
Platania, M., Obenshain, D., Tantillo, T., & Amir, Y. (2016). On choosing server- or client-side solutions for BFT. ACM Computing Surveys, 48(4), 61.
Red, V. (2016, April). Expanding the cyber kill chain for embedded system architectures. [Online]. Available: https://val-red.com/red-val-expanding-the-cyber-kill-chain-for-embedded-systemarchitectures.pdf
Ricci, N., Rhodes, D. H., & Ross, A. M. (2014). Evolvability-related options in military systems of systems. In Conference on Systems Engineering Research (CSER 2014), Redondo Beach, CA.
Richards, M. G., Ross, A. M., Hastings, D. E., & Rhodes, D. H. (2008). Empirical validation of design principles for survivable system architecture. In Proceedings of the 2nd Annual IEEE Systems Conference, Montreal, Quebec, Canada.
Richards, M. G., Hastings, D. E., Rhodes, D. H., Ross, A. M., & Weigel, A. L. (2009). Design for survivability: Concept generation and evaluation in dynamic Tradespace exploration. In Second International Symposium on Engineering Systems, Cambridge, MA.
SEBoK. (2017, November 30). System resilience. Systems engineering body of knowledge. [Online]. Available: http://sebokwiki.org/wiki/System_Resilience
Sharma, P., Chaufournier, L., Shenoy, P. & Tay, Y. C. (2016). Containers and virtual machines at scale: A comparative study. In Middleware’16, Trento.
Shetty, S., Yuchi, X., & Song, M. (2016). Moving target defense for distributed systems. Cham: Springer.
Suarez-Tangil, G., Palomar, E., Ribagorda, A., & Sanz, I. (2015). Providing SIEM systems with self-adaptation. Information Fusion, 21(1), 145–158.
Symantec. (2016, August 10). ISTR special report: Ransomware and Businesses 2016. [Online]. Available: https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/ISTR2016_Ransomware_and_Businesses.pdf
Taleb, N. N. (2012). Antifragile: Things that gain from disorder. New York: Random House.
The MITRE Corporation. (2011). Systems engineering guide: Crown jewels analysis. [Online]. Available: https://www.mitre.org/publications/systems-engineering-guide/enterprise-engineering/systems-engineering-for-mission-assurance/crown-jewels-analysis
The MITRE Corporation. (2015). Adversarial tactics, techniques, and common knowledge (ATT&CK™). The MITRE Corporation. [Online]. Available: https://attack.mitre.org/wiki/Main_Page
The MITRE Corporation. (2016a). Strengthening regional resilience: A regional cyber resilience maturity model (PR Case No. 16-2878). McLean: The MITRE Corporation.
Thongthua, A., & Ngamsuriyaroj, S. (2016). Assessment of hypervisor vulnerabilities. In 2016 International Conference on Cloud Computing Research and Innovations (ICCCRI), Singapore.
Tyra, A. (2016, August 20). Crafting an effective cyber deception. Military Cyber Professionals Association. [Online]. Available: http://magazine.milcyber.org/stories/craftinganeffectivecyberdeception
Underwood, M. (2017). Big data complex event processing for internet of things provenance: Benefits for audit, forensics, and safety. In Cyber-Assurance for the internet of things (pp. 209–224). Hoboken: IEEE Press/Wiley.
Woody, C., & Alberts, C. (2014). Evaluating security risks using mission threads. CrossTalk, 15–19.
World Economic Forum, Future of Digital Economy and Society System Initiative. (2017, January). Advancing cyber resilience: Principles and tools for boards. [Online]. Available: http://www3.weforum.org/docs/IP/2017/Adv_Cyber_Resilience_Principles-Tools.pdf
Xu, J., Guo, P., & Zhao, M. (2014). Comparing different moving target defense techniques. In Proceedings of the First ACM Workshop on Moving Target Defense.
Zimmerman, C. (2014, October). Ten Strategies of a World-Class Cybersecurity Operations Center. [Online]. Available: https://www.mitre.org/sites/default/files/publications/pr-13-1028-mitre-10-strategies-cyber-ops-center.pdf
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer International Publishing AG, part of Springer Nature
About this chapter
Cite this chapter
Bodeau, D.J., Graubart, R.D. (2019). Systems Engineering Approaches. In: Kott, A., Linkov, I. (eds) Cyber Resilience of Systems and Networks. Risk, Systems and Decisions. Springer, Cham. https://doi.org/10.1007/978-3-319-77492-3_9
Download citation
DOI: https://doi.org/10.1007/978-3-319-77492-3_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-77491-6
Online ISBN: 978-3-319-77492-3
eBook Packages: EngineeringEngineering (R0)