• Jim Seaman

Cyber Resilience = Maintenance & Response

Any organisation who employs technology in support of the processing of sensitive data (company or personal), or who rely heavily of technology to support business operations, need to ensure that these technologies remain resilient.

NIST provide a number of definitions of resilience:

"The ability to prepare for and adapt to changing conditions and withstand and recover rapidly from disruptions. Resilience includes the ability to withstand and recover from deliberate attacks, accidents, or naturally occurring threats or incidents". _______________________________________________
"The ability of an information system to continue to:
(i) operate under adverse conditions or stress, even if in a degraded or debilitated state, while maintaining essential operational capabilities; and
(ii) recover to an effective operational posture in a time frame consistent with mission needs". _______________________________________________
" The ability to continue to:
(i) operate under adverse conditions or stress, even if in a degraded or debilitated state, while maintaining essential operational capabilities; and
(ii) recover to an effective operational posture in a time frame consistent with mission needs". _______________________________________________

But it is easier to simplify these definitions by thinking of it like maintaining a motor vehicle, to ensure that it remains serviceable to support safely & efficiently transport you from A to B.

There are many components within a motor vehicle, with some being more critical than others (Braking, Lubricants, Lights, etc.). You can make the choice not to maintain the vehicle, or not to use a dealer specialist engineer to carry out the maintenance works. However, the likelihood of the vehicle breaking significantly increases and, as such, so does the potential impact of suffering a breakdown.

Cyber Resilience - Top 5

In today's modern digitalised era, a poorly maintained cyber environment increases the chances of suffering an incident, leading to a potential financial consequence to the business, e.g. System outage, Hack, Data breach (regulatory fines), etc. Below, I have identified 5 areas of Cyber Resilience that could significantly help to decrease the risks associated with the use of business IT systems.

1. Asset Management:

"Asset management establishes an organization’s inventory of high-value assets and defines how these assets are managed during their life-cycle to ensure sustained productivity in support of the organisation’s critical services".

Within the Motor Industry, the high-value assets have been identified and the various governments provide the rules on what the acceptable life-cycles for these assets are (Minimum Tyre Treads, Brake Pad depths, etc.).

2. Controls Management:

"Controls Management focuses on the processes by which an organisation plans, defines, analyses, and assesses the controls that are implemented internally".

Having a defined maintenance plan, to detail how, when & why maintenance works should be carried out, e.g. Oil change, Timing belt changes, Road Safety checks, etc.

3. Config & Change Management:

"Configuration and change management (CCM) is the process of maintaining the integrity of hardware, software, firmware, and documentation related to the configuration and change management process. CCM is a continuous process of controlling and approving changes to information or technology assets or related infrastructure that support the critical services of an organisation".

The purpose of configuration and change management is to “establish processes to ensure the integrity of assets, using change control and change control audits”.

Wouldn't you expect your mechanic to reference industry manuals so that they have a defined procedure for carrying out specific maintenance and to ensure that the systems are configured to specific manufacturer's guidelines? e.g. Torque settings, Oil grades, etc.

4. Vulnerability Management:

"Vulnerability Management domain focuses on the process by which organisations identify, analyse, and manage vulnerabilities in a critical service’s operating environment".

vulnerability: “[P]hysical feature or operational attribute that renders an entity, asset, system, network, or geographic area open to exploitation or susceptible to a given hazard.” DHS Risk Lexicon, 2010 Edition

Much like IT assets, vehicles suffer from wear and tear, along with the potential for the Manufacturers identifying flaws in the build which may require remediation, e.g. Factory recalls.

5. Incident Management:

" Disruptions to an organisation’s operations may occur regularly and can scale from so small that the impact is essentially negligible to so large that they could prevent an organisation from achieving its mission".

The required responses to these disruptive events must scale similarly. Some events may not require a formal response by the organisation and can be effectively ignored or handled at the individual level following standard operating procedures, e.g. A workstation may lock up, preventing the processing of new orders. Addressing this interruption may only require the individual workstation owner to perform a simple reboot. Once the workstation reboots, orders can be processed again. The event required a response, but that response was carried out by a single individual. Other disruptive events require the entire organisation to mobilise resources.

If you ignore the engine warning light on your car the result may be catastrophic, however, early investigation and remediation could avert the potential disaster. The same applies to Incident Management of your business IT systems. Therefore, have a well-trained and effective incident response team that are available to respond to and evaluate potential issues or events (assuming that you have effective system warning lights!) is a sensible investment, in support of resilience.

Likening Cyber Resilience to operating and maintaining a car, helps business to understand the importance of well managed IT for both efficient IT systems and protection from incidents. For example, if you are looking to take out car insurance, one of the questions you get asked is whether the vehicle has been modified as the insurers understand that any modifications can increase the potential risks to the vehicle. The same can be said for 'Shadow IT', so knowing what IT is on your network is your priority one. Without this understanding, you can't detail the industry best practices that should be applied or how to securely configure and manage these systems?

Consequently, much like vehicle owners, responsible owners will understand the value of a well-maintained car.

7 views0 comments