Resilience properties and metrics: how far have we gone?

Clédel, Thomas; Cuppens, Nora; Cuppens, Frédéric; Dagnas, Romain

doi:10.20517/jsss.2020.08

Cited by 6 publications

(3 citation statements)

References 50 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…[31]. Other works such as [8] provide a more exhaustive classification of resilience definitions found in the literature, depending on systems properties, service delivery, and events handling. According to [9], it is possible to highlight the main principles of resilience as: (i) Anticipate, i.e., maintain a state of informed preparedness to forestall compromises of mission functions from adversarial activities; (ii) Withstand, i.e., continue essential mission/business functions despite successful execution of an attack by an adversary; (iii) Recover, i.e., restore mission/business functions to the maximum extent possible after the successful execution of an attack by an adversary; and (iv) Adapt, i.e., change the mission functions or the supporting cyber capabilities to minimize adverse impacts from actual or predicted attacks.…”

Section: Cyber-resilience a Consensus For A Definitionmentioning

confidence: 99%

Exploring the Quantitative Resilience Analysis of Cyber-Physical Systems

Dagnas,

Barbeau,

Boutin

et al. 2023

2023 IFIP Networking Conference (IFIP Networking)

Self Cite

View full text Add to dashboard Cite

With technological advances, Cyber-Physical Systems (CPSs), specifically critical infrastructures, have become strongly connected. Their exposure to cyber adversaries is higher than ever. The number of cyber-attacks perpetrated against critical infrastructure is growing in number and sophistication. The protection of such complex systems is of paramount importance. Resilience applied to critical infrastructures aims at protecting these vital systems from cyber-attacks and making them continue to deliver a certain level of performance, even when attacks occur. In this work, we explore new advances related to cyber-resilience applied to CPSs. We also explore using a metric to quantify the resilience of critical infrastructures. As a use case, we consider a water treatment system.

show abstract

Section: Cyber-resilience a Consensus For A Definitionmentioning

confidence: 99%

Exploring the Quantitative Resilience Analysis of Cyber-Physical Systems

Dagnas,

Barbeau,

Boutin

et al. 2023

2023 IFIP Networking Conference (IFIP Networking)

Self Cite

View full text Add to dashboard Cite

show abstract

“…Some of these are defined in familiar information and cyber security frameworks, standards and guidelines, such as COBIT and ISO 27001 (Baskerville et al , 2014). However, most of these are prevention-oriented based on historical risk analysis data (Clédel et al , 2020; Gasser et al , 2019). This approach is proving to be less ideal in the face of today’s more dynamic threat scenario (Baskerville et al , 2014).…”

Section: Critical Infrastructure Cybersecuritymentioning

confidence: 99%

Cybersecurity capabilities for critical infrastructure resilience

Malatji

Solms

2021

ICS

View full text Add to dashboard Cite

Purpose For many innovative organisations, Industry 4.0 paves the way for significant operational efficiencies, quality of goods and services and cost reductions. One of the ways to realise these benefits is to embark on digital transformation initiatives that may be summed up as the intelligent interconnectivity of people, processes, data and cyber-connected things. Sadly, this interconnectivity between the enterprise information technology (IT) and industrial control systems (ICS) environment introduces new attack surfaces for critical infrastructure (CI) operators. As a result of the ICS cybersecurity risk introduced by the interconnectivity between the enterprise IT and ICS networks, the purpose of this study is to identify the cybersecurity capabilities that CI operators must have to attain good cybersecurity resilience. Design/methodology/approach A scoping literature review of best practice international CI protection frameworks, standards and guidelines were conducted. Similar cybersecurity practices from these frameworks, standards and guidelines were grouped together under a corresponding National Institute of Standards and Technology (NIST) cybersecurity framework (CF) practice. Practices that could not be categorised under any of the existing NIST CF practices were considered new insights, and therefore, additions. Findings A CI cybersecurity capability framework comprising 29 capability domains (cybersecurity focus areas) was developed as an adaptation of the NIST CF with an added dimension. This added dimension emphasises cloud computing and internet of things (IoT) security. Each of the 29 cybersecurity capability domains is executed through various capabilities (cybersecurity processes and procedures). The study found that each cybersecurity capability can further be operationalised by a set of cybersecurity controls derived from various frameworks, standards and guidelines, such as COBIT®, CIS®, ISA/IEC 62443, ISO/IEC 27002 and NIST Special Publication 800-53. Practical implications CI sectors are immediately able to adopt the CI cybersecurity capability framework to evaluate their levels of resilience against cyber-attacks, given new attack surfaces introduced by the interconnectivity of cyber-connected things between the enterprise and ICS levels. Originality/value The authors present an added dimension to the NIST framework for CI cyber protection. In addition to emphasising cryptography, IoT and cloud computing security aspects, this added dimension highlights the need for an integrated approach to CI cybersecurity resilience instead of a piecemeal approach.

show abstract

“…Although the resilience and survivability paradigms have been extensively explored, there are still questions left unanswered and discoveries left for future studies [16]. There has been a slight agreement among scholars on what resilience and survivability mean in terms of universal practice.…”

Section: Introductionmentioning

confidence: 99%

Expanding Fundamental Boundaries between Resilience and Survivability in Systems Engineering: A Literature Review

Martínez

Chipperfield

2023

Sustainability

View full text Add to dashboard Cite

The pressures of an everchanging world have impacted the ways in which service-based systems operate, along with their forms and boundaries. Resilience and survivability have been treated interchangeably when readying a system to remain true to its functions despite disturbances. Some situations prove the concepts may not always be the equivalent of the other, not even the consequence of the other. There may come scenarios where system components fail to adhere to certain predefined thresholds and cross a breaking point. It is therefore proposed in this study that systems can be survivable, instead of resilient, when they comply in time with the resurgence property. This property signifies the systematic behavior of overcoming a certain stagnation period and, after a time range, return as a transformed system with new functions and challenges. Through this study, it was detected that the symmetries between resilience and survivability are only superficial if systems suffer breakages after misconceiving the true causes of failure. Still, a lack of consensus among scientists and practitioners remains an issue when applying resilience and survivability in their own problems. Although workful, pushing to achieve a greater consensus would signify optimal performance in multifaceted systems involving technical, social, and economic challenges.

show abstract

Resilience properties and metrics: how far have we gone?

Cited by 6 publications

References 50 publications

Exploring the Quantitative Resilience Analysis of Cyber-Physical Systems

Exploring the Quantitative Resilience Analysis of Cyber-Physical Systems

Cybersecurity capabilities for critical infrastructure resilience

Expanding Fundamental Boundaries between Resilience and Survivability in Systems Engineering: A Literature Review

Contact Info

Product

Resources

About