Approaches to Enhancing Cyber Resilience: Report of the North Atlantic Treaty Organization (NATO) Workshop IST-153

Report No. ARL-SR-0396
Authors: Alexander Kott; Benjamin Blakely; Diane Henshel; Gregory Wehner; James Rowell; Nathaniel Evans; Luis Mu?oz-Gonz?lez; Nandi Leslie; Donald W French; Donald Woodard;
Date/Pages: April 2018; 44 pages
Abstract: This report summarizes the discussions and findings of the 2017 North Atlantic Treaty Organization (NATO) Workshop, IST-153, on Cyber Resilience, held in Munich, Germany, on 23–25 October 2017, at the University of Bundeswehr. Despite continual progress in managing risks in the cyber domain, anticipation and prevention of all possible attacks and malfunctions are not feasible for the current or future systems comprising the cyber infrastructure. Therefore, interest in cyber resilience (as opposed to merely risk-based approaches) is increasing rapidly, in literature and in practice. Unlike concepts of risk or robustness—which are often and incorrectly conflated with resilience—resiliency refers to the system's ability to recover or regenerate its performance to a sufficient level after an unexpected impact produces a degradation of its performance. The exact relation among resilience, risk, and robustness has not been well articulated technically. The presentations and discussions at the workshop yielded this report. It focuses on the following topics that the participants of the workshop saw as particularly important: 1) fundamental properties of cyber resilience, 2) approaches to measuring and modeling cyber resilience, 3) mission modeling for cyber resilience, 4) systems engineering for cyber resilience, and 5) dynamic defense as a path toward cyber resilience.
Distribution: Approved for public release
  Download Report ( 0.914 MBytes )
If you are visually impaired or need a physical copy of this report, please visit and contact DTIC.

Last Update / Reviewed: April 1, 2018