Real-time view of risk and resilience data is key to cyber defense
Cyber is often referred to as the fifth warfighting domain—along with land, sea, air, and space—and defense leaders recognize that their mission readiness is significantly impacted by cyber threats that are growing in scale, speed, and sophistication.
A key foundation of today’s military readiness is cyber risk management, and numerous initiatives are under way within the Department of Defense (DoD) with a collective focus on reducing the network intrusion attack surface.
Data from these initiatives are collected in various DoD repositories that automatically analyze software inventory and asset compliance data. The data collected, however, is typically isolated from the mission’s context, obscuring its real impact on operations.
“Traditional approaches to cybersecurity focus on security controls, perimeter protections, and assessing and managing risk,” says Booz Allen’s Rafiq Jamaldinian, a cyber readiness expert. “While such approaches are necessary, they are not well understood within the context of the mission.”
The result is that while leaders are asking for metrics to inform them of how cyber risk management initiatives are impacting the ability to carry out missions, gaining command-level visibility remains a challenge.
“The beauty of resilient design is that though there may be many paths to vulnerability, there are also multiple ways for a network to quickly heal itself to achieve functionality.”
Risk-based situational awareness requires aggregating data from cyber, mission assurance, and readiness systems across a multi-stakeholder ecosystem for a given mission. By applying new technologies, such as data analytics, and new system architectures that consolidate capabilities, synchronize data models, and facilitate data sharing, DoD leaders can have comprehensive, near real-time, risk-based situational awareness.
But cyber risk management alone is not enough to achieve cyber readiness. Leaders also need to embrace a complementary philosophy of resilience—the capacity of systems to withstand disruption and continue operating without impact on output or function.
“Resilience begins with an acceptance that no matter how good your cyber risk management is, some disruptions will succeed and some functioning will be lost,” says Jonathan Chiu, a Booz Allen cyber policy strategist. “The beauty of resilient design is that though there may be many paths to vulnerability, there are also multiple ways for a network to quickly heal itself to achieve functionality.”
By managing cyber risk and building cyber resilience, leaders can better understand and actively manage their cyber readiness. In bringing relevant data and visibility to decision makers at all levels they can become more aware of how cyber risk and resilient design impact their mission readiness through dashboard views of the organization’s ability to operate and achieve mission goals.
Download Booz Allen’s Improving Cyber Readiness by Managing Risk and Building Resilience insight to learn more about risk and resilience and the three key components necessary to measuring the impact of cyber on readiness.
