Cyber Resilience: by Design or by Intervention?

TL;DR

This paper explores the differences and interplay between cyber resilience achieved through inherent system design and resilience obtained via active intervention mechanisms.

Contribution

It clarifies the concepts of resilience by design and by intervention, analyzing their roles, differences, and how they complement each other in cybersecurity.

Findings

Resilience by design relies on system structure and properties.

Resilience by intervention involves active detection and response.

Both forms of resilience are mutually dependent.

Abstract

The term "cyber resilience by design" is growing in popularity. Here, by cyber resilience we refer to the ability of the system to resist, minimize and mitigate a degradation caused by a successful cyber-attack on a system or network of computing and communicating devices. Some use the term "by design" when arguing that systems must be designed and implemented in a provable mission assurance fashion, with the system's intrinsic properties ensuring that a cyber-adversary is unable to cause a meaningful degradation. Others recommend that a system should include a built-in autonomous intelligent agent responsible for thinking and acting towards continuous observation, detection, minimization and remediation of a cyber degradation. In all cases, the qualifier "by design" indicates that the source of resilience is somehow inherent in the structure and operation of the system. But what, then, is the other resilience, not by design? Clearly, there has to be another type of resilience, otherwise what's the purpose of the qualifier "by design"? Indeed, while mentioned less frequently, there exists an alternative form of resilience called "resilience by intervention." In this article we explore differences and mutual reliance of resilience by design and resilience by intervention.