If your administrator can do it, an adversary can do it.
Cyber Resilience Manifesto
the key to an effective Cyber resilience strategy
A cyber resilience strategy recognizes that despite organizations' best protection measures, adversaries may succeed in breaching boundary defenses and further compromise a defender’s system.
When this situation occurs, organizations must employ countermeasures to detect, outmaneuver, confuse, deceive, mislead, and impede the adversary—that is, “removing the adversary’s tactical advantage and protecting the organization’s high-value assets. [1]”
To maintain confidence in the trustworthiness of an environment of operation, organizations should implement a continuous cyber resilience assurance cycle, which “is intended to identify where, how, and when cyber resiliency techniques can be applied to improve architectural resiliency against advanced cyber threats” (MITRE [2]).
When this situation occurs, organizations must employ countermeasures to detect, outmaneuver, confuse, deceive, mislead, and impede the adversary—that is, “removing the adversary’s tactical advantage and protecting the organization’s high-value assets. [1]”
To maintain confidence in the trustworthiness of an environment of operation, organizations should implement a continuous cyber resilience assurance cycle, which “is intended to identify where, how, and when cyber resiliency techniques can be applied to improve architectural resiliency against advanced cyber threats” (MITRE [2]).
The ten abilities that exhibit mastery of well-executed cyber-resilient strategies are:
[1] Enhanced Security Requirements for Protecting Controlled Unclassified Information, NIST 800-172
[2] Cyber Resiliency Assessments: Enabling Architectural Improvement
- The organization can predict adversary attacks.
- The organization can prevent adversary attacks.
- The organization can prepare for adversary attacks.
- The organization can fight through cyberattacks.
- The organization can contain or defeat the adversary.
- The organization can determine damages caused by a cyber adversary.
- The organization can restore.
- The organization can determine reliability.
- The organization can transform existing processes and behavior.
- The organization can re-architect.
[1] Enhanced Security Requirements for Protecting Controlled Unclassified Information, NIST 800-172
[2] Cyber Resiliency Assessments: Enabling Architectural Improvement