ABSTRACT
Cyber attacks are considered the most dangerous threat to the world today. Cyber resilience involves multiple factors including industry, government, research institutions, and society. A new area of expertise, known as cyber resilience, has surfaced to tackle cyber issues that are beyond the scope of traditional cybersecurity. To control physical processes, attacks on these systems can have real-world consequences that can be detrimental. Therefore, cyber resilience is a fundamental attribute to ensure controlled human, environmental, and physical process security. By utilizing a thorough investigation and a cyber resilience matrix, this research examines the existing literature to seize the fundamental concepts of cyber resilience. The assessment focuses on measuring the capacity to recuperate from cyber threats and emphasizes the significance of offerings like reacting to unforeseen events, collecting information, and safeguarding strategies. As cyber resilience is closely associated with the internet, it plays a crucial role in shaping the future and revolutionizing our lives through technology. Cyber resilience will always be present alongside the increasing use and development of technology. However, at the level of either good or bad, it depends on several factors, cyber resilience begins with the awareness that it will become a culture, then cyber resilience is born. With that, cybersecurity and cyber resilience need to be continually updated. This study found a lack of research on cyber resilience as well as discussions that approached this science, and received less attention compared to other disciplines.
- S. Ahmed-Zaid, S. M. Loo, A. Valdepena-Delgado, and T. Beam, “Cyber-Physical Security Assessment and Resilience of a Microgrid Testbed,” in 2021 Resilience Week, RWS 2021 - Proceedings, 2021. doi: 10.1109/RWS52686.2021.9611806.Google ScholarCross Ref
- H. Tran, E. Campos-Nanez, P. Fomin, and J. Wasek, “Cyber resilience recovery model to combat zero-day malware attacks,” Comput Secur, vol. 61, pp. 19–31, Aug. 2016, doi: 10.1016/j.cose.2016.05.001.Google ScholarDigital Library
- M. Bidgoli and J. Grossklags, “End user cybercrime reporting: What we know and what we can do to improve it,” in 2016 IEEE International Conference on Cybercrime and Computer Forensic, ICCCF 2016, Nov. 2016. doi: 10.1109/ICCCF.2016.7740424.Google ScholarCross Ref
- N. Jacobs, S. Hossain-Mckenzie, and E. Vugrin, “Measurement and Analysis of Cyber Resilience for Control Systems: An Illustrative Example,” in Proceedings - Resilience Week 2018, RWS 2018, Sep. 2018, pp. 38–46. doi: 10.1109/RWEEK.2018.8473549.Google ScholarCross Ref
- M. Lubis, M. Kartiwi, and S. Zulhuda, “Election fraud and privacy related issues: Addressing electoral integrity,” in 2016 International Conference on Informatics and Computing, ICIC 2016, Apr. 2017, pp. 227–232. doi: 10.1109/IAC.2016.7905720.Google ScholarCross Ref
- F. Björck, M. Henkel, J. Stirna, and J. Zdravkovic, “Cyber resilience – Fundamentals for a definition,” in Advances in Intelligent Systems and Computing, 2015, vol. 353, pp. 311–316. doi: 10.1007/978-3-319-16486-1_31.Google ScholarCross Ref
- A. R. Lubis, F. Fachrizal, M. Lubis, and H. M. Tahir, “Wireless service at Public University: A survey of users perception on security aspects,” in 2018 International Conference on Information and Communications Technology, ICOIACT 2018, Apr. 2018, vol. 2018- January, pp. 78–83. doi: 10.1109/ICOIACT.2018.8350786.Google ScholarCross Ref
- X. Liang, C. Konstantinou, S. Shetty, E. Bandara, and R. Sun, “Decentralizing Cyber Physical Systems for Resilience: An Innovative Case Study from A Cybersecurity Perspective,” Comput Secur, vol. 124, Jan. 2023, doi: 10.1016/j.cose.2022.102953.Google ScholarDigital Library
- J. Salick and N. Ross, “Traditional peoples and climate change,” Global Environmental Change, vol. 19, no. 2. pp. 137–139, May 2009. doi: 10.1016/j.gloenvcha.2009.01.004.Google ScholarCross Ref
- M. Kaufmann, “Resilience governance and ecosystemic space: a critical perspective on the EU approach to Internet security,” Environ Plan D, vol. 33, no. 3, pp. 512–527, Jun. 2015, doi: 10.1177/0263775815594309.Google ScholarCross Ref
- C. Onwubiko, “Focusing on the Recovery Aspects of Cyber Resilience; Focusing on the Recovery Aspects of Cyber Resilience,” 2020.Google ScholarCross Ref
- A. Kott and I. Linkov, Cyber Resilience of Systems and Networks, 1st ed. Springer International Publishing, 2019. [Online]. Available: http://www.springer.com/series/13439Google ScholarCross Ref
- I. Linkov and J. M. P. Oliveira, Resilience and Hybrid Threats: Security and Integrity for the Digital Word. Springer, 2020. [Online]. Available: http://www.nato.int/scienceGoogle Scholar
- M. D. Wood, E. M. Wells, G. Rice, and I. Linkov, “Quantifying and mapping resilience within large organizations,” Omega (United Kingdom), vol. 87. Elsevier Ltd, pp. 117–126, Sep. 01, 2019. doi: 10.1016/j.omega.2018.08.012.Google ScholarCross Ref
- T. P. Bostick, E. B. Connelly, J. H. Lambert, and I. Linkov, “Resilience science, policy and investment for civil infrastructure,” Reliab Eng Syst Saf, vol. 175, pp. 19–23, Jul. 2018, doi: 10.1016/j.ress.2018.02.025.Google ScholarCross Ref
- I. Linkov, D. A. Eisenberg, K. Plourde, T. P. Seager, J. Allen, and A. Kott, “Resilience metrics for cyber systems,” Environ Syst Decis, vol. 33, no. 4, pp. 471–476, Dec. 2013, doi: 10.1007/s10669-013-9485-y.Google ScholarCross Ref
- M. Segovia, J. Rubio-Hernan, A. R. Cavalli, and J. Garcia-Alfaro, “Cyber-Resilience Evaluation of Cyber-Physical Systems,” in 2020 IEEE 19th International Symposium on Network Computing and Applications, NCA 2020, Nov. 2020. doi: 10.1109/NCA51143.2020.9306741.Google ScholarCross Ref
- Y. Y. Haimes, “On the definition of resilience in systems,” Risk Analysis, vol. 29, no. 4. pp. 498–501, Apr. 2009. doi: 10.1111/j.1539-6924.2009.01216. x.Google ScholarCross Ref
- I. Kolosok and L. Gurina, “Cyber resilience models of systems for monitoring and operational dispatch control of electric power systems,” in IFAC-PapersOnLine, 2022, vol. 55, no. 9, pp. 485–490. doi: 10.1016/j.ifacol.2022.07.084.Google ScholarCross Ref
- T. D. Dabade, “Information Technology Infrastructure Library (ITIL),” 2010.Google Scholar
- European Commission, “REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL,” 2022.Google Scholar
- S. Rahman, N. U. I. Hossain, K. Govindan, F. Nur, and M. Bappy, “Assessing cyber resilience of additive manufacturing supply chain leveraging data fusion technique: A model to generate cyber resilience index of a supply chain,” CIRP J Manuf Sci Technol, vol. 35, pp. 911–928, Nov. 2021, doi: 10.1016/j.cirpj.2021.09.008.Google ScholarCross Ref
- H. Lee, S. Kim, and H. K. Kim, “SoK: Demystifying Cyber Resilience Quantification in Cyber-Physical Systems,” in Proceedings of the 2022 IEEE International Conference on Cyber Security and Resilience, CSR 2022, 2022, pp. 178–183. doi: 10.1109/CSR54599.2022.9850312.Google ScholarCross Ref
- S. Hopkins, E. Kalaimannan, and C. S. John, “Foundations for Research in Cyber Physical System Cyber Resilience using State Estimation,” 2020.Google ScholarCross Ref
Index Terms
- Cyber Resilience: Research Opportunities
Recommendations
A Survey on Cyber Resilience: Key Strategies, Research Challenges, and Future Directions
Cyber resilience has become a major concern for both academia and industry due to the increasing number of data breaches caused by the expanding attack surface of existing IT infrastructure. Cyber resilience refers to an organisation’s ability to prepare ...
Cyber Resilience-by-Construction: Modeling, Measuring & Verifying
SafeConfig '15: Proceedings of the 2015 Workshop on Automated Decision Making for Active Cyber DefenseThe need of cyber security is increasing as cyber attacks are escalating day by day. Cyber attacks are now so many and sophisticated that many will unavoidably get through. Therefore, there is an immense need to employ resilient architectures to defend ...
Classifying resilience approaches for protecting smart grids against cyber threats
AbstractSmart grids (SG) draw the attention of cyber attackers due to their vulnerabilities, which are caused by the usage of heterogeneous communication technologies and their distributed nature. While preventing or detecting cyber attacks is a well-...
Comments