Panel: Future of Resilience

Moderator: Tom Longstaff, NSA

Panelists:

• Marco Carvalho, FIT

• Gabriela Ciocarlie, SRI International

• Harriet Goldman, MITRE Corporation

• Dung Lam, ARL-UT

Abstract:

Resiliency is a new approach to enhance computer network defense (CND) to defend against cyber adversaries and other disruptions through the use of incremental responses to anticipate issues before they affect operations. Resiliency aims to advanced response options beyond the detect-block-restore loop that has become synonymous with intrusion response.

While traditional CND approaches have focused on proactive defenses (e.g., patching, configuration hardening) and detecting signatures of "known bad" indicators (e.g., malware, IDS), resiliency offers a balanced approach between proactive and reactive defense. Instead of relying on hit-or-miss signature detection and waiting for absolute confidence of an intrusion alone, resiliency includes a wide variety of incremental response options to fight through disruptions as they occur. Resiliency enables responses throughout the lifecycle of a disruption, such responses aim to continue operations by minimizing impact and constraining disruptions, while providing additional time to diagnose and mitigate the problem.

Striking the appropriate balance between proactive resilient design and reactive resilient techniques is a key area of focus for this panel on the future of resilience. Historically, we have relied on a strong proactive defensive program for resilience that included planned responses such as automated recovery for attacks. These proactive defenses can be extensively tested and rigorously assured to perform as expected in known situations. A riskier and more controversial approach is to rely on adaptive systems that change their defensive functionality in anticipation of adversarial evolution. Techniques such as moving target defense and self-adaptive systems rely on these flexible systems. Even systems that are prepared to incorporate patches in near real time are examples of dynamic resilience. While proactive techniques can be heavily tested ahead of deployment, many of these dynamic techniques must rely on the monitoring of the system once the modifications are deployed.

This panel will take extreme positions of static versus dynamic resilience to provide a point/counterpoint to the future of resilience. . Speakers will discuss the outcomes of the June 2013 Cyber Resiliency Workshop hosted by MITRE (McLean, VA). Discussion will focus on motivating examples and insights into the resilient response space. Each speaker will present their views on the future of resiliency and exciting response possibilities. Presentations will highlight resiliency within the context of various environments, including kinetic warfare, mobile workforce, network-enabled transportation, and nation-state scale CND.