Cybersecurity Resilience

Cybersecurity, cyber resilience, operational resilience. Once we think we have grasped the inputs, outputs, expectations, and requirements of one word, industry shifts and new terminology arises. The conversation is one of nuance, encumbered by terminology and boundary differences. These terms are fairly new and easily misused and misunderstood.  For all intents and purposes within the IT space, Cyber Resilience is our term of choice. Cyber Resilience refers to an entity’s ability to withstand and recover from a cyber event. It is measurable in regards to the operational evaluation of an entity or system.

The key question Cyber Resilience addresses is:

How protected and resilient are the internal system attributes (applications, data, controls, etc.) assuming the threat has already penetrated the external cybersecurity protections?

APPROACH

After a system has provided the documentation to receive an Authority to Operate (ATO) or at a minimum an Authority to Test (ATT), the Program Office may proceed with the development of the cyber artifacts to begin developing the foundation of the Cyber Table Top (CTT). This includes both the system IT architecture, and the Threat Assessment (TA), which enumerates all actors who act in opposition to the system’s mission. The CTT is an opportunity for related system SME’s to convene and identify the threat vectors (approaches) and attack surfaces (system vulnerabilities) which could be compromised by an ingenious adversary. Once characterized, the Program Office may elect to remedy that vulnerability, or assume the risk. Either way, a plan to withstand the impact of that attack is developed.

CTTs are the great balance between the ability to gain viable information and being budget friendly.  GreenDart utilized the CTTs as a part of the holistic cyber evaluation.  After a CTT is complete, the programs understand the high risk, high impact threats as they pertained to that specific system. This information becomes the foundation for a Cooperative Vulnerability Penetration Assessment (CVPA), where friendly (white hat) hackers locate and describe vulnerabilities left open through

administrative or systematic errors.  Following a CVPA, the program is again presented with vulnerabilities and given an opportunity to correct those vulnerabilities prior to an Adversarial Assessment (AA), which is a scenario driven attack by an oppositional red team replicating the most likely or most dangerous threats. 

In the DHS Custom’s and Border Protection (CBP) Operational Test & Evaluation environment, GreenDart is at the forefront of leading the conversation as pioneers for the overall cyber evaluation strategy of programs.  As the need evolved, GreenDart staff remained at the front edge of the conversation. 

Certified by a Department of Defense (DoD) facilitated training class, GreenDart were the first and the most numerous certified Cyber Table Top Facilitators within LSOTA. CTTs are just one method of analyzing Cyber resilience of systems. Few programs have traversed the entire strategy to date however
GreenDart has facilitated more programs to the final phases of the evaluation than any other organization.

BENEFITS

It takes a concerted effort between multiple organizations to achieve a true cyber evaluation of an entity. This has to be facilitated by one team with the overarching vision of a successful cyber resilience strategy. Cyber Resilience is an ever-progressing threat space, so along with the overarching vision, the organization needs to be receptive to changes in industry best practices. In GreenDart’s case, the government programs have multiple stakeholders and expectations, which must be heard, evaluated and integrated into strategy. Requirements have to be managed at multiple levels. In an environment where system connectivity is managed by other government offices, it is of fundamental importance to define the system boundary, and capture all potential attack surfaces as early in the program lifecycle as possible. The ever-changing IT threat space makes cyber resiliency an evolving area where vigilance is a critical commodity.

Authors: Stramese and Williams