Cyber-Resilience, Principles, and Practices

Hilary Meagher, Lubna Luxmi Dhirani

Research output: Chapter in Book/Report/Conference proceedingChapterpeer-review

Abstract

The increasing cyber-attack and threat landscape has raised security and privacy concerns in industrial and critical infrastructure environments. Data is the most valuable asset for malicious actors, and having intentions to steal, exploit, gain access to any form of encrypted or unencrypted data is their ultimate goal. To protect the data-driven, autonomous, agile, and intelligent smart manufacturing environment, it is essential to have a systematic process for developing a cybersecurity strategy and having an incident response for mitigating potential attacks it may be susceptible to. For developing a robust cyber-strategy, it is significant to understand the sophisticated technologies used within the environment, assess the risks it may be exposed to, implement standards and controls to mitigate those risks, have threat intelligence and an incident response in place, and continuously monitor the ever-changing attack surface. The existing standards, governance, risk, and controls (GRC) may not completely mitigate compliance-based risks in situations of lack of alignment. As one standard may not fit all, each industry needs to have a distinct cybersecurity strategy based on the levels of security (i.e., baseline/moderate/maximum) required, implementation of security standards, and GRC mapped with the industry’s operational environment. Having resilience enables an industry to be proactive and mitigate operation disruption and cyber-risk/shock scenarios. With the help of a manufacturing use-case example, this chapter provides insights and understanding of various potential threat scenarios (i.e., espionage, loss of command and control, compromised data or device, etc.), high-risk concerns that need to be considered for building cyber-resiliency within an industry. Best practices, standards, risks, policies, and alignment with cyber-resilience act and law are also summarized.

Original languageEnglish
Title of host publicationInternet of Things
PublisherSpringer Science and Business Media Deutschland GmbH
Pages57-74
Number of pages18
DOIs
Publication statusPublished - 2024

Publication series

NameInternet of Things
VolumePart F1832
ISSN (Print)2199-1073
ISSN (Electronic)2199-1081

Keywords

  • Cyber-resilience
  • Cybersecurity strategy
  • Laws and regulations
  • IT
  • Operational Technology
  • standards
  • GDPR
  • Privacy
  • compliance
  • Auditing

Fingerprint

Dive into the research topics of 'Cyber-Resilience, Principles, and Practices'. Together they form a unique fingerprint.

Cite this