Interior Page Icon

Challenges in Applying Resiliency Techniques

Challenges in Applying Adaptive Response

Adaptive Response is focused on changing resource configurations and allocations while operations continue seamlessly. In order to make these changes without causing undesired or unanticipated consequences, a potential cyber course of action must be thoroughly tested to ensure consistency with intended results (or at least expected results) before being adopted for use as a potential response. Some of the specific challenges to applying adaptive response are:

Challenges in Applying Analytic Monitoring

The use of analytic monitoring requires cooperation across the constituent systems and organizations in order to identify access to and interactions and dependencies among constituent systems that could indicate access changes, destabilization or disruption before it affects mission performance.

Deiberate efforts are needed to establish monitoring and analysis at the system-of-systems level, to share and fuse information, and to define roles and responsibilities for malware and forensic analysis. Some of the specific challenges to applying analytic monitoring are:

Challenges in Applying Coordinated Defense

Coordinated Defense requires the coordination of security management, network management, and system management activities in ways that are often not part of the staff job descriptions. These additional responsibilities can create difficulties in obtaining and retaining staff with the needed expertise. Coordinated Defense also requires information sharing which can reveal weaknesses or gaps in an organization's or business unit's governance. Operationally, capturing and presenting information to staff at the level appropriate to their responsibilities, so that they can coordinate and look for inconsistencies, is also a challenges. In addition, each Coordinated Defense approach presents its own challenges:

Challenges in Applying Deception

For Deception to be effective it is imperative that the adversary believe that the deceptive information or environment is real. Deception can make the adversary uncertain how to proceed, delay the effect of the adversary's attack and increase the likelihood that the adversary will expose tradecraft and TTPs but only if the adversary is fooled by the deception. This requires effective techniques in hiding the real data and providing realistic fake or misleading data and environments. Each of the Deception techniques has its own challenge:

Challenges in Applying Diversity

The use of diversity runs counter to the organizational policies requiring adherence to an enterprise architecture including restrictions to a specific set of software products. Operationally, maintaining an accurate representation and consistent management of enterprise systems becomes more challenging as diversity increases. Maintaining IT and help desk support also become more challenging. In addition, for niche products or appliances with narrow functionality, there may be no equivalencies with which to implement diversity. While standards and specifications help, validating that the diverse implementations adhere to these standards and specifications is vital to ensure interoperability to ensure consistency across security and resiliency mechanisms. Some of the specific challenges to applying diversity are:

Challenges in Applying Dynamic Positioning

Dynamic Positioning – distributing and dynamically relocating functionality or assets – requires advanced planning to be effective and not create chaos for defenders. The advanced planning should include how to meet service level agreements when dynamic repositioning is used. This planning should also take into account the need to maintain consistency and integrity for distributed processing and distributed data. In addition there are specific challenges to applying each approach of Dynamic Positioning:

Challenges in Applying Dynamic Representation

Dynamic Representation – constructing and maintaining current representations of mission and business posture in light of cyber events and cyber courses of actions – requires trust, or at least a knowledge of the level of trustworthiness, of the data used in constructing the representations. This can be a challenge particularly in relation to non-owned infrastructures (e.g., public cloud computing environments). There are several other specific challenges as well:

Challenges in Applying Non-Persistence

Non-Persistence – generating and retaining resources as needed or for a limited amount of time – relies on the idea that the particular resource is not needed beyond a certain time. The very nature of non-persistence can be a challenge for certain required processes, particularly those related to cyber defense. For example, non-persistent services could run counter to the need to perform digital forensics to identify the nature of adversary malware, while non-persistent data could run counter to the need to preserve evidence that might be needed for e-discovery, litigation holds or for prosecution. In addition, there are challenges specific to the environment:

Challenges in Applying Privilege Restriction

Privilege restriction requires identifying and resolving the differences between mission and system owners that can result in differences in risk tolerances and trust criteria can differ across component systems. These include inconsistencies or gaps in definitions of roles, responsibilities, and related privileges as well operational impetus to share roles. The use of multiple identifiers across applications, platforms and enterprises can complicate privilege management. In many circumstances, federated identity and privilege management systems can be used to provide needed functionality; however, these may not be useful in highly mobile environments environments (or other environments in which bandwidth or connectivity to such systems is limited). In addition, each privilege restriction approach presents its own challenges:

Challenges in Applying Realignment

Realignment - aligning cyber resources with core aspects of mission/business functions, and thereby minimizing the attack surface - relies on knowing the organization's mission or business functions, knowing (and accepting) their relative priorities, and understanding what aspects are central as opposed to supporting or nice-to-have. Such knowledge – and acceptance of relative priorities – can be politically sensitive within an organization. In addition, each realignment approach presents its own challenges:

Challenges in Applying Redundancy

Redundancy is a highly mature and widely used technique in the area of Contingency Planning, Continuity of Operations, and Performance Optimization. While this is a strength in the stability and wide availability of tools and automation available, it becomes a challenge to modify already existing systems and processes to provide resiliency, as well as address the goals for which the tools were originally intended. In addition, each combination of the redundancy approaches presents its own challenges:

Challenges in Applying Segmentation

The use of segmentation runs counter to current trends for integrated services (including integrated communications, enterprise asset management, and Web-enabled shared use of "big data" repositories), convergence of physical and cyber resources, and cloud computing. Unless careful systems engineering is applied, administrative and cyber defender visibility into protected segments within the enterprise may be restricted. In addition, each combination of the segmentation approaches presents its own challenges:

Challenges in Applying Substantiated Integrity

For substantiated integrity to be effective, it is critical that mission operators and cyber defenders are notified, when threshold conditions are reached, rather than having automated responses to unexpected behavior go unrecognized until a failure occurs. Deliberate efforts are needed to ensure that meta-data is defined and handled consistently. In addition, each combination of the substantiated integrity approaches presents its own challenges:

Challenges in Applying Unpredictability

Unpredictability is not a stand-alone technique; it is used in conjunction with Adaptive Response, Analytic Monitoring, Deception, Diversity, Dynamic Positioning, Non-Persistence, Privilege Restriction, and Segmentation / Isolation. It must be implemented carefully, to avoid unintended consequences. In particular, unpredictability can present challenges for Coordinated Defense. Defenders need to have some way to discern whether an unexpected event is the result of an implementation of unpredictability, or is a possible indicator of adversary activity. In addition there is a significant amount of overhead associated with the creation and maintenance of unpredictability over extended time periods.