Interior Page Icon

Architect to Protect

Creating a Foundation for Resiliency

The Big Idea

By building resiliency protections into its cyber architecture, an entity or mission can create a foundation of resiliency that will ensure operational continuity and efficacy despite the efforts of advanced adversaries.

Cyber Resiliency Goals & Objectives

The Architect to Protect activity is most often used by an entity that has identified Evolve and Withstand as a goal and Transform, Re-Architect, Prepare, Continue, and Constrain as objectives.

Design Principles

The design principles for architectural foundations enable resilience-enhancing technologies to be integrated with security and other infrastructure services in a cost effective way.

What Can Be Done Now

The following resiliency techniques can help transform business processes and redesign systems to use existing technologies more effectively:

The Right People & Policies

Creating a foundation of resiliency requires specific skills and policies:

Cyber Attack Lifecycle

Using the cyber resiliency techniques, segmentation, coordinated defense and diversity, as described above, defenders can impede the adversary's attack on the enterprise and limit the damage the malware causes. The use of segmentation and diversity can negate or degrade the adversary's delivery of malware. When the adversary attempts to initiate the exploit, employ mechanisms to manage the initial victims, and execute the attack plan, the coordinated defense technique in concert with diversity and segmentation techniques impede these efforts and contain their effects.

Synergies & Barriers

The enterprise architecture must ensure that practices in other areas (such as Secure Administration, Access Control, Data Recovery Strategies, and Forensics) have not been rendered technically infeasible, ineffective, or costly.

Synergies among practice areas should be pursued, such as those between technical Defense-in-Depth and

Barriers to adoption include

Just Ahead

The enterprise architecture should accommodate emerging technologies, such as those that enable dynamic segmentation and resource isolation, and those used in synthetic Diversity. It should also be able to accommodate new segmentation capabilities related to the Internet of Things, e.g., placing HVAC or lighting control services on a separate segment than business functions.

See Key Concepts and Terms for definitions

Previous Activity Back to Menu Next Activity