Interior Page Icon

Core Services

Re-establishing a Trusted Foundation

the big idea

By properly rebuilding the high priority core services (i.e., those key services needed for continuing an organization's critical missions and services) after an attack, an enterprise can ensure service integrity, expedite recovery, and minimize mission impact.

Cyber Resiliency Goals & Objectives

Core Services support the Withstand and Recover goals and the Continue, Constrain, and Reconstitute objectives.

Design Principles

As the organization recovers from an incident, the design principles for Core Services will ensure that systems are restored via a process that balances trust and system dependencies with the requirements of the mission.

What Can Be Done Now

Identify and prioritize all critical systems and their dependencies. Substantiate the integrity of the hardware, software and information stores, which will be used to restore these critical systems and their dependencies.

The Right People & Policies

Cyber Attack Lifecycle

Using the cyber resiliency techniques, Coordinated Defense and Substantiated Integrity, as described above, defenders can detect the adversary's attempts to control the initial victims of the attack and maintain a presence in the enterprise. These techniques together with Adaptive Response and Redundancy enable the defenders to impede the adversary's attempts to control the initial victims of the attack, execute the attack plan and maintain control. Adaptive Response together with Redundancy also enable defenders to limit the damage caused in these stages.

Synergies & Barriers

Synergies among practices include Redundancy and Substantiated Integrity. Redundancy reduces the likelihood of an attacker gaining control of all the targeted services, while Redundancy with Substantiated Integrity provides awareness of which systems are corrupted.

Barriers to adoption include:

Just Ahead

In the future organization should consider introducing diversity into the set of techniques to support the core services. Organizations could maintain critical mission data across a diverse set of formats and backup solutions, possibly including the use of different types of hardware and software on components critical for recovery. The organization should also consider incorporating Dynamic Positioning, creating a version of core services that are located in a mobile unit (e.g., an RV) that would not be impacted by an attack on the main facilities. These techniques would increase the likelihood that some portion of the systems is in a position to recover in a timely manner from an adversary attack.

See Key Concepts and Terms for definitions

Previous Activity Back to Menu Next Activity