Interior Page Icon

Cyber COOP Execution

Facing Destructive Malware

the big idea

To be resilient against threats of destructive malware, traditional continuity of operations (COOP) must be extended to include cyber defense and incident response strategies and tools.

Cyber Resiliency Goals & Objectives

Cyber COOP Execution supports the cyber resiliency goal Recover with Continue, Reconstitute and Prevent as objectives.

Design Principles

The design principles for Cyber COOP Execution improve the ability of cyber systems, components and services to continue mission or business essential objectives by recovering and reconstituting in the post-bang phase. In addition, forensics data is collected. For more information on that aspect, please see the guide on Forensics. Applicable resiliency techniques include:

What Can Be Done Now

The following resiliency techniques can be applied now to maximize the effectiveness of Cyber COOP Execution:

The Right People & Policies

Creating a foundation of resiliency requires specific skills and policies:

Cyber Attack Lifecycle

Using the cyber resiliency techniques, Adaptive Response, Analytic Monitoring, and Substantiated Integrity, as described above, defenders can impede and sometimes even preclude the adversary’s efforts to maintain a presence in the enterprise and limit the damage the malware causes. By using Analytic Monitoring, the defender is able to detect and analyze the adversary’s efforts to control initial victims, execute the attack plan, and maintain a presence in the enterprise. The Adaptive Response technique can then be used to reduce the time before data and applications are restored while the Substantiated Integrity technique ensures that the data and applications restored are clean copies.

Synergies & Barriers

The organization’s SME must ensure that the Cyber COOP evolves as the core services, capabilities, and systems evolve and are updated with new technology and capabilities. The three resiliency techniques discussed in this guide rely and support each other.

Barriers to adoption include:

Just Ahead

The enterprise architecture should accommodate emerging technologies, such as those that enable dynamic segmentation and resource isolation, and those used in synthetic diversity. It should also be able to accommodate new segmentation capabilities related to the Internet of Things, e.g., placing HVAC or lighting control services on a separate segment than business functions.

See Key Concepts and Terms for definitions

Previous Activity Back to Menu Next Activity