Interior Page Icon

Cyber COOP Planning

Operationalizing Resiliency

the big idea

To be resilient against threats of destructive malware, traditional continuity of operations (COOP) must be extended and integrated with cyber resilience into cyber architectures, and defender techniques, tactics and procedures (TTPs).

Cyber Resiliency Goals & Objectives

Cyber COOP supports the cyber resiliency Anticipate goal with Understand, Prepare and Prevent as objectives.

Design Principles

The design principles for cyber COOP planning improve the capability of cyber systems, components and services to continue essential operations by preparing and planning for adversity.

Cyber COOP plans must consider core services, assign roles and responsibilities, and use proven tactics and procedures along with trusted communications. In addition, the verification and validation of cyber COOP plans is essential to successful recovery. This includes documenting the baseline network flow of traffic (net-flows) so incident response is more effective and enhanced forensics techniques are employed. Applicable resiliency techniques include:

What Can Be Done Now

The following resiliency activities can be instituted now to maximize the effectiveness of cyber COOP planning:

The Right People & Policies

Creating a foundation of resiliency requires specific skills and policies, including:

Cyber Attack Lifecycle

Using the cyber resiliency techniques, Dynamic Representation, Coordinated Defense, and Realignment, defenders can detect and expose the adversary, impede the adversary’s attack on the enterprise and limit the damage the malware causes. In some cases the defenders may even be able to preclude the adversary’s efforts from having an impact. The use of Coordinated Defense and Realignment can impede the adversary’s ability to initiate the exploit, take control of the initial victims, and execute an attack plan. The use of Dynamic Representation enables the defenders to detect and expose the adversary’s efforts after the initial exploitation.

Synergies & Barriers

The organization SME must ensure that the Cyber COOP evolves as the core services, capabilities and systems evolve and are updated with new technology and capabilities.

Synergies among practice areas include Dynamic Representation and Realignment and Coordinated Defense and Realignment. Applying these practices will ensure COOP practices are well informed, validated and employ updated defender TTPs and data. Specifically

Barriers to adoption include:

Just Ahead

Cyber COOP planning must evolve to accommodate emerging technologies, such as those that enable automated mappings for functions, capabilities, services and systems. As another aspect of that evolution, versatile Cyber COOP planning must employ technologies and techniques that are fused with traditional COOP planning to increase its flexibility so its implementation can address the versatility of adversarial events that evolve and transform to respond to an organization’s COOP actions. These types of technologies will enable an essential aspect of COOP - the continuous updates and validation of defender TTPs and processes. Finally, the evolution of COOP to address adversarial events means that the determination of the likelihood of an event happening (which is one factor that drives the selection of COOP technologies and techniques) is no longer based solely on historical evidence, but that the capability, intent and targeting of the adversary must be considered as well.

See Key Concepts and Terms for definitions

Previous Activity Back to Menu Next Activity