Cyber Resilience Enabled by Endogenous Safety and Security: Vision, Techniques, and Strategies

2023, Volume 25, Issue 6

Abstract

Keywords

Figures

References

Related Research

Strategic Study of CAE >> 2023, Volume 25, Issue 6 doi: 10.15302/J-SSCAE-2023.06.018

Cyber Resilience Enabled by Endogenous Safety and Security: Vision, Techniques, and Strategies

1. Institute of Big Data, Fudan University, Shanghai 200433, China;

2. National Digital Switching System Engineering & Technological R&D Center, Zhengzhou 450002, China

Funding project：National Key R&D Program of China (2022YFB3102901); Chinese Academy of Engineering project “Strategic Studies on Becoming A Strong Cyber Power Guided by the New Development Philosophy” (2022-HYZD-02) Received: 2023-11-17 Revised: 2023-12-06 Available online: 2023-12-22

HTML91 PDF 236 Collect 0

Next Previous

Abstract

Cyber resiliency engineering is a technical approach embraced by countries and regions such as the United States and Europe to implement digital transformation and address network security challenges under new circumstances. It aims to keep the barriers to entry high for digital technologies based on the cyber resilience standard and to improve the digital infrastructure security capability of China from both the application service and device supply sides. This study focuses on the impact and challenges brought by the initiatives of cyber resiliency engineering in the United States and Europe on the development of new-generation network information technology in China. It starts from a concept introduction of resilience, cyber resilience, and cyber resiliency engineering. Subsequently, it elaborates on the application progress of cyber resiliency engineering in the United States and Europe in terms of policy drivers, strategic considerations, and development dilemmas. Moreover, the study goes further to propose a dynamic heterogeneous redundancy architecture based on an endogenous security and safety (ESS) theory. It describes and illustrates the intrinsic mechanism, basic concepts, and application methods of cyber resilience empowered by ESS. Furthermore, we propose that China should accelerate innovation to offset the combined effects of cyber resiliency engineering in developed countries, introduce a cyber resilience policy and law system with Chinese characteristics, establish corresponding regulatory systems to clarify the network security responsibilities, establish a quantifiable, verifiable, and credible testing and evaluation system, and boost the holistic implementation of cyber resilience with a multi-pronged approach including financial marketization, hoping to ystematically enhance the cyber resilience and strength of China.

Keywords

cyberspace ; endogenous safety and security ; cyber resilience ; structure encryption ; dynamic heterogeneous redundancy architecture

Figures

图1

图2

References

[ 1 ] Goldman H. Building secure, resilient architectures for cyber mission assurance [R]. McLean: MITRE Corporation, 2010.

[ 2 ] Kalutarage H, Shaikh S A, Lee B, et al. Early warning systems for cyber defence [C]. Zurich: International Workshop on Open Problems in Network Security, 2015.

[ 3 ] Holling C S. Resilience and stability of ecological systems [J]. Annual Review of Ecology and Systematics, 1973, 4: 1‒23.

[ 4 ] Pimm S L. The complexity and stability of ecosystems [J]. Nature, 1984, 307(5949): 321‒326.

[ 5 ] Gunderson L H. Ecological resilience—In theory and application [J]. Annual Review of Ecology and Systematics, 2000, 31: 425‒439.

[ 6 ] Pisano U. Resilience and Sustainable Development: Theory of resilience, systems thinking and adaptive governance [R]. Vienna: Vienna University of Economics and Business, 2012.

[ 7 ] Jhawar R, Piuri V. Fault tolerance and resilience in cloud computing environments [M]. Amsterdam: Elsevier, 2014: 1‒28.

[ 8 ] Stine K M. Framework for improving critical infrastructure cybersecurity: Version 1.0 [R]. Gaithersburg: National Institute of Standards and Technology, 2014.

[ 9 ] Colman-Meixner C, Develder C, Tornatore M, et al. A survey on resiliency techniques in cloud computing infrastructures and applications [J]. IEEE Communications Surveys & Tutorials, 2016, 18(3): 2244‒2281.

[10] Deborah J B, Richard G. Cyber resiliency engineering framework [R]. Bedford: The MITRE Corporation, 2011.

[11] Richard A C, Julia H A, David W W, et al. CERT® resilience management model, Version 1.2 [EB/OL]. (2016-02-20)[2023-02-18]. https://insights.sei.cmu.edu/documents/1629/2016_002_001_514462.pdf.

[12] Ronald S R, Victoria P, Richard G, et al. Developing cyber-resilient systems: A systems security engineering approach [R]. Gaithersburg: National Institute of Standards and Technology, 2021.

[13] Petrenko S. Cyber resilience [M]. Aalborg: River Publishers, 2019.

[14] Shifting the balance of cybersecurity risk: Principles and approaches for secure by design software [EB/OL]. [2023-10-20]. https://www.cisa.gov/sites/default/files/2023-06/principles_approaches_for_security-by-design-default_508c.pdf.

[15] Saeed S, Suayyid S A, Al-Ghamdi M S, et al. A systematic literature review on cyber threat intelligence for organizational cybersecurity resilience [J]. Sensors, 2023, 23(16): 7273.

[16] Llansó T, Hedgecock D A, Pendergrass J. The state of cyber resilience: Now and in the future [J]. Johns Hopkins APL Technical Digest, 2021, 35(4): 328‒334.

[17] Malatji M, Marnewick A L, Von Solms S. Cybersecurity capabilities for critical infrastructure resilience [J]. Information & Computer Security, 2022, 30(2): 255‒279.

[18] Yusif S, Hafeez-Baig A. A conceptual model for cybersecurity governance [J]. Journal of Applied Security Research, 2021, 16(4): 490‒513.

[19] Eckhardt P, Kotovskaia A. The EU´s cybersecurity framework: The interplay between the cyber resilience act and the NIS2 directive [J]. International Cybersecurity Law Review, 2023, 4(2): 147‒164.

[20] Cyber resilient organization study 2021 [EB/OL]. [2023-03-24]. https://www.ibm.com/resources/guides/cyber-resilient-organization-study.

[21] Pettit T J. Supply chain resilience: Development of conceptual framework, an assessment tool and an implementation process [D]. Olumbus: The Ohio State University (Doctoral dissertation), 2008.

[22] Kulugh V E, Mbanaso U M, Chukwudebe G. Cybersecurity resilience maturity assessment model for critical national information infrastructure [J]. SN Computer Science, 2022, 3(3): 217.

[23] Wu J X. Cyberspace mimic defense: Generalized robust control and endogenous security [M]. Cham: Springer International Publishing, 2020.

[24] Kelly B, Jacky F, Ryan M L, et al. How aligning security and the business creates cyber resilience [C]. Ireland: State of Cybersecurity Resilience 2021, 2021.

[25] 肖前, 李秀林, 汪永祥. 辩证唯物主义原理 [M]. 北京: 人民出版社, 1981.
Xiao Q, Li X L, Wang Y X. Basic tenets of dialectical materialism [M]. Beijing: People´s Publishing House, 1981.

[26] 邬江兴. 网络空间内生安全发展范式 [J]. 中国科学: 信息科学, 2022, 52(2): 189‒204.
Wu J X. Development paradigms of cyberspace endogenous safety and security [J]. Scientia Sinica Informationis, 2022, 52(2): 189‒204.

[27] 邬江兴. 网络空间内生安全——拟态防御与广义鲁棒控制(上册) [M]. 北京: 科学出版社, 2020.
Wu J X. Cyberspace endogenous safety and security: Mimic defense and generalized robust control (Volume I) [M]. Beijing: Science Press, 2020.

[28] Ijaz S, Hamayun M T, Yan L, et al. Adaptive fault tolerant control of dissimilar redundant actuation system of civil aircraft based on integral sliding mode control strategy [J]. Transactions of the Institute of Measurement and Control, 2019, 41(13): 3756‒3768.

[29] Ijaz S, Yan L, Hamayun M T, et al. Active fault tolerant control scheme for aircraft with dissimilar redundant actuation system subject to hydraulic failure [J]. Journal of the Franklin Institute, 2019, 356(3): 1302‒1332.

[30] 邬江兴, 季新生, 贺磊, 等. 内生安全赋能网络弹性研究 [J]. 信息通信技术, 2023, 17(4): 4‒11.
Wu J X, Ji X S, He L, et al. Research on network elasticity of endogenous security empowerment [J]. Information and Communications Technologies, 2023, 17(4): 4‒11.

[31] Ren Q, Guo Z H, Wu J X, et al. SDN-ESRC: A secure and resilient control plane for software-defined networks [J]. IEEE Transactions on Network and Service Management, 2022, 19(3): 2366‒2381.

[32] Shannon C E. Communication theory of secrecy systems [J]. The Bell System Technical Journal, 1949, 28(4): 656‒715.

[33] 邬江兴. 内生安全赋能网络弹性工程 [M]. 北京: 科学出版社, 2023.
Wu J X. Endogenous safety and security (ESS) theory enabled cyber resiliency engineering [M]. Beijing: Science Press, 2023.

[34] Wang C H, Wei S Y. Highly resilient key distribution strategy for multi-level heterogeneous sensor networks by using deployment knowledge [J]. Journal of Shanghai Jiaotong University (Science), 2011, 16(5): 593‒599.

[35] Joseph D, Franks J K, Freeman C N. Reliable and resilient end to end connectivity for heterogeneous [R]. New York: International Business Machines Corporation, 2011.

[36] 季新生, 伊鹏, 马海龙, 等. 基于系统架构评估的网络弹性度量技术白皮书 [R]. 南京: 紫金山实验室, 2023.
Ji X S, Yi P, Ma H L, et al. Measurement of cyber resiliency based on system architecture assessment [R]. Nanjing: Purple Mountain Laboratories, 2023.

[37] Alberts D, Tillman M. NEC2 effectiveness and agility: Analysis methodology, metrics, and experimental results [R]. Alexandria: Institute for Defense Analysis, 2012.

[38] Hosseini S, Barker K, Ramirez-Marquez J E. A review of definitions and measures of system resilience [J]. Reliability Engineering & System Safety, 2016, 145: 47‒61.

[39] Hausken K. Cyber resilience in firms, organizations and societies [J]. Internet of Things, 2020, 11: 100204.

Related Research