The term "resilience" is a strategic choice, as it emphasizes adaptive strength, continuous function, and long-term sustainability in the face of hybrid threats rather than focusing solely on the traditional isolated "prevention, detection and response".
Resilience refers to the ability to anticipate, withstand, adapt to, and recover from disruptive events, a concept that aligns with hybrid warfare and cognitive attacks. While traditional security strategies focus on prevention, in hybrid warfare, some attacks are inevitable. Resilience ensures systems continue operating even after a breach.
Cyber Resilience includes the ability to maintain critical IT and operational technology (OT) functions even under cyberattacks. Redundancy and failover mechanisms ensure continuity in case of system compromise. Zero Trust Architectures reduce reliance on perimeter security by enforcing continuous verification.
Cognitive resilience is the ability to resist disinformation, social engineering, and cognitive manipulation by maintaining critical thinking, emotional stability, and informed decision-making.
Supply Chain Resilience ensures supply chain continuity despite cyber, financial, or trade warfare. It reduces dependencies on single-source suppliers, especially in critical infrastructure.
Here is an example of the increasing importance of resilience. The Basel framework, the global regulatory framework developed by the Basel Committee on Banking Supervision (BCBS), initially focused on capital allocation, ensuring that financial institutions held adequate capital to absorb potential losses. Basel III introduced a significant shift, from capital adequacy to overall financial resilience. The framework now emphasizes liquidity, leverage, macroprudential oversight, and stress-testing, ensuring that banks are not just capitalized but structurally resilient against financial shocks, economic downturns, and systemic risks.
The European Union (EU) has increasingly integrated the concept of resilience into its legislative and regulatory frameworks. Resilience is now a foundational principle in various directives and regulations, emphasizing the ability to anticipate, withstand, adapt to, and recover from disruptions across multiple sectors.
Examples include:
1. The Digital Operational Resilience Act (DORA)
2. The Critical Entities Resilience Directive (CER)
3. The European Cyber Resilience Act (CRA)
4. The Internal Market Emergency and Resilience Act (IMERA)
Learning from the Hybrid Resilience Initiative (HRI).
News and updates from the Hybrid Resilience Initiative (HRI) can be found in the monthly newsletter of Cyber Risk GmbH, a comprehensive publication exceeding 80 pages each month. The newsletter provides in-depth insights on hybrid warfare, cyber espionage, and resilience strategies. You can download it at no cost, with no registration, subscription, or commitment required at:
https://www.cyber-risk-gmbh.com/Reading_Room.html