Protecting Critical Infrastructure Requires an Integrated Resiliency Framework
Aerospace insights. Vaeros solutions. Resilient systems.
For more than five decades, The Aerospace Corporation has provided objective technical expertise, analysis, and assessments for global customers pursuing the most complex and innovative missions.
Vaeros, a division of The Aerospace Corporation, brings this rich resource of talent and technical capabilities to bear on multiple challenges in diverse, high-consequence environments.
We are committed to ensuring customers can anticipate, withstand, and recover from evolving, ever-present threats to their critical systems and networks—and succeed in today’s interconnected world.
Critical infrastructure (CI) is roughly defined as assets, systems, and networks—whether real or virtual—whose incapacitation or destruction would be debilitating to national security, the economy, or public health or safety.
Components that are meant to operate in these mission-critical, high-consequence environments are typically designed to be fail-safe. But vulnerabilities can be exploited by outside actors to thwart fail-safe mechanisms, resulting in potentially catastrophic outcomes.
Dynamic threats. Diverse challenges.
It is impossible to completely characterize every potential threat and vulnerability to CI. Threats are too diverse and can originate from a myriad of sources, including nation-states, nonstate organized groups, hacktivists, business-oriented attackers, or perhaps not even be manmade at all, such as natural disasters or technological malfunction.
CI security and resilience.
Given this reality, a systematic framework is needed that integrates intersector risk, complexity, evolving threats, attack detection, rapid response, and recovery.
Systematic identification and comprehensive understanding of sector-specific and cross-sector interdependent threats, vulnerabilities, and failure mechanisms (i.e., cascading, escalating, common cause) are needed.
The objective is no longer to build a system impervious to threats; rather, it is to build the capacity to anticipate and prepare for inevitable attack, minimize damage to CI, recover quickly, then learn from and understand the nature of the attack to further strengthen the health of assets, systems, and networks.
A perspective strengthened in space.
Our expertise creating resilient CI strategies on Earth is one born from extensive understanding of the realities of operating in the space environment. The rigorous systems engineering and mission assurance disciplines used in engineering and hardening space systems offers us a unique perspective on building designs—regardless of platform or domain—that are robust for their environment, capable of rapid recovery for critical functionality, and promote constant availability and access to state-of-health data.
Further, the methodology involved in developing proven space solutions fosters a “learn as we go” success environment. Threats and vulnerabilities are often incompletely known and unanticipated, and there is great emphasis on flexibility and adaptability. It is a history of learning and success readily applied to today’s CI assets, systems, and networks.
From our experience in the space industry, increasing architectural complexity and intersegment interdependency highlights the need for having a consistent ontology—a systematic framework that integrates intersegment risk, complexity, threats, and mitigation options.
Development and implementation of a standard methodology and ontology for systematic threat identification and assessment should be aimed at system-level identification of interfaces—how, and to what degree, do perturbations within one sector affect others. Such a process will expose system-of-systems interdependencies across multiple CI sectors, and identify the multilayered vulnerabilities inherent in these coupled systems, from the highest architectural level down to specific operational levels.
Data as defense.
This is where data analytics can help.
Different CI sectors may be vulnerable to common and/or high-order contingent threats, and mitigation of risks, reduction of vulnerabilities, and adaptation to changing threats must be part of future system designs. As with agile software development, shorter development cycles can continuously add capability in response to changes in the landscape, mitigating risk by building in flexibility and adaptability.
Predictive analytics and complex event processing could contribute to framework development for sector interdependency assessments, identifying the system requirements that would be used in scenario assessment through systems, threat, and vulnerability modeling.
Contact Vaeros today to learn how we can help enable your success.