Email this Article Email   

CHIPS Articles: Defense Official Calls Cyber Resilience Critical to Protecting Systems, Continuing the Mission

Defense Official Calls Cyber Resilience Critical to Protecting Systems, Continuing the Mission
By David Vergun, Defense.gov - November 23, 2020
While the U.S., allies and partners are working diligently to defend against malicious and destabilizing activities in cyberspace, those defenses may not be robust enough and adversaries are taking advantage of that, the deputy assistant secretary of defense for cyber policy said on Thursday.

Speaking remotely to the Aviation Cyber Initiative Summit, Thomas C. Wingfield warned that the risk of a successful cyber-attack is growing.

While the importance of the Defense Department's cyber force is indisputable, it is not enough, Wingfield said.

Organizations need to move from a paradigm of cybersecurity, to one of cyber resilience."

"I have seen very clearly that the single most important component in protecting our shared security, liberty and prosperity are leaders who understand the promise and pitfalls of technology," he said, adding that leaders also need to work with allies, interagency partners and industry to ensure cyber resilience.

"Organizations need to move from a paradigm of cybersecurity, to one of cyber resilience," he said.

The two terms are complementary, but not synonymous, Wingfield said. He noted that the Commerce Department's National Institute for Standards and Technology defines cyber resilience as the ability to anticipate, withstand, recover from and adapt to adverse conditions, stresses, attacks or compromises on systems that are used or enabled by cyber resources.

Cyber resilience is necessary for those systems to withstand an attack or to quickly recover from one while continuing to operate effectively to achieve an objective, he said.

"Cyber resilience is, therefore, about more than protection. It is about continuity of operations and mission assurance. Planning for the eventuality of a cyberattack and still fighting through it is to be cyber resilient," he said.

To achieve a measure of cyber resilience, senior leadership must be involved. Personnel up and down the chain of command need to be trained and tested regularly, he said. While cybersecurity may largely be the concern of the information technology or cybersecurity staff, cyber resilience is the responsibility of an entire organization.

"This is not to say that working on greater cybersecurity is a fool's errand. On the contrary, cyber resilience is built on top of cybersecurity. The most important part of both is having a strong cyber immune system in every network on every system," he said.

Follow Defense Department news, at www.defense.gov/, https://www.facebook.com/DeptofDefense or https://twitter.com/DeptofDefense

Thomas C. Wingfield, deputy assistant secretary of defense for cyber policy, speaks at the Aviation Cyber Initiative Summit, Nov. 19, 2020. DoD screenshot
Related CHIPS Articles
Related DON CIO News
Related DON CIO Policy

CHIPS is an official U.S. Navy website sponsored by the Department of the Navy (DON) Chief Information Officer, the Department of Defense Enterprise Software Initiative (ESI) and the DON's ESI Software Product Manager Team at Space and Naval Warfare Systems Center Pacific.

Online ISSN 2154-1779; Print ISSN 1047-9988
Hyperlink Disclaimer