News   Lethality

Defense Official Calls Cyber Resilience Critical to Protecting Systems, Continuing the Mission

Nov. 20, 2020 | BY David Vergun , DOD News

While the U.S., allies and partners are working diligently to defend against malicious and destabilizing activities in cyberspace, those defenses may not be robust enough and adversaries are taking advantage of that, the deputy assistant secretary of defense for cyber policy said on Thursday. 

A man stands at a lectern and speaks into a microphone. A sign indicating that he is at the Pentagon hangs on the wall behind him.
Cyber Remarks
Thomas C. Wingfield, deputy assistant secretary of defense for cyber policy, speaks at the Aviation Cyber Initiative Summit, Nov. 19, 2020.
Photo By: DOD Screenshot
VIRIN: 201119-O-ZZ999-002A

Speaking remotely to the Aviation Cyber Initiative Summit, Thomas C. Wingfield warned that the risk of a successful cyberattack is growing.

While the importance of the Defense Department's cyber force is indisputable, it is not enough, Wingfield said. 

Organizations need to move from a paradigm of cybersecurity, to one of cyber resilience."
Thomas C. Wingfield, Deputy Assistant Secretary of Defense for Cyber Policy

"I have seen very clearly that the single most important component in protecting our shared security, liberty and prosperity are leaders who understand the promise and pitfalls of technology," he said, adding that leaders also need to work with allies, interagency partners and industry to ensure cyber resilience.

A man in a military uniform types on a keyboard and looks at three monitors.
Cyber Operator
Air Force Capt. Luke Humphries, a cyber operator assigned to the 276th Cyber Operations Squadron, Maryland Air National Guard, works on his computer at home near Baltimore, Md., after participating in the Cyber Shield exercise, Sept. 29, 2020.
Photo By: Air Force Capt. Benjamin Hughes
VIRIN: 201013-Z-YE885-001A

"Organizations need to move from a paradigm of cybersecurity, to one of cyber resilience," he said.

The two terms are complementary, but not synonymous, Wingfield said. He noted that the Commerce Department's National Institute for Standards and Technology defines cyber resilience as the ability to anticipate, withstand, recover from and adapt to adverse conditions, stresses, attacks or compromises on systems that are used or enabled by cyber resources. 

Cyber resilience is necessary for those systems to withstand an attack or to quickly recover from one while continuing to operate effectively to achieve an objective, he said.

An airman wearing a face mask works on a laptop.
Cyber Exercise
Air Force Sr. Airman Nicholas Hames, a 673d Communications Squadron cyber control operator, sets up secure voice communications in a simulated remote location as part of exercise Polar Force 21-1 at Joint Base Elmendorf-Richardson, Alaska, Oct. 13, 2020.
Photo By: Air Force Airman 1st Class Samuel Colvin
VIRIN: 201013-F-YL679-1026A

"Cyber resilience is, therefore, about more than protection. It is about continuity of operations and mission assurance. Planning for the eventuality of a cyberattack and still fighting through it is to be cyber resilient," he said.

To achieve a measure of cyber resilience, senior leadership must be involved. Personnel up and down the chain of command need to be trained and tested regularly, he said. While cybersecurity may largely be the concern of the information technology or cybersecurity staff, cyber resilience is the responsibility of an entire organization. 

"This is not to say that working on greater cybersecurity is a fool's errand. On the contrary, cyber resilience is built on top of cybersecurity. The most important part of both is having a strong cyber immune system in every network on every system," he said.