You can have great cybersecurity across Identify, Protect, Detect, Respond, and Recover without being very resilient. However, you can’t be resilient without being great at cybersecurity. Resilience is the ability to absorb shocks and recover quickly. The type of toughness we need to build into our organizations for resilience goes beyond what is needed for good cybersecurity:

1. We need to be able to adapt to the situation
2. We need to be able to limit the damage and build back better
3. We need to make sure the people can tolerate the wear and tear of the incident

Package delivery example process – CryptoPack

At the heart of Ron and Don’s modern venture, CryptoPack, is a completely digitized customer journey powered exclusively by Bitcoin. To send a package, the customer interacts solely with the CryptoPack webpage—selecting options, completing a secure Bitcoin payment, and receiving a unique package code. The logistics are automated: a sophisticated route planning system dynamically assigns pickups to drivers. These drivers utilize a proprietary smartphone app for real-time tracking and verification, culminating in instant confirmation messages delivered to both the sender and the recipient upon successful delivery.

There are many ways this business can be disrupted through a cyber attack, from bitcoin theft to personal data breaches to downtime of the scheduler. While risk assessments are helpful in planning detection capabilities, backup plans and incident response, they will not cover every possible disruptive event. Ron and Don’s promise to customers are: we deliver, now matter what.

They want to be really resilient to make sure they honor that promise.

Adaptability

When designing the customer side process, they have 3 key principles:

1. The customer shall always be able to pay with Bitcoin
2. The customer shall always be able to order a package delivered
3. The customer shall always know when a package has been picked up and when it has been delivered

To plan the system they start to think in terms of adaptation and redundancy.

Bitcoin payments:

• Use different Bitcoin payment nodes in different regions and hosted by different cloud providers.
• Have a fallback to payment into static Bitcoin wallets that are manually monitored in case the integrated payment tracking system fails.
• Supporting payments over a Bitcoin lightening network, for regular customers (allowing payments that are not verified on the main Bitcoin network)

Order availability:

• Create a streaming backup solution for the order database, to allow fast recovery
• Use immutable backups to protect against ransomware
• Have a hot fail-over database to take new orders in case the primary database solution goes down
• Build multiple backup solutions that can be quickly activated during problems and quickly communicated to customers. This can be one solution built using a static website hosted on completely independent infrastructure, a dark web mirror, and an SMS based infrastructure as last resort.

Status transparency:

• Provide an SMS-based backup system for messages to customers, that drivers can directly use from a dedicated phone when the primary system is down
• Also post messages on a static website based on package codes, so that senders and receivers can manually check status without revealing personal data

These are just examples of measures that can be built into the system to allow redundancy and prepared fail-over. During an incident, independent systems are available to continue delivering on the company’s key promise: we deliver no matter what. Operating in that manner is going to be more challenging, and will require more resources if it lasts very long, but combined with effective incident response, this will help deliver the required resilience.

Response readiness

Operating on backup systems can shield the customers form annoyance but it will be more costly and annoying. Getting back to normal, better than before, is necessary. Because of this, response readiness is required. Ron and Don implements a solid cyber response capability:

1. All systems have clear isolation and recovery patterns, that have been prepared for the infrastructure.
2. A solid detection capability has been built to detect incidents early. The detection plan is reviewed regularly and updated based on threat assessments.
3. Backup and recovery functions have redundancy and the necessary capacity, and is regularly tested.
4. They have contracted a modern incident response company that has built a highly automated incident response system for pre-mapped incident models, and have 24/7 readiness for more complex cases.

Every month, Ron and Don runs incident exercises, focusing on different aspects of the response and recovery processes. They use exercises to test, adapt, improve.

Psychological resilience

Ron and Don know that their resilience strategy will only work if everyone contributes, and can handle the unavoidable stress that comes with delivering through incidents and changing ways of working quickly.

Pre-incident: Ron and Don want to bring the hearts and minds of employees and customers on board. They set up to build psychological safety into the company’s life blood. To do this, they:

1. Set the stage to show that making an effort is valued, and mistakes are allowed. Speaking up and radical candor is expected.
2. Include customers in resilience thinking by communicating about robustness and adaptation as key parts of the “we always deliver” promise.
3. Set clear expectations for what will happen during an incident, and which support structures will be available. During incidents, all drivers will be able to call in to management on an open call to discuss problems, suggest ideas and get status updates.

During incident: Ron and Don knows that information vacuum is the friend of chaos. They therefore have established routines for reporting incident progress to drivers and customers. They also provide the open call-in option to discuss problems and issues. Support for using the alternative channels and ways of working is also available in a paper booklet in each car, and on phone for support.

After incident: an open “what will we do better next time” session is held afterwards, with blameless discussion. The purpose is to learn from the incident and to spread good practice. Praise for effort and willingness to put in the extra work needed will be loud and clear with a focus on joint achievement.

Cyber resilience take-aways

Security posture is about strong security architecture, good patching practices, great observability. Without good security posture, resilience is impossible. To achieve good cyber resilience we need:

1. Adaptability: plan for alternative ways of delivering the service when we are hit by attacks. Absorb the shock, adapt. Keep calm and carry on.
2. Response readiness: work tirelessly to detect early, respond effectively and build back better.
3. Psychological readiness: build a culture of psychological safety, clarity of purpose and community. This underpins adaptability and response capabilities.

Have a great cybersecurity month – this year with focus on digital readiness.