International Journal of Applied Sciences & Development

DOI: 10.37394/232029.2022.1.10 Darko Galinec

Cyber Security and Cyber Defense: Challenges and Building of Cyber

Resilience Conceptual Model
DARKO GALINEC
Department of Informatics and Computing
Zagreb University of Applied Sciences
Vrbik 8, Zagreb
CROATIA

Abstract: - Cyber security encompasses a broad range of practices, tools and concepts related closely to those
of information and operational technology security. Cyber security is distinctive in its inclusion of the offensive
use of information technology to attack adversaries. Use of the term cyber security as a key challenge and a
synonym for information security or IT security misleads customers and security practitioners and obscures
critical differences between these disciplines. Recommendation for security leaders is that they should use the
term cyber security to designate only security practices related to the defensive actions involving or relying
upon information technology and/or operational technology environments and systems. Cyber defense is a
computer network defense mechanism which includes response to actions and critical infrastructure protection
and information assurance for organizations, government entities and other possible networks [3]. In this paper,
we investigate how cyber security and cyber defense may lead to cyber resilience with the novel model of cyber
resilience designed and presented. Furthermore, within the same model authors investigate actions for cyber
security and cyber defense in conditions of increasing challenge of cyber-attacks and the limited capabilities to
respond to this threat describing the process of creation, performance and future of EU Cyber Rapid Response
Teams (abbr. CRRT) and Mutual Assistance in Cyber Security, introducing novel approach to cyber security
and cyber defense at the EU level.

KeyWords: - CRRT, Cyber Defense, Cyber security, Cyber Resilience, Conceptual Model, Rapid Response
Team
Received: April 16, 2022. Revised: November 6, 2022. Accepted: November 28, 2022. Published: December 31, 2022.

1 Introduction Cyber defense also carries out technical analysis to

Cyber security has been practiced in military circles identify the paths and areas the attackers can target
for over a decade. In recent years, the term has ,[3].
appeared in a variety of contexts, many of which Awareness along with resilience and response
have little or no relationship to the original meaning are at the heart of EU action to counter cyber
of the term. Misuse of the term obscures the threats. EU is improving the capacity to detect and
significance of the practices that make cyber understand malicious activities at an early stage. At
security a super set of information security, the same time, the EU enhances the resilience of
operational technology (OT) security and IT critical infrastructure, society and institutions. This
security practices related to digital assets. is fundamental to improving the ability to withstand
A wide range of different activities is involved and recover from attacks. Countering cyber threats
in cyber defense for protecting the concerned entity requires action mainly from the Member States, as
as well as for the rapid response to a threat well as closer cooperation between the EU, the
landscape. These could include reducing the appeal Member States, partner countries and NATO.
of the environment to the possible attackers,
understanding the critical locations & sensitive 2 Problem Formulation
information, enacting preventative controls to The aim of this paper is to investigate how cyber
ensure attacks would be expensive, attack detection security and cyber defense may lead to cyber
capability and reaction and response capabilities. resilience in today’s conditions of emerging security

E-ISSN: 2945-0454 83 Volume 1, 2022

 International Journal of Applied Sciences & Development
DOI: 10.37394/232029.2022.1.10 Darko Galinec

risks and the limited capabilities to respond to cyber security strategy utilizations and resources in the
threats. Secondly, the aim is to describe the process most effective fashion. The cyber defense also helps
of creation and performance of EU Cyber Rapid in improving the effectiveness of security resources
Response Teams and Mutual Assistance in Cyber and security expenses, especially in critical
Security, introducing a novel approach to cyber locations ,[6].
security and cyber defense at the EU level.
2.3. Cyber Rapid Response Teams –
CRRT(s) – and Mutual Assistance in Cyber
2.1. Methodology Security project
With the understanding of the specific Understanding an increasing challenge of cyber
environment, cyber defense analyses the different defense and the limited capabilities to respond to
threats possible to the given environment. It then this threat, Lithuania proposed to the EU Council on
helps in devising and driving the strategies Defense a project on Cyber Rapid Response Teams
necessary to counter the malicious attacks or threats. and Mutual Assistance in Cyber Security which
In this regard the goal is to give perspectives for aims not only to strengthen own security but as well
achieving cyber resilience in today’s information- to increase cyber defense capabilities on the
communication environment. Model-driven European level. By the project, it’s intended to
methodology and method have been used in the create multinational rapid response cyber teams
creation of the model scheme. composed of participating countries’ cyber defense
Perspectives for cyber security and cyber defense experts.
engagement, aiming to achieve cyber resilience in The value-added of the project is that different
today’s information-communication environment, from many other existing multinational initiatives in
are given and the novel Conceptual Cyber cyber defense which concentrate on the exchange of
Resilience Model is created. The paper provides an information this project will include sharing of the
innovative approach to the modelling of cyber human resources. The project will cover research on
resilience taking into account EU Cyber Rapid various legal procedures in the domain of cyber
Response Teams, CRRT(s) in Cyber Security as one security in the EU, organization of table top
of the possible solutions sharing people (through exercises (cyber crisis simulation exercises) and
mutual assistance), processes and technology development of cyber defense tools ,[15]. Six EU
introducing novel approach to cybersecurity and countries have joined the project (Croatia, Estonia,
cyber defense at the EU level. Lithuania, Netherlands, Poland, Romania), with
seven states observing it (Belgium, Finland, France,
2.2. Cyber defense Greece, Italy, Slovenia, Spain).
In the run-up to his special operation, the attacker
will presumably make wide use of non-military
(indirect) moves and techniques, including targeted 3 Problem Solution
cyber-attacks against the communications systems Cyber security is no longer enough: there is a need
of the enemy’s control bodies at all levels. Decisive for strategy of defense, prevention and response.
battles in new-generation wars will rage in the The idea of resilience, in its most basic form, is an
information environment, in which the attacker’s evaluation of what happens before, during and after
computer operator manipulating the “intelligent a digitally networked system encounters a threat.
machines” at a distance will be the key figure in the Resilience should not be taken to be synonymous
battle-space. Encrypted data flowing in public with recovery. It is not event-specific: it accrues
communication channels will be among the coveted over the long term and should be included in overall
targets for cyber-attacks ,[15]. business or organizational strategy. Resilience in
Cyber defense focuses on preventing, detecting context of ability of systems and organizations to
and providing timely responses to attacks or threats withstand cyber events means the preparations that
so that no infrastructure or information is tampered an organization has made with regard to threats and
with. With the growth in volume as well as the vulnerabilities, the defenses that have been
complexity of cyber-attacks, cyber defense is developed, and the resources available for
essential for most entities in order to protect mitigating a security failure after it happens.
sensitive information as well as to safeguard assets
,[15]. Cyber defense provides the much-needed
assurance to run the processes and activities, free
from worries about threats. It helps in enhancing the

E-ISSN: 2945-0454 84 Volume 1, 2022

 International Journal of Applied Sciences & Development
DOI: 10.37394/232029.2022.1.10 Darko Galinec

3.1. Conceptual Cyber Resilience Model Systems have different weak spots and different
The first point, that a long-term view and durability processes (challenges) and they each manage risk in
are key factors in ensuring cyber resilience, does not different ways (solutions). In other words, to each
need further explanation. A plan that encompasses security challenge (evaluated as ”known” or
actions and outcomes before, during and after the ”unknown”) corresponding solution to that
emergence of a threat will generally be superior to a challenge exists (evaluated as ”known(s)” or
plan that only considers one instance in time. ”unknowns”).
The second point, that leaders must broaden the By incorporating values obtained during the
conversation, merits more attention. It is vital to system security assessment process into the model
economic and societal resilience that we think we get ”known known(s)” relating to information
beyond information security to overall network security, ”known known(s)” relating to cyber
resilience that ensures we can deal with existing security and ”unknown unknowns” related to cyber
risks and face new risks that will come with such resilience ,[4].
things as artificial intelligence, the internet of things Example: There is a known crisis in the cyber
or quantum computing. In order to ensure long-term security workforce: a massive shortfall in qualified
cyber resilience, organizations must include in their and trained security professionals. There is also an
strategic planning the ability to iterate based on unknown solution to this crisis. The broad and
evolving threats from rapidly evolving disruptive growing scope of the challenge requires a
technologies ,[2]. corresponding broadening of skill sets that are both
While there are many broader definitions of known and unknown ,[11].
cyber security, there is a difference between the Finally, Cyber Resilience Model structure and
access control of cyber security and the more content is presented (Figure 1), consisting of
strategic, long-term thinking cyber resilience should information security (Confidentiality, Integrity and
evoke. Additionally, since vulnerability in one area Availability, abbr. CIA, triad threats and responses
can compromise the entire network, resilience to them i.e. - known known(s), cyber security (non-
requires a conversation focused on systems rather CIA complex threats, Advanced Persistent Threats,
than individual organizations. For networked abbr. APT(s) and corresponding responses to them
technologies, vulnerability in one node can affect i.e. known unknowns) and cyber resilience
the security and resilience of the entire network. (unforeseeable and unpredictable threats and
Therefore, resilience is best considered in the responses to them unknown unknowns).
context of a public good or commons. That’s why There are opportunities around those cyber
partnerships are keys. These can be between security solutions that can take the fear factor out of
businesses as well as with regulators, prosecutors unknown quantities, and make them ”known”. But
and policy-makers ,[2]. Since cyber resilience is there continue to be significant opportunities around
really a matter of risk management, there isn’t a those protection measures that apply the universe of
single point at which it begins or ends. Instead, it known cyber threat knowledge, to keep the system
comes from building strategy and working to ensure continuously secure ,[4].
that the risk-transfer mechanisms that work for more
traditional threats are also brought to bear on new
cyber threats. Responsibility for cyber resilience is
question of strategy rather than tactics. Being
resilient requires those at the highest levels of a
company, organization or government to recognize
the importance of avoiding and mitigating risks.
While it is everyone’s responsibility to cooperate in
order to ensure greater cyber resilience, leaders who
set the strategy for an organization are ultimately
responsible, and have increasingly been held
accountable for including cyber resilience in
organizational strategy ,[2].
Combating known threats is an essential part of a
cyber security strategy. It goes alongside advanced
capabilities to anticipate, capture and ultimately
learn from unknown threats.

E-ISSN: 2945-0454 85 Volume 1, 2022

 International Journal of Applied Sciences & Development
DOI: 10.37394/232029.2022.1.10 Darko Galinec

2017. Emphasizing opportunities in developing

cyber projects through PESCO, they have expressed
the intention: to develop and deepen voluntary
cooperation in the cyber field through mutual
assistance in response to major cyber incidents,
including information sharing, joint training, mutual
operational support, research and development and
creation of joint capabilities.
Designated experts combine work in their
original Computer Emergency and response Team
(abbr. CSIRT) and CRRT. CRRT(s) should closely
cooperate with EU institutions, including CSIRT
Network, European Union Agency for Network and
Information Security (abbr. ENISA) and CERT-EU
in order to ensure complement with existing cyber
security initiatives.
The work of the CRRT(s) is only within the
scope, agreed by the member states (MS). Civil-
Military nature: CRRT(s) is a civil-military
capability that should help foster civil-military
culture in cyber domain and broaden cyber defense
concept in the EU. The civilian-military nature of
CRRT(s) could also facilitate further cooperation
between military and civilian CSIRT(s). It is up to
each MS to decide, which national CERT (civil or
Fig. 1 military) will participate in the project.
Conceptual Cyber Resilience Model Equipment: In order to reach better operational
capabilities of CRRT(s), the Participants could
In order to cope with the growing challenges, which explore and set the baseline of common Cyber
today are manifested as unknown unknowns, Toolkit designed to detect, recognize and mitigate
systems tend to enable personnel and adjust existing cyber threats. To start operational activities
and develop new processes, organization and CRRT(s) could use available on the market or
technology. nationally developed tools. However, to expand
cyber security activities there is a need to develop a
3.2. Creation, Performance and CRRT second generation unified toolkit for deployment.
European Defense Fund co-funding and funding
Capability
from other EU sources are considered in this regard.
So, as the part of aforementioned conceptual model,
It facilitates industrial cooperation between
the initiative on creation of joint EU CRRT(s) and
participating MS and foster European cyber security
Mutual Assistance in Cyber Security project is
industry.
among the most advanced projects out of the overall
The signatories signed the Memorandum of
17 approved in late 2017 under the EU Permanent
Understanding in January 2020 and the CRRT
Structured Cooperation (abbr. PESCO) framework.
reached full operational capabilities (abbr. FOC) in
PESCO is an instrument laid out in the Treaty of
2021.
Lisbon, for deepening the cooperation in security
The Signatories participate on an equal basis in
and defense area for those EU member states that
the process of creation of CRRT(s). The Ministry of
have military capabilities meeting higher criteria
National Defense of the Republic of Lithuania is a
and are bound by greater commitments ,[10].
lead nation of a project ,[11].
Declaration of Intent in the Field of Cyber
Rapid Response Teams and Mutual Assistance in
Cyber Security: The Ministers of Defense of the 3.3 Discussion
Member States and the Minister of National Modern societies are deeply imbued with
Defense of the Republic of Lithuania are welcoming communication and information technology. People
the Joint Communication on cyber resilience, are nowadays connected using various technologies
deterrence and defense adopted on September 13th, for the transmission of text, image and sound,
including the increasing Internet of Things (abbr.

E-ISSN: 2945-0454 86 Volume 1, 2022

 International Journal of Applied Sciences & Development
DOI: 10.37394/232029.2022.1.10 Darko Galinec

IoT) trend. Deviations in the proper operation of projects exchanged ideas and discussed the common
these interconnected systems or their parts are no cyber-toolkit to be developed. The cyber-toolkit for
longer merely technical difficulties; they pose a the CRRT(s) will give the participating countries a
danger with a global security impact. Modern capability for cyber-incident management.
societies counter them with a range of activities and Participants addressed needs of every participant
measures collectively called cyber security. and the common vision. Representatives of the
Normalization is the key and cyber risk should participating countries discussed funding
be viewed just like any other risk that an mechanisms of the toolkit and created development
organization must contend with in order to fulfill its plan. The toolkit will ensure the CRRT(s) have the
goals. Leaders of business and government need to basic technical equipment which is one of the
think about resilience for two reasons: first, by factors for the lasting success of the project.
doing so they avoid the catastrophic failure Future research is directed towards finding and
threatened by an all-or-nothing approach to cyber enabling efficient and effective processes for agile
risks (i.e. preventing network entry as the only (adaptable, aware, flexible and productive) cyber
plan), and second, it ensures that the conversation resilience of the security information system able to
goes beyond information technology or information cope with unforeseeable and unpredictable events
security ,[2]. (unknown unknowns) in inner and outer
By promoting an overall cyber-resilience environment of the system as a whole. In this
approach, long term strategy (including which regard, following the establishment of the Rapid
technologies a business will implement over the Response Team as the first step, future research will
next five, 10 or more years) is a continual strategic focus on building opportunities and providing
conversation involving both technology and mutual assistance and cooperation in responding to
strategic leaders within an organization. The cyber- major cyber incidents through information sharing,
resilience approach ensures greater readiness and joint training, mutual operational assistance and
less repetition making it, on the whole, more creation of shared capabilities.
efficient and more effective. Security, in contrast to
resilience, can be seen as binary. Either something is
secure or it isn’t. It is often relegated to a single, 4 Conclusion
limited technical function, keeping unauthorized In this paper the ways, processes and means for
users out of a networked system ,[2]. achieving cyber resilience in today’s conditions of
The real cyber security challenge is the emerging security risks are examined. Within the
unknown. Former US Secretary of Defense Donald context of cyber resilience (cyber security and
Rumsfeld gave the explanation of this during a news emerging risks) the novel Conceptual Cyber
briefing in 2002:”There are known known(s). These Resilience Model that encompasses information
are the things that we know. There are known security and cyber security is presented. Further
unknowns. That is to say, there are things that we investigations of ours are directed towards finding
know we don’t know. But there are also unknown and enabling efficient and effective processes for
unknowns; these are things we don’t know we don’t agile (adaptable, aware, flexible and productive)
know” ,[11]. cyber resilience of the security information system
Technologies are being developed which, unlike able to cope with unforeseeable and unpredictable
traditional approaches, have the ability to protect events (unknown unknowns) in inner and outer
system from serious threats by learning what is environment of the system as a whole.
normal for the organization and its people and Within the process of novel conceptual model
thereby spotting emerging anomalies. Unlike, the building the process of creation and performance of
traditional rules and signature based approach, the EU Cyber Rapid Response Teams and Mutual
technology can spot threats that could harm Assistance in Cyber Security is described,
organization and network that the traditional introducing novel approach to cyber security and
approaches are unable to detect. It can deal with cyber defense at the EU level putting it into the
uncertainty and delivers adaptive protection for context of the Cyber Resilience Model. Key roles
organizations from both insider threats and related to that goal have people (actors) and their
advanced cyber-attacks. performance at all levels of systems hierarchy
The project of developing the European Union (cyber security and cyber defense).
Cyber Rapid Response Teams is close to completion
of its development phase. Representatives of
European Union member states participating in the

E-ISSN: 2945-0454 87 Volume 1, 2022

 International Journal of Applied Sciences & Development
DOI: 10.37394/232029.2022.1.10 Darko Galinec

4.1 Future Developments gaIncreasing-Complexity4.jpg, Accessed: 18th

September 2022.
Future research encompasses personal, network [8] Marvell, S.: The real and present threat of a
and organizational cyber security management. cyber breach demands real-time risk
Given conceptual model of cyber resilience is
management, Acuity Risk Management, 2015.
crucial through inserting knowledge and
consequently achieving the increase of efficient and [9] NATO Cyber Cooperative Cyber Defense
effective cyber security and cyber defense Center of Excellence Tallin Estonia, available at
processes, decreasing level of “unknown https://ccdcoe.org/cyber-definitions.html,
unknowns”, moving them towards and turning them Accessed: 10th April 2022.
gradually into “known unknowns” and “known [10] Pescatore, J.: Toward a National Cybersecurity
known(s)”. Strategy, G00167598, Gartner, Inc., 2009.
[11] Tucker, E.: Official: FBI probing attempted
cyber breach of NY Times, available at
References:
http://www.federaltimes.com/articles/official-
[1] Björck F., Henkel M., Stirna J., Zdravkovic J.
fbi-probing-attempted-cyber-breach-of-ny-
Cyber Resilience – Fundamentals for a
Definition. In: Rocha A., Correia A., Costanzo times, Accessed: 31st May 2022.
[12] Walls, A., Perkins, E., Weiss, J.: Definition:
S., Reis L. (eds) New Contributions in
Information Systems and Technologies. “Cybersecurity”, G00252816, Gartner, Inc.,
Advances in Intelligent Systems and 2013.
Computing, vol 353. Springer, Cham, 2015. [13] Wheeler, J. A.: Emerging Risks in
[2] Dobrygowski, D.: Cyber resilience: everything Cybersecurity: Gartner’s Top Ten Predicitons,
you (really) need to know, available at http:// available at http://blogs.gartner.com/john-
https://www.weforum.org/agenda/2016/07/cyb wheeler/gartner-top-ten-cybersecurity-predicts/,
er-resilience-what-to-know/, Accessed: 21st Accessed: 2nd June 2022.
September 2022. [14] United States Department of Defense: Strategy
[3] Cyber Defense, available at for Operating in Cyberspace, Department of
https://www.techopedia.com/definition/6705/cy Defense, 2011.
ber-defense, Accessed: 10th April 2022. [15] Galinec, D., Steingartner, W., Zebić, V.: Cyber
[4] Exclusive Networks: Unknown Unknowns – Rapid Response Team: An Option within
The Ultimate Test for Cybersecurity, available Hybrid Threats. 2019 IEEE 15th International
at http://www.exclusive-
Scientific Conference on Informatics,
networks.com/uk/blog/unknown-unknowns-
ultimate-test-cybersecurity/, Accessed: 1st INFORMATICS' 2019, November 20th-22nd,
August 2022. 2019, Poprad, Slovakia, PROCEEDINGS,
[5] Goche, M., Gouveia, W.: Why Cyber Security Institute of Electrical and Electronics
Is Not Enough: You Need Cyber Resilience, Engineers,
available at Inc.
https://www.forbes.com/sites/sungardas/2014/0
1/15/why-cyber-security-is-not-enough-you- Contribution of Individual Authors to the
need-cyber-resilience/#562402a21bc4, Creation of a Scientific Article (Ghostwriting
Accessed: 1st July 2022. Policy)
[6] Hulme, G.V: Security spending continues to Darko Galinec has organized, performed and
run a step behind the threats, available at executed the research and the model building.
http://www.csoonline.com/article/2134074/strat
egic-planning-erm/security-spending- Creative Commons Attribution License 4.0
continues-to-run-a-step-behind-the- (Attribution 4.0 International, CC BY 4.0)
threats.html, Accessed: 13th June 2022. This article is published under the terms of the
[7] Infosecurity, available at Creative Commons Attribution License 4.0
http://infosecurityinc.net/wp- https://creativecommons.org/licenses/by/4.0/deed.en
content/uploads/2011/07/Consult-Cyber- _US
1Cyber-Threats-Diminishing-Attack-Costs-

E-ISSN: 2945-0454 88 Volume 1, 2022