Cyber Security and Cyber Defense Challenges and Bu
Cyber Security and Cyber Defense Challenges and Bu
Cyber Security and Cyber Defense Challenges and Bu
Abstract: - Cyber security encompasses a broad range of practices, tools and concepts related closely to those
of information and operational technology security. Cyber security is distinctive in its inclusion of the offensive
use of information technology to attack adversaries. Use of the term cyber security as a key challenge and a
synonym for information security or IT security misleads customers and security practitioners and obscures
critical differences between these disciplines. Recommendation for security leaders is that they should use the
term cyber security to designate only security practices related to the defensive actions involving or relying
upon information technology and/or operational technology environments and systems. Cyber defense is a
computer network defense mechanism which includes response to actions and critical infrastructure protection
and information assurance for organizations, government entities and other possible networks [3]. In this paper,
we investigate how cyber security and cyber defense may lead to cyber resilience with the novel model of cyber
resilience designed and presented. Furthermore, within the same model authors investigate actions for cyber
security and cyber defense in conditions of increasing challenge of cyber-attacks and the limited capabilities to
respond to this threat describing the process of creation, performance and future of EU Cyber Rapid Response
Teams (abbr. CRRT) and Mutual Assistance in Cyber Security, introducing novel approach to cyber security
and cyber defense at the EU level.
KeyWords: - CRRT, Cyber Defense, Cyber security, Cyber Resilience, Conceptual Model, Rapid Response
Team
Received: April 16, 2022. Revised: November 6, 2022. Accepted: November 28, 2022. Published: December 31, 2022.
risks and the limited capabilities to respond to cyber security strategy utilizations and resources in the
threats. Secondly, the aim is to describe the process most effective fashion. The cyber defense also helps
of creation and performance of EU Cyber Rapid in improving the effectiveness of security resources
Response Teams and Mutual Assistance in Cyber and security expenses, especially in critical
Security, introducing a novel approach to cyber locations ,[6].
security and cyber defense at the EU level.
2.3. Cyber Rapid Response Teams –
CRRT(s) – and Mutual Assistance in Cyber
2.1. Methodology Security project
With the understanding of the specific Understanding an increasing challenge of cyber
environment, cyber defense analyses the different defense and the limited capabilities to respond to
threats possible to the given environment. It then this threat, Lithuania proposed to the EU Council on
helps in devising and driving the strategies Defense a project on Cyber Rapid Response Teams
necessary to counter the malicious attacks or threats. and Mutual Assistance in Cyber Security which
In this regard the goal is to give perspectives for aims not only to strengthen own security but as well
achieving cyber resilience in today’s information- to increase cyber defense capabilities on the
communication environment. Model-driven European level. By the project, it’s intended to
methodology and method have been used in the create multinational rapid response cyber teams
creation of the model scheme. composed of participating countries’ cyber defense
Perspectives for cyber security and cyber defense experts.
engagement, aiming to achieve cyber resilience in The value-added of the project is that different
today’s information-communication environment, from many other existing multinational initiatives in
are given and the novel Conceptual Cyber cyber defense which concentrate on the exchange of
Resilience Model is created. The paper provides an information this project will include sharing of the
innovative approach to the modelling of cyber human resources. The project will cover research on
resilience taking into account EU Cyber Rapid various legal procedures in the domain of cyber
Response Teams, CRRT(s) in Cyber Security as one security in the EU, organization of table top
of the possible solutions sharing people (through exercises (cyber crisis simulation exercises) and
mutual assistance), processes and technology development of cyber defense tools ,[15]. Six EU
introducing novel approach to cybersecurity and countries have joined the project (Croatia, Estonia,
cyber defense at the EU level. Lithuania, Netherlands, Poland, Romania), with
seven states observing it (Belgium, Finland, France,
2.2. Cyber defense Greece, Italy, Slovenia, Spain).
In the run-up to his special operation, the attacker
will presumably make wide use of non-military
(indirect) moves and techniques, including targeted 3 Problem Solution
cyber-attacks against the communications systems Cyber security is no longer enough: there is a need
of the enemy’s control bodies at all levels. Decisive for strategy of defense, prevention and response.
battles in new-generation wars will rage in the The idea of resilience, in its most basic form, is an
information environment, in which the attacker’s evaluation of what happens before, during and after
computer operator manipulating the “intelligent a digitally networked system encounters a threat.
machines” at a distance will be the key figure in the Resilience should not be taken to be synonymous
battle-space. Encrypted data flowing in public with recovery. It is not event-specific: it accrues
communication channels will be among the coveted over the long term and should be included in overall
targets for cyber-attacks ,[15]. business or organizational strategy. Resilience in
Cyber defense focuses on preventing, detecting context of ability of systems and organizations to
and providing timely responses to attacks or threats withstand cyber events means the preparations that
so that no infrastructure or information is tampered an organization has made with regard to threats and
with. With the growth in volume as well as the vulnerabilities, the defenses that have been
complexity of cyber-attacks, cyber defense is developed, and the resources available for
essential for most entities in order to protect mitigating a security failure after it happens.
sensitive information as well as to safeguard assets
,[15]. Cyber defense provides the much-needed
assurance to run the processes and activities, free
from worries about threats. It helps in enhancing the
3.1. Conceptual Cyber Resilience Model Systems have different weak spots and different
The first point, that a long-term view and durability processes (challenges) and they each manage risk in
are key factors in ensuring cyber resilience, does not different ways (solutions). In other words, to each
need further explanation. A plan that encompasses security challenge (evaluated as ”known” or
actions and outcomes before, during and after the ”unknown”) corresponding solution to that
emergence of a threat will generally be superior to a challenge exists (evaluated as ”known(s)” or
plan that only considers one instance in time. ”unknowns”).
The second point, that leaders must broaden the By incorporating values obtained during the
conversation, merits more attention. It is vital to system security assessment process into the model
economic and societal resilience that we think we get ”known known(s)” relating to information
beyond information security to overall network security, ”known known(s)” relating to cyber
resilience that ensures we can deal with existing security and ”unknown unknowns” related to cyber
risks and face new risks that will come with such resilience ,[4].
things as artificial intelligence, the internet of things Example: There is a known crisis in the cyber
or quantum computing. In order to ensure long-term security workforce: a massive shortfall in qualified
cyber resilience, organizations must include in their and trained security professionals. There is also an
strategic planning the ability to iterate based on unknown solution to this crisis. The broad and
evolving threats from rapidly evolving disruptive growing scope of the challenge requires a
technologies ,[2]. corresponding broadening of skill sets that are both
While there are many broader definitions of known and unknown ,[11].
cyber security, there is a difference between the Finally, Cyber Resilience Model structure and
access control of cyber security and the more content is presented (Figure 1), consisting of
strategic, long-term thinking cyber resilience should information security (Confidentiality, Integrity and
evoke. Additionally, since vulnerability in one area Availability, abbr. CIA, triad threats and responses
can compromise the entire network, resilience to them i.e. - known known(s), cyber security (non-
requires a conversation focused on systems rather CIA complex threats, Advanced Persistent Threats,
than individual organizations. For networked abbr. APT(s) and corresponding responses to them
technologies, vulnerability in one node can affect i.e. known unknowns) and cyber resilience
the security and resilience of the entire network. (unforeseeable and unpredictable threats and
Therefore, resilience is best considered in the responses to them unknown unknowns).
context of a public good or commons. That’s why There are opportunities around those cyber
partnerships are keys. These can be between security solutions that can take the fear factor out of
businesses as well as with regulators, prosecutors unknown quantities, and make them ”known”. But
and policy-makers ,[2]. Since cyber resilience is there continue to be significant opportunities around
really a matter of risk management, there isn’t a those protection measures that apply the universe of
single point at which it begins or ends. Instead, it known cyber threat knowledge, to keep the system
comes from building strategy and working to ensure continuously secure ,[4].
that the risk-transfer mechanisms that work for more
traditional threats are also brought to bear on new
cyber threats. Responsibility for cyber resilience is
question of strategy rather than tactics. Being
resilient requires those at the highest levels of a
company, organization or government to recognize
the importance of avoiding and mitigating risks.
While it is everyone’s responsibility to cooperate in
order to ensure greater cyber resilience, leaders who
set the strategy for an organization are ultimately
responsible, and have increasingly been held
accountable for including cyber resilience in
organizational strategy ,[2].
Combating known threats is an essential part of a
cyber security strategy. It goes alongside advanced
capabilities to anticipate, capture and ultimately
learn from unknown threats.
IoT) trend. Deviations in the proper operation of projects exchanged ideas and discussed the common
these interconnected systems or their parts are no cyber-toolkit to be developed. The cyber-toolkit for
longer merely technical difficulties; they pose a the CRRT(s) will give the participating countries a
danger with a global security impact. Modern capability for cyber-incident management.
societies counter them with a range of activities and Participants addressed needs of every participant
measures collectively called cyber security. and the common vision. Representatives of the
Normalization is the key and cyber risk should participating countries discussed funding
be viewed just like any other risk that an mechanisms of the toolkit and created development
organization must contend with in order to fulfill its plan. The toolkit will ensure the CRRT(s) have the
goals. Leaders of business and government need to basic technical equipment which is one of the
think about resilience for two reasons: first, by factors for the lasting success of the project.
doing so they avoid the catastrophic failure Future research is directed towards finding and
threatened by an all-or-nothing approach to cyber enabling efficient and effective processes for agile
risks (i.e. preventing network entry as the only (adaptable, aware, flexible and productive) cyber
plan), and second, it ensures that the conversation resilience of the security information system able to
goes beyond information technology or information cope with unforeseeable and unpredictable events
security ,[2]. (unknown unknowns) in inner and outer
By promoting an overall cyber-resilience environment of the system as a whole. In this
approach, long term strategy (including which regard, following the establishment of the Rapid
technologies a business will implement over the Response Team as the first step, future research will
next five, 10 or more years) is a continual strategic focus on building opportunities and providing
conversation involving both technology and mutual assistance and cooperation in responding to
strategic leaders within an organization. The cyber- major cyber incidents through information sharing,
resilience approach ensures greater readiness and joint training, mutual operational assistance and
less repetition making it, on the whole, more creation of shared capabilities.
efficient and more effective. Security, in contrast to
resilience, can be seen as binary. Either something is
secure or it isn’t. It is often relegated to a single, 4 Conclusion
limited technical function, keeping unauthorized In this paper the ways, processes and means for
users out of a networked system ,[2]. achieving cyber resilience in today’s conditions of
The real cyber security challenge is the emerging security risks are examined. Within the
unknown. Former US Secretary of Defense Donald context of cyber resilience (cyber security and
Rumsfeld gave the explanation of this during a news emerging risks) the novel Conceptual Cyber
briefing in 2002:”There are known known(s). These Resilience Model that encompasses information
are the things that we know. There are known security and cyber security is presented. Further
unknowns. That is to say, there are things that we investigations of ours are directed towards finding
know we don’t know. But there are also unknown and enabling efficient and effective processes for
unknowns; these are things we don’t know we don’t agile (adaptable, aware, flexible and productive)
know” ,[11]. cyber resilience of the security information system
Technologies are being developed which, unlike able to cope with unforeseeable and unpredictable
traditional approaches, have the ability to protect events (unknown unknowns) in inner and outer
system from serious threats by learning what is environment of the system as a whole.
normal for the organization and its people and Within the process of novel conceptual model
thereby spotting emerging anomalies. Unlike, the building the process of creation and performance of
traditional rules and signature based approach, the EU Cyber Rapid Response Teams and Mutual
technology can spot threats that could harm Assistance in Cyber Security is described,
organization and network that the traditional introducing novel approach to cyber security and
approaches are unable to detect. It can deal with cyber defense at the EU level putting it into the
uncertainty and delivers adaptive protection for context of the Cyber Resilience Model. Key roles
organizations from both insider threats and related to that goal have people (actors) and their
advanced cyber-attacks. performance at all levels of systems hierarchy
The project of developing the European Union (cyber security and cyber defense).
Cyber Rapid Response Teams is close to completion
of its development phase. Representatives of
European Union member states participating in the