Cyber resilience: what it is and why it matters

5 min read

The future is now.

Cyber resilience is having a moment.

It’s breathtaking to think about just how quickly and thoroughly we’ve become reliant on technology and its underlying network of systems. As we begin a new decade, enter an election year, and experience the introduction of fifth-generation wireless technology (5G), now is a good time to assess your own state of cyber resilience.

In less than a generation, our dependence on cyber systems has fundamentally transformed the way we live and work. Everything from routine daily activities—accessing your bank account, checking your child’s grades online, and interacting on social media platforms—to essential governmental functions like conducting local, state, and federal elections—now relies on the power and speed of technology. 

There’s really no looking back. The appetite to harness the power and benefits of technology and data will only continue to increase. The rate of our adoption and reliance on technology is not just increasing; it’s increasing exponentially. 

Cell Phones: Take, for example, the use of cell phones. According to the U.S. Census Bureau, the U.S. population in 2000 was 282.2M and in 2018 was 327.2M (a 16% increase).

Meanwhile, Statista shows cell phone subscriptions in the U.S. increased from 109.48M to 404.58M over the same time span (a 269% increase). In fact, there are more cell phone subscriptions than people in the United States…think about that!

Source: Statista

Not only has cell phone usage increased, the manner in which we use cell phones has changed drastically. Cell phones have evolved into smartphones—and not only do individuals, businesses, and government organizations use them to make phone calls, they use them to take photos, videos, email, access the internet, text, control smart devices, and much, much more. Even in their simplest form, cell phones contain private data and personal information. And according to the U.S. Computer Emergency Readiness Team, cell phones are one of the fastest-growing targets for cyberattacks.

Internet of Things (IoT): The Internet of Things is rapidly changing the way individuals, businesses and the government use and interact with devices. The range of connected devices goes beyond the smart assistant, smartwatch, or thermostat. There are a multitude of connected devices that go unnoticed by the public—sensors, industrial controls, even medical devices.

The very connectedness and distributed nature of the IoT leaves it open to security and safety vulnerabilities. Every connected device is vulnerable to attack or misuse. In September 2016 at DEF CON, one of the world’s largest security conferences, 47 vulnerabilities affecting 23 IoT-enabled items (door locks, wheelchairs, thermostats and more) from 21 manufacturers were hacked (Pew Research Center). These attacks highlight the vulnerabilities of connected devices and how susceptible they are to be hacked and exploited.

Fifth Generation Network (5G): It’s safe to assume that the introduction of new technology like 5G will not only promote further acceleration and adoption of technology for personal, business, and government use, but also affect how smartphones and other connected devices coexist.

The speed and range of newly available radio frequencies will connect previously unconnected devices, accelerate processes, and change entire operating models.

As millions of devices gain access to wireless, high-speed connectivity, the potential for massive denial-of-service attacks increases significantly. Bad actors could hijack devices and overwhelm targets with internet traffic, crippling their competition or silencing dissent. As businesses and government agencies become more reliant on emerging technology and 5G—they must keep in mind the varying levels of security and the risk of manipulation.

Long Range, Low Power Communications: Innovations in wireless spectrum utilization will permit widespread use of long-range, low-power communications and enable precise tracking. Initial use of this technology, based on Amazon’s Sidewalk technology, is a dog collar attachment that can locate your pet up to a half-mile from your home. Another implementation comes from Apple and serves as the foundation for their rumored “AirTag” tracking device. Communicating with distant devices and never losing your keys sounds great and convenient; but always-on, ultraprecise tracking has significant privacy and safety implications.

So what’s the danger?

The current and emerging challenges are not linear or discrete. They are persistent, interdependent, and often hard to detect. Seamless connectivity is convenient for individuals, businesses, and government agencies, but the dispersed nature of systems and weaknesses in security creates inherent vulnerabilities. No one is immune. 

Right now, Bluetooth is an invisible glue that binds devices together. As highlighted by Wired.com, this means that when it’s been compromised or exploited, it affects everything from iPhones and Android devices to Amazon Alexa, Google Home, and even physical authentication keys used to secure other accounts.

A new forecast from International Data Corporation estimates that there will be 41.6 billion connected IoT devices, or “things,” generating 79.4 zettabytes (ZB) of data in 2025. As the number of connected IoT devices and the amount of data generated by these devices continues to grow, interruptions, denial of service attacks, tracking and lack of data privacy become more costly and potentially deadly.

On a personal level, even if you limit your use of the Internet, electronic transactions, and mobile devices, your information is stored electronically by other entities: your bank, your children’s schools, your healthcare providers, and others. Criminals continually target businesses, probing for vulnerabilities in their systems to access personal and financial data. And governments are being targeted by other government and non-government organizations as a means to disrupt critical operations or to sow the seeds of discord among its citizen base.

Cyber resilience: A shift in how we think and operate

So what do we do about this juxtaposition of our ever-increasing use of technology and the ongoing, persistent, and increasingly complex threats to our technology? The answer is NOT to stop using technology. Instead, by implementing risk management processes and by embracing a partnership model with technology and service providers, we can achieve a state of Cyber Resilience.

But “cyber resilience” is a very opaque and subjective term of art. What does that term even mean? In this blog, we’re talking about an ongoing state of awareness, and adapting and operating in today’s world that relies heavily on cyber resources. It’s really a cultural shift, a new way of thinking and operating that allows individuals and organizations to prepare for and efficiently adapt to ever-changing conditions. It is not so much an “end state” as it is a way of being constantly aware of your risk profile, making adjustments where and when necessary, and learning to live in an environment where our government, business, and personal data is accessible and vulnerable to many individuals and organizations.

We can look to the government for a model and for best practices to tailor to our personal, business, and civic lives. The federal government recently established the Cybersecurity and Infrastructure Security Agency (CISA) to act as the nation’s risk advisor for critical cyber and physical infrastructure.

As you can imagine, CISA is busy publishing and updating guidance to help protect our civic, business, and personal lives. In one of their earliest documents, CISA’s August 2019 “Strategic Intent,” the agency outlined a framework that includes principles such as Partnership Development, Information and Data Sharing, Capacity Building, Incident Management and Response, Risk Assessment and Analysis, Network Defense, and Emergency Communications. We can apply that framework to our own situations to begin building cyber resilience in our daily lives.

What can we do and how do we do it?

There’s a lot you can do to build cyber resilience around you. Now’s the time to start taking action to protect yourself, your household, your workplace, and even your vote.

As you develop your understanding of the cyber resilience landscape, look for our upcoming blog posts to help you develop a sense of agency and self-efficacy. What’s one step you can take today to begin developing cyber resilience in your work, personal, and civic lives?

Scott Rutler Scott Rutler focuses on homeland security, defense, and cyber issues. He has a B.S. from the United States Military Academy at West Point and an MBA from Johns Hopkins University. For the past 20 years, he has helped government agencies as they address emerging threats to their critical operations and their supporting cyber and physical infrastructure.