Blog
November 18, 2021
CTO, SynSaber
For me in 2021, the concept of resiliency brings new use cases, examples, and lessons learned as individuals and organizations tackle new challenges. It means continuing forward in the face of known and unknown adversity. Resilience can be tagged with different qualifiers such as “cyber” or “operational”, but from my personal experience, it comes down to people as much as it does processes and technologies. This is especially true for industrial environments where the crew’s (operator’s) awareness and ability to operate the ship (plant) is as important as the technical solutions that support a resilient system.
Cyber Resilience Guidance
The idea of operational resilience has been around for quite some time. An organization with the ability to operate through unexpected events started to manifest itself in the cyber realm through disaster recovery and continuity of operations planning. Early cybersecurity controls from NIST and others included these concepts as processes that should exist, be exercised, and assessed on a regular basis. This came at a time when IT outages would have a direct impact on the bottom line of a company, as a result of more and more enterprise systems becoming critical (dare I say, converged) to business operations.
From an industrial perspective, this feels familiar. As more and more enterprise-like technology is brought into the industrial environments through modernization, operational resilience becomes tied to cyber resilience. Recognizing this, CISA and others have created guidelines, controls, and assessment methodologies addressing resilience head-on.
Reference
CISA CRR
https://us-cert.cisa.gov/resources/assessments#Downloadable%20Resources
CERT
https://www.sei.cmu.edu/our-work/enterprise-risk-resilience-management/index.cfm
While I do enjoy a 299 question interview process as much as the next (spoiler alert, I really do enjoy these things), that is an entirely different blog.
🚀 I’d rather talk about spaceships. 🚀
Operational Resilience: Keeping the Lights on Since 1882
Taking a step back from guidelines and controls, let’s focus on the people. When have you felt most resilient to change? For me, it’s when I was confident or secure in some of the basics: knowledge, awareness, experience, empowerment. Efforts to predict the future or theorycraft how a situation may unfold are useful exercises, but the confidence in knowing my particular abilities and surroundings creates an unmatched feeling of resilience.
Resilience Concepts
We can handle this because of:
- The awareness of conditions
- The previous experience of same / similar conditions
- The visibility into the operational field
The Ship and its Crew
I love space operas, not just for their technical geekiness but mostly for the stories that play out among their people. Famous ships like NCC-1701, Serenity, and Galactica had a heart and soul of capable and empowered crew. Each knew not only what was technically possible in operations, but had the awareness and empowerment to understand the real possibilities under evolving circumstances. Each episode would start with some clear objective. Everything is going great then suddenly… BAM! 💥 Long-range sensors indicate unknown conditions.
The crew would leap into action collectively running diagnostics, sending out probes, and making decisions. Sometimes engineering would have to provide more power, or pilots take evasive action. But what always stuck out for me as the viewer — the times when they had to throw out the playbooks and improvise were always the most impressive. Trusting their instincts, taking in information, communicating with each other, and relying on their collective experience is what made the team resilient.
Now back down to earth. No story would be complete without at least mentioning the OODA Loop*, a concept developed by Col. John Boyd USAF. While much has been written about the OODA Loop and its applications to cyber, what is taken for granted is the continuous application within industrial operations. Supervisory Control and Data Acquisition is full of observation, orienting, deciding and acting through visibility into processes, and ability to act and control when necessary. The highly distributed yet centrally controlled nature of operational environments makes resiliency possible, but not without highly experienced operators.
*(As former USAF I am required to mention OODA Loop as frequently as possible. https://en.wikipedia.org/wiki/OODA_loop for more details)
The same can be said for cyber resilience. If we take an operational viewpoint, this ship/crew analogy applies to so many technologies in our realm: SIEMs, data lakes, IDS, firewalls, EDR/XDR. Sure, you need sound and capable ships, but if the crews cannot operate them with confidence, they fall under the slightest changes in condition.
Looking Past the Horizon
As we approach 2022, a much needed refocus on empowerment of people is critically important. New cyber threats, ongoing real-world challenges, and whatever’s next on the horizon is a continuing normal. When the storm blows, our operations should be like “a leaf on the wind, watch how I soar”, ready for anything and everything (but without the harpoon, Firefly fans). How do we do that? Through empowerment of people.
For us at SynSaber, empowerment for the operator, whether industrial or cyber, is enabled by visibility and awareness within the dark (read more about how we’re doing that in this press release: https://synsaber.com/synsaber-announces-palm-sized-operational-threat-sensor-sabers-for-industrial-asset-security-telemetry/). These are the building blocks to ensuring not only a resilient ship, but a crew with the confidence to operate through any new challenge.
Your assignment for the rest of 2021: Get to know your crew, not just those on the bridge or in engineering, but outside of your organization as well. Building the relationships and sharing war stories, use nerdy analogies from Firefly, and connect. The greatest ships in the world are nothing without their crew, and the same can be said for industrial/cyber operations.
~Ron 💜🚀
Become a Subscriber
SYNSABER WILL NEVER SELL, RENT, LOAN, OR DISTRIBUTE YOUR EMAIL ADDRESS TO ANY THIRD PARTY. THAT’S JUST PLAIN RUDE.
