Cyber resilience is becoming increasingly recognized as a critical component of comprehensive cybersecurity practices. Current cyber resilience assessment approaches are primarily qualitative methods, making validation of their resilience analyses and enhancement recommendations difficult, if not impossible. The evolution of infrastructure resilience assessment methods has paralleled that of their cyber counterparts. However, the development of performance-based assessment methods has shown promise for overcoming the validation challenge for infrastructure systems. This article describes a hybrid infrastructure resilience assessment approach that combines both qualitative analysis techniques with performance-based metrics. The qualitative component enables identification of system features that limit resilience, and the quantitative metrics can be used to evaluate and confirm the effectiveness of proposed mitigation options. The authors propose adaptation of this methodology for cyber resilience analysis. A case study is presented to demonstrate how the approach could be applied to a hypothetical system.
Optimal recovery sequencing for critical infrastructure resilience assessment.
