Abstract
The planning of cyber security within a complex system and the application of its principles and procedures aims to achieve the system's resilience in cyber space, i.e. Cyber Resilience. The purpose of a complex system is to carry out a mission as a set of abilities and preferences with regard to the internal and external circumstances of the system. Achieving cyber resilience requires organizational, human, material and financial means in the implementation of measures, activities and procedures to reduce the level of residual (remaining) security risk. This is the part of the security risk that must be accepted within the system, since at the time of risk assessment with regard to internal and external circumstances as an opportunity to develop capabilities, it is not possible to achieve its further reduction. The conceptual research presented in this paper analyzes the ways and means for achieving cyber resilience in the conditions of today's growing security risks. The goal of this research is to create a new model of cyber resilience, which includes cyber and information security. The context of the model consists of unrecognized security risks in cyberspace, and the conceptual modeling method is used to design the model. The model implies and encompasses the awareness of the existence of unknown system vulnerabilities and at the same time unknown cyber threats and attacks as possible consequences of the existence of unrecognized vulnerabilities. This also takes into account the fact that the methods of preventing unprecedented threats Zero-Day Attacks in a large number of business cases are unknown today, as well as the methods of defense and possible responses to them - Unknown Unknowns. To confront the aforementioned challenges, there is a need to create "knowledge about ignorance" of a complex system, i.e. to develop cyber capabilities and their realization, based on the principles of cyber security and cyber defense.References
European Commission (2020). Shaping Europe’s digital future. Retrieved from https://digital-strategy.ec.europa.eu/en/policies/nis-directive.
Europski parlament(2013). Usvojeni tekstovi - Strategija za kibernetičku sigurnost u EU-u: otvoren i siguran kibernetički prostor. Dohvaćeno s https://europarl.europa.eu/doceo/document/ TA-7-2013-0376_HR.html.
Europsko Vijeće (2022). Kibersigurnost: kako se EU bori protiv kiberprijetnji. Dohvaćeno s https://www.consilium.europa.eu/hr/policies/cybersecurity/
f5 (2022). Overview. 2022 State of Application Strategy Report.
Galinec, D., Možnik, D., Guberina, B. (2017). Cybersecurity and Cyber Defence: National Level Strategic Approach. Automatika Journal for Control, Measurement, Electronics, Computing and Communications, Vol. 8 No. 3, ISSN: 0005-1144, Taylor & Francis, London UK, pp. 266-272, 2017. doi:10.1080/00051144.2017.1407022.
Galinec, D., Steingartner, W. (2017). Combining Cybersecurity and Cyber Defense to Achieve Cyber Resilience. IEEE 14th International Scientific Conference on Informatics - INFORMATICS 2017 (pp. 87-93, 2017.). Institute of Electrical and Electronics Engineers, Inc., Poprad Slovakia.
Herring, M.J, Willett, K.D. (2014). Active cyber defense: a vision for real-time cyber defense. J Inform Warfare. 13(2):46- 55.
Hrvatski sabor (2007). Zakon o informacijskoj sigurnosti, Narodne novine 79/07.
Hrvatski sabor (2018). Zakon o kibernetičkoj sigurnosti operatora ključnih usluga i davatelja digitalnih usluga. Narodne novine 64/18.
Hrvatski sabor (2021a). e-doc - Hrvatski sabor. Dohvaćeno s https://edoc.sabor.hr/.
Hrvatski sabor (2021b). Hrvatski sabor. Dohvaćeno s https://sabor.hr/.
NATO (2020). Allied Joint Doctrine for Cyberspace Operations (AJP 3.20). Edition A Version 1. NATO Standardization Office (NSO).
NATO Cyber Cooperative Cyber Defence Center of Excellence (2017). Cyber Definitions. Retrieved from https://ccdcoe.org/cyber-definitions.html.
Središnji državni ured za razvoj digitalnog društva (2021). E-savjetovanja. Dohvaćeno s https://esavjetovanja.gov.hr/ECon/Dashboard.
Središnji državni ured za razvoj digitalnog društva (2022). Kibernetička sigurnost. Dohvaćeno s https://rdd.gov.hr/izdvojeno/kiberneticka-sigurnost-1436/1436?big=1.
Vlada Republike Hrvatske (2015). Nacionalna strategija kibernetičke sigurnosti. Narodne novine 108/15.
Techopedia (2019). Cyber Defense. Retrieved from https://www.techopedia.com/definition/6705/cyberdefense.
United States Department of Defense (2011). Strategy for Operating in Cyberspace.
Zak, D. (2021). ‘Nothing ever ends’: Sorting through Rumsfeld’s knowns and unknowns. Retrieved from https://www.washingtonpost.com/lifestyle/style/rumsfeld-dead-words-known-unknowns/2021/07/01/831175c2-d9df-11eb-bb9e-70fda8c37057_story.html.
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
Copyright (c) 2022 Array