Comparative Analysis of Cyber Resilience Strategy in Asia-Pacific Countries

Cyber resilience, the ability for positive adaptation in the face of adverse cyber events, is seen as an evolution in the cybersecurity posture of organizations and countries. It represents a mindset shift from protection and avoidance of adverse cyber events and the development of fail-safe systems to anticipation and planning for adverse cyber events, including the development of systems that are safe-to-fail. At the national level, the adoption and incorporation of resilience thinking in the national cybersecurity strategies is given impetus by several factors, including the inevitability of both known and unknown cyber risks, as well as the demands for holistic resilience from multilateral frameworks, including the United Nations 2030 Sustainable Development agenda, the New Urban Agenda, and the Sendai framework. This paper presents findings from a review of the national cybersecurity strategies of several countries in the Asia-Pacific region. The review is framed along several lines of inquiry that explore the extent to which the countries incorporate whole-of-society cyber resilience in their national cybersecurity strategies. While most countries give recognition of the importance of cyber resilience, few countries provide a detailed operationalization of cyber resilience in their strategies. Not surprisingly, the pattern, that countries with higher cybersecurity maturity have a more nuanced articulation of cyber resilience, is noted from the review. However, some countries with lower cybersecurity maturity are noted to provide more apparent avenues for the engagement of civil society stakeholders, including third-sector organizations, in the cybersecurity strategies.

[1]  David M Cook Mitigating Cyber-Threats Through Public-Private Partnerships: Low Cost Governance with High-Impact Returns , 2010 .

[2]  Igor Linkov,et al.  Resilience metrics for cyber systems , 2013, Environment Systems and Decisions.

[3]  William G. Duncan,et al.  Republic of China, Taiwan , 1974 .

[4]  Tomas Hellström,et al.  Critical infrastructure and systemic vulnerability: Towards a planning framework , 2007 .

[5]  Igor Linkov,et al.  Fundamental Concepts of Cyber Resilience: Introduction and Overview , 2018, Cyber Resilience of Systems and Networks.

[6]  Audrey J. Dorofee,et al.  Computer Security Incident Response Team Development and Evolution , 2014, IEEE Security & Privacy.

[7]  C. S. Holling Understanding the Complexity of Economic, Ecological, and Social Systems , 2001, Ecosystems.

[8]  Sulfikar Amir,et al.  Sociotechnical Resilience: A Preliminary Concept , 2018, Risk analysis : an official publication of the Society for Risk Analysis.

[9]  B. Lanvin,et al.  The global information technology report 2013 , 2013 .

[10]  Zachary A. Collier,et al.  Bridging the Gap from Cyber Security to Resilience , 2017 .

[11]  Thomas R. Devine,et al.  Human Risk Factors in Cybersecurity , 2019, SIGITE.

[12]  Lisen Schultz Collaborative Resilience : Moving Through Crisis to Opportunity , 2013 .

[13]  Sadie Creese,et al.  A taxonomy of cyber-harms: Defining the impacts of cyber-attacks and understanding how they propagate , 2018, J. Cybersecur..

[14]  Edwin Roberts,et al.  Transportation networks , 1977, 1977 IEEE Conference on Decision and Control including the 16th Symposium on Adaptive Processes and A Special Symposium on Fuzzy Set Theory and Applications.

[15]  Jill Slay,et al.  Harmonized taxonomies for security and resilience , 2016, Inf. Secur. J. A Glob. Perspect..

[16]  T. Kankaanranta,et al.  Co-production of cybersecurity: a case of reported data system break-ins , 2018, Police Practice and Research.