Proceedings of the International Teaching and Education Conference
Year: 2024
DOI:
[PDF]
Shift from Cybersecurity to Cyber Resilience
Vitālijs Rakstiņš
ABSTRACT:
The research paper looks at how cybersecurity is shifting to cyber resilience concept. With the digitalization of mutually interdependent essential services, cybersecurity is becoming a more complex and comprehensive concept, including joint kinetic/digital risk management and all hazards approach to enable businesses continuity even during the crisis. Cyber resilience is about creating business continuity system, that operates even when essential services are disrupted or supply chains are affected, like in the recent CrowdStrike case. The research paper will look at a few EU initiatives on cyber resilience, like the NIS2 directive, the Cyber Security Act, the Cyber Resilience Act, and the 5G Toolbox to illustrate ongoing shift from the technical protection to strategic risk (strategic dependencies) assessment and setting additional responsibilities to the private sector (standards, an obligation to report, supply chain security / avoiding strategic dependencies, security by design, security by default, duty to care, and responsibility for the Internet of Things life cycle etc.). As the attack surfaces are growing exponentially (think millions of Internet of Things devices), disruptive technologies like AI or quantum computing are the game changers for cyber domain, highlighting the need for stronger public-private partnerships and a whole-of-society approach. The research paper will summarize the lessons learned and provide recommendations for regulation and policy.
keywords: cyber resilience, cybersecurity ecosystem, supply chain security, business continuity, whole-of-society approach