Modalities for Cyber Security and Privacy Resilience: The NIST Approach
Janine S. Hiller, Roberta S. Russell
Cybersecurity was a major topic of discussion at the 2015 World Economic Forum in Davos – the Sony attack; huge data breaches at Target and Adobe; a 91% increase in targeted cyber-attacks; annual losses of over $400 billion; the exposure of 904 million personal data records; cyber-attacks on a Finnish bank, a South Korean credit bureau, a German factory’s industrial controls, and the Ukrainian government; as well as increased general anxiety over critical infrastructure exposure (Tobias 2014; WEC 2015). These incidents highlight the risks inherent in a world increasingly complex, interconnected, and cyber-based. Much like thinking in other fields of disaster and crisis management, creating an impenetrable boundary or eliminating cyber risk entirely has given way to building cyber resilience. Cyber resilience is a social, economic and national security issue. This paper examines one approach, the NIST Cybersecurity Framework, in terms of building resilience in both cybersecurity and privacy.