Strengthening Cyber Resilience with the NIST Cybersecurity Framework 2.0

In today’s interconnected digital landscape, organizations face an ever-increasing array of cyber threats that can disrupt operations, compromise sensitive data, and harm brand value. To effectively navigate these challenges organizations must prioritize cyber resilience. The United States National Institute of Standards and Technology (NIST) to improve the cyber resilience of US national critical information infrastructure has developed NIST Cybersecurity Framework that has now reached 2.0 version.

While developing the standard NIST sought and factored in opinions from major corporations from diverse industries like Boeing, Siemens, Huawei, Intel, Microsoft, NTT, AT&T, Merck, and JP Morgan & Chase.

As a result, the framework provides a comprehensive and adaptable approach to enhancing cyber resilience.

It has six pillars: Govern, Identify, Protect, Detect, Respond, and Recover. These functions serve as a foundation for developing a holistic cyber resilience strategy.

The process starts with Govern function encompassing 6 categories:

1. Organizational Context.

2. Risk Management Strategy.

3. Roles, Responsibilities, and Authorities.

4. Policy.

5. Oversight.

6. Cybersecurity Supply Chain Risk Management.

Together these serve as governance tools to ensure the cyber resilience target level is defined and aligned within an organization.

The Identify function looks for specific cyber resilience threats. It involves understanding the organization’s critical assets, systems, and data and assessing potential threats and vulnerabilities. By conducting thorough risk assessments, organizations can prioritize their efforts, implement sustainable security architecture patterns and allocate resources effectively. Particularly, the function includes 3 categories: Asset management, Risk assessment & Improvement.

Protect function focuses on delivering and operating relevant security controls to prevent or reduce the likelihood of unwanted cyber events. It includes the following 5 categories:

1. Identity Management, Authentication and Access Control.
2. Awareness and Training.
3. Data Security.
4. Platform Security.
5. Technology Infrastructure Resilience.

Detect function is about tracking leftover risk levels or not forecasted unwanted cyber events by applying monitoring controls, specifically including 2 categories: Continuous Monitoring and Adverse Event Analysis.

For a rainy day scenario, an organization would need a Respond function. The function is tasked with damage control and includes 4 categories: Incident Management, Incident Analysis, Incident Response Reporting, and Communication as well as Incident Mitigation.

The final function, Recover, is a function of last resort helping organizations survive when damage has been extensive. The function includes 2 categories — Incident Recovery Plan Execution and Incident Recovery Communication. Aside from that the function assumes extensive planning (including defining RTO and RPO values) and disaster exercise testing efforts.

This extensive set of practices is a multi-year journey that is meant for organizations that are seeking sustainable operations and having strategic development plans spanning years and decades ahead.