The resilience of data networks is vital for the economy and society. Yet, abnormal but legitimate traffic, malicious attacks, accidents or human mistakes, and technical failures at lower levels can still hamper network access.
This has major consequences for the information society, as networks is found everwhere, behind energy, water, e-commerce – i.e. the entire critical information infrastructure.
ENISA now presents the design principles of “end-to-end resilience” in a widened scope, e2e Resilience, in its new report. The e2e approach involves aspects beyond, and in addition to, technology for standardization bodies and policy makers.
Resilience is needed when operators lose control of the course of things, i.e. when incidents render incident response procedures ineffective and destabilize the management. Thus, resilience management and design has to consider all aspects: the end-users, the context in which they use the system, the technology of the system, the structure of the organization and the organization’s ability to be resilient, and ultimately the ability of the society in which the system operates.
The new comprehensive Agency report focusing at public networks and services identifies the decisive factors for end-to-end resilience. It thereby informs standardization bodies and regulators how to enable and manage end-to-end resilience.
The e2e resilience concept in this report is expanded from being bound only to the network layer, to be a more comprehensive and thereby different approach in this unique study. This extended scope of end-to-end resilience is achieved from the planned combination of prevention, protection, response and recovery arrangements, whether technical, organizational or social.
In detail, the report stipulates that e2e requires:
- To cope with incidents from very minor up to extreme impacts
- To cope with situations that can be handled through everyday incident response procedures up to crises too complex to be handled in a day-to-day procedural manner.
The report also provides a comprehensive characteristics of a resilient system:
- A resilient system is reliable
- A resilient infrastructure features high availability that is an effect of all components
- A resilient system should provide for business continuity and management of unforeseen or unexpected risks
- A resilient system should offer a security level adequate to the information being transmitted
- End-to-end resilience requires resilience in all components of the infrastructure.
The complete report is available here.