Resilience

MITRE has defined a set of goals, objectives, and techniques for cyber resilience that can be applied to IoT products and systems. In their proceedings on cyber security, MITRE defined the goals of cyber resilience as Anticipate, Withstand, Recover, and Evolve. This implies the ability to fight through an attack and continue operations, perhaps in a limited capacity. Read more at https://www.mitre.org/sites/default/files/publications/pr-17-0914-proceedings-of-sixth-annual-secure-and-resilient-cyber-architectures-invitational.pdf.

The ability to anticipate and withstand an attack are not typically included in consumer IoT products; however, as these products continue to be integrated into mission-critical infrastructure, new approaches should be employed to build resilience into product baselines. Tools and techniques that can be used to meet resilience goals include deception, such as honeypots, as well as diversity of components (for example, to guard against supply chain vulnerabilities).

Using analytics to monitor events can provide a foundational capability for anticipating attacks, and designing redundancies into service baselines can support continued availability even during an attack.