Creating
Resilient Cyber World
Imagine an unreliable internet, mobile devices only working for a few hours each day, or being shocked to discover your family photos are no longer in your cloud or on your device — or worst-case scenario, they’re gone forever. That’s a sad world.
It would be our world if cyber resilience were not a priority for communication service providers in cities across the globe. Mission and business systems would be down for hours, and unreliable interruption would affect our economies.
So, how do we establish resilience in our evolving cyber world?
We start by defining cyber resilience, evaluating our focus areas and determining how to lower risk.
When most people think of cyber resilience, they wonder how it differs from cybersecurity. Both areas are critical to protecting cyberspace and providing reliable communication to our customers and clients.
Cybersecurity is an organization’s ability to protect its networks against criminal activity or unauthorized use.
Cyber resilience aims to ensure that business operations are safeguarded so that a threat or breach does not demobilize the entire business or ruin your mission. The U.S. Commerce Department’s National Institute for Standards and Technology defines cyber resilience as the ability to anticipate, withstand, recover from and adapt to adverse conditions, stresses, attacks or compromises on systems used or enabled by cyber resources.
In our world, a cyber resilience leader would ask questions such as
- How do we respond and recover from a cyberattack?
- How do you ensure cyberspace meets the business needs and mission requirements for your organization?
- How do we build cyber resilience into our world to plan for various bad cyber events?
"As I look back on those times I realize that I had a backstage pass to watch the president run the United States. My mother was also so proud of me. She told everyone her son worked for President Obama. "
– Cleo Thomas Vice President, Strategic Initiative Group
Being a cyber resilient leader
In 2015, I was assigned as the commander of the White House Communications Agency (WHCA), supporting former President Barack Obama. Our motto was “The Voice of the President.” This was the most complex and high-visibility assignment in my entire career! I was responsible for providing global communications to the president of the United States 24 hours a day, 7 days a week, even on the golf course.
As I look back on those times, I realize that I had a backstage pass to watch the president run the United States. My mother was also so proud of me. She told everyone her son worked for President Obama.
To achieve cyber resilience, I had to ask questions about backup power at hotels, buildings and schools. I also had to evaluate the redundancy in hotel communications systems, coordinate with cell phone companies to access multiple cell towers and ensure buildings provided access for additional communication equipment. By the way, I also had to provide cybersecurity for each of the redundant systems we put in place.
With all those tasks, I realized that I had to start thinking like a team, not an individual. Understanding my job was not enough to support the President, secret service, White House staff and my joint Department of Defense (DoD) team. I had to understand man, machine, mission, medium, leadership and facilities.
A great example of communications resiliency is when former President Bush visited a school during the horrific events of September 11, 2001. The WHCA was responsible for ensuring leaders from around the world were able to communicate, share and receive guidance and directions from the president of the United States.
Cyber leaders must move outside their comfort zone to become resilient. We must expand our view to understand what enables our communications networks. Our data centers are our most significant assets and our highest risk. Unless we know the power and cooling that makes data move across the network, we don’t see the whole picture. When we recover from cyberattacks or catastrophic events, we have to become more proactive and prioritize recovery to create resilience.
Today, I look back on my life experience and know that cyber resilience is critical to protect our communities. We have to withstand an attack or quickly recover from an attack while bringing systems online and operating effectively to meet business objectives and clients’ mission-critical needs.
Here’s my cyber resilience journey
My experience with communications, cyberspace and cyber resiliency started in 1992 when I entered the Army. Over my 25-year career as a signal officer, I matured into a leader who understood cybersecurity and cyber resilience.
As a second lieutenant at Fort Bragg, North Carolina, my team of soldiers and I built secure, resilient networks from the ground up. We would integrate and prioritize the joint forces’ missions to ensure we had communications coverage across the entire battle area. We also provided redundancy in power, cooling and equipment, and we trained personnel to meet our critical mission. I had to look at logistics, recovery procedures and resilience plans to ensure the warfighters could send both voice and data to soldiers hundreds of miles away.
An Army general officer said, “Cleo, if I can’t talk to my leaders on the battlefield, there is a chance that lives could be lost; every second without communications is an advantage for our enemy.”
That powerful quote set me on a path for building networks that are resilient and protected.
I remind my team that we must be resilient when it comes to communication. We have to think in threes, meaning we must have three ways to communicate at all times and from all locations. •
Former President Bush gathers information about the terrorist attack during September 11, 2001. Photo credit: U.S. National Archives P7058-20A (George W. Bush Library, Lewisville, Texas)
"Cleo, if I can’t talk to my leaders on the battlefield, there is a chance that lives could be lost; every second without communications is an advantage for our enemy. "
– Army General Officer