Why our industry must shift from prevention to cyber resilience

COMMENTARY: Over the past year, cyber operations by foreign adversaries, including the People’s Republic of China (PRC), have moved away from traditional espionage and data theft to developing strategic plans that could infiltrate and cripple critical U.S. infrastructure.

Moreover, the strategic exploitation of vulnerabilities by foreign adversaries at critical U.S. infrastructure locations could be remotely activated with very severe consequences. An "all at once" cyberattack could devastate numerous public and private organizations. In such a case, many organizations that are not thoroughly prepared may just have to rebuild.

[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]

Both domestic and foreign cyberattacks against critical infrastructure are increasing each year. So, government and industry must make a fundamental shift in how it protects critical infrastructure, data, and operations.

Prioritize resilience over prevention

Organizations must shift their approach as modern cyber risks demonstrate that breaches remain unavoidable. By shifting to a resilience mindset, this means teams must decide how they will prepare for, respond to, and recover from a cyberattack. This shift in mindset should include the following:

Identify and protect critical functions that must continue during incidents.

Develop rapid data recovery capabilities for when attacks succeed.

Leverage emerging technologies like artificial intelligence (AI) to build resilience.

Make practical guidance accessible to resource-constrained organizations, such as those at the state and local levels.

Regularly test cyber resilience capabilities—no organization should assume any level of confidence without being able to demonstrate it.

Adopt a ‘minimal viable operations’ concept

Define the essential services to protect national security, public safety, and economic stability. For example, healthcare organizations must preserve their emergency response capabilities and patient care delivery when cyberattacks and other disruptions occur.

The "minimal viable operation" concept shifts the priority from stopping all cyberattacks to preserving essential operations and recovering compromised data and systems. Teams must segment and secure these critical systems and their extended trust relationships to ensure they can either withstand a cyberattack or quickly restor them to a known, trusted state within minutes or hours, using immutable, logically air-gapped data backups.

Security teams should use Tier-0 service support to distribute resources, minimizing public service disruptions or threats to health and safety. The framework demonstrates that operational continuity requires both technical defenses and the identification of essential infrastructure for national and operational continuity.

Enhance cyber resilience via AI

Experts are increasingly optimistic about AI's transformative potential in cybersecurity. In a podcast recorded during a live panel at the New York Stock Exchange in March, former CISA Director Jen Easterly shared that if organizations use AI to refactor insecure, legacy code at scale to remove whole classes of vulnerabilities, AI can advance a much safer technology ecosystem.

Rob Joyce, former director of cybersecurity at the National Security Agency, echoed this sentiment. He said stealthy "living-off-the-land" attacks, such as those attributed to the PRC, where attackers avoid introducing malware or external code into the environment, will instead exploit existing legitimate tools.

In this instance, a cyber resilience tactic must include analyzing user behavior patterns with user intelligence. AI can uncover subtle anomalies that signal compromise, potentially cutting attacker dwell time from months to mere days. Together, these insights underscore how AI must be part of any organization’s cyber resilience strategy.

By assuming breaches are inevitable, prioritizing essential services and operations, leveraging AI, and holding vendors accountable for secure products, we can build a strong foundation for cyber resiliency that helps critical infrastructure organizations recover their data and operations quickly while also protecting public safety.

Travis Rosiek, public sector chief technology officer, Rubrik

SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.