GRF Operational Resilience Framework Cited in President’s Council of Advisors on Science and Technology Report

The President’s Council of Advisors on Science and Technology has submitted to the president the report “Strategy for Cyber-Physical Resilience: Fortifying Our Critical Infrastructure for a Digital World.” In the report, Global Resilience Federation’s work on maintaining operational resilience has been highlighted as an example of setting “minimum viable operating capabilities” from which to weather an attack or other adverse event.

This effort by the Global Resilience Federation and its working group of partners has produced the Operational Resilience Framework to provide rules and implementation aids that support a company’s recovery of immutable data, while also – and uniquely–  allowing it to minimize service disruptions in the face of destructive cyber activity, geopolitical impacts, severe weather events, or other occurrences harmful to business continuity.

Thank you to the volunteers from Team 8, Mastercard, S&P Global, Wells Fargo, Lewis & Clark Bancorp, SMBC, Sharpe Management Consulting, Foundation for Defense of Democracies and Stoel Rives LLP who helped develop the Operational Resilience Framework referenced in the strategy document. This effort, and its impact today, was made possible by the tireless effort of security practitioners who recognize the threats arrayed against industry and seek to overcome them, together.

Global Resilience Federation is proud to have its work highlighted by the President’s Council of Advisors, recognizing a multi-sector effort to secure critical infrastructure.

If you are interested in learning more about the practical applications of the Operational Resilience Framework, consider joining an upcoming tabletop exercise (March 19 or April 17) that allows participants to test their organization’s resilience after a simulated, but plausible destructive wiperware incident which causes a disruption to payments.

The half day events will increase operational resilience awareness and help build greater maturity through the sharing of cyber risk, resilience and continuity practices. Exercise players will need to triage operations and recovery actions based on a cyber risk control framework, incident response, evaluation of critical business services, service delivery, data recovery/restoration and a communications plans, among other actions. Objectives and expectations:

• Understand the impact of a major, extended cyber disruption

• Explore implications of payments failures

• Gain a deeper understanding of service dependencies

• Consider rolling impacts like secondary attacks, liquidity issues and customer confidence

• Identify operational resilience strengths and weak points

• Identify industry best practices among peers

• Collect action items to address post-exercise

The first two exercises are designed for the financial services sector. A multi-sector exercise will be announced soon.