The European Network for Information Security Agency (ENISA) has issued a lengthy report that outlines the finer points concerning end-to-end network resilience.
The recommendations detail best practices for mitigation efforts for those times when bad situations turn worse, or in ENISA's terms, "when incidents render incident response procedures ineffective and destabilise the management."
The primary focus of the report is geared towards critical infrastructure systems used in public networks and services.
ENISA's report covers abnormal but legitimate traffic loads, accidents and human errors, large scale disasters, malicious attacks, and technical failures at lower levels that can adversely affect network access and operations.
The document's executive summary states:
End-to-end resilience is achieved from the planned combination of prevention, protection, response and recovery arrangements, whether technical, organisational or social. It is required:
- To cope with incidents from very minor up to extreme impacts
- To cope with situations that can be handled through everyday incident response procedures up to crises too complex to be handled in a day-to-day procedural manner
A number of statements can be made that characterise a resilient system:
- A resilient system is reliable.
- corollary: a reliable system may be used as the foundation of a resilient system but a reliable system will not always be resilient
- A resilient infrastructure features high availability that is an effect of all components
- A resilient system should provide for business continuity and management of unforeseen or unexpected risks
- A resilient system should offer a security level adequate to the information being transmitted
- End-to-end resilience requires resilience in all components of the infrastructure
The good practices identified in this document should be enforced as a first measure to achieve resilience.
The report covers aspects of network design, operations and access control management. It also looks at risk assessment and impact analysis for system wide resiliency planning.
The full report can be downloaded from ENISA at the following link: