Despite the best security efforts, compromises of information systems continue to occur. While the best practice response to a cyber-attack may be to isolate an attacked network or node, this is often not an acceptable course of action for mission-critical systems. For mission-critical resources, a network or node should be capable of carrying on, even in a degraded state, during a cyber-attack, continuing to provide critical services. Such systems, called “resilient” or “survivable” systems, are able to “fight through” cyber-attacks in order to achieve mission objectives.
Human reaction times are very slow in comparison to the speed of cyber-attacks, which can occur within milliseconds. A survivable system should be able to react to attacks more quickly than can be accomplished through manual intervention. Survivable systems therefore may provide a high degree of automation, so the network or node can dynamically respond to threats in real time.