Resposible AI – Complex adaptive systems for resilience

Digital Operational Resilience Act (DORA) is A European Union regulation that went into effect in January 2023 and will apply as of January 2025 (financial sector). DORA aims to improve cybersecurity and operational resilience, so we would delve into details of how cyber resilience extends as a Risk management practice and can be built into the systems to minimize the impact of VUCA events. Companies now face VUCA challenges from Volatility, Uncertainty, arising from the inability to predict future events; Complexity, and Ambiguity.

The key to successful adoption is to understand how the business runs, align, and strategic thinking & planning
– Protect Customers/business, identify risk & opportunity
– Balance user experience and security processes
– Recommend solutions by making informed decisions – Clarity brings confidence and builds trust
– Identify KPIs to monitor and continually improve

Cybersecurity includes practices that ensure the safety of the Code, Cloud security posture, and workload security; However, these so-called zero-day attacks and some of the advanced threats ATP, introduce high levels of uncertainty.

“A famous quote by General Dwight D. Eisenhower states that ‘plans are worthless, but planning is everything. ‘”

How can companies improve their cyber resilience? The ultimate goal is for the organization to continuously deliver its functions or services. We adopt an AI-first approach to identify the preparations, responses, recovery, and adaptation activities that enhance an organization’s cyber resilience against adverse events.

We start with an obvious case. It has been demonstrated that Artificial intelligence technologies can prove helpful in helping cybersecurity professionals cut through the endless noise of incidents, alerts, and risks to which their detection systems expose them, enabling them to handle more incidents more efficiently and to address weak signals before they transform into full-fledged crises.

Stage 1: Making the business case for data investments becomes compelling as business leaders experience the real-time implications of data gaps. Measuring the costs of producing cyber-resilience, trying to identify the optimal equilibrium between investments and effectiveness, and looking for low-cost but still effective practices. Monetizing data typically stems from key strategies:

Acquiring New Data Sources: Obtaining new data or more detailed levels of existing data.
Utilizing Data Efficiently: Leveraging new technologies to be more effective & faster (Near real-time, Real-time

Transformation Process: The pyramid illustrates a hierarchical process where data is incrementally transformed into more valuable forms of information, knowledge, and ultimately actionable intelligence. Each level builds upon the previous, adding value and context to ultimately drive strategic actions and decisions. Knowledge-graph-Based– Rule Generation: In cybersecurity tasks, knowledge graphs could play a significant role in representing real-world knowledge more interconnectedly, making it simpler to navigate and comprehend the relationships between various pieces of information.

Regular cybersecurity operations are laden with latency in discovery from the event is triggered to Countermeasure taking effect. One of the key KPIs for the team would be MTTD / MTTM, Mean time to detect, and Mean time to mitigate, as well as Accuracy and focus.

Now come AI enablers (Technologies) for cyber resilience: The diagram highlights the key technological elements essential for implementing resilience, categorized into four main groups (A, B, C, D). Each group represents a set of technologies that contribute to enhancing the efficiency, adaptability, and intelligence of processes. These technological elements are crucial for the successful implementation of Cyber resilience. They enhance the ability of systems to adapt to changes, optimize operations, and make data-driven decisions, leading to improved efficiency, productivity, and innovation.

Stage 2: Along with AI Technologies, the systems need to adapt involves embracing change and being nimble to mitigate threats, developing situational awareness, and adjusting to evolving conditions. The goal of resilience is not just survival but adapting to reach a new state of equilibrium. These are Complex Adaptive Systems CAS need

Coherence: Subsystems must align with the overall system to prevent chaos.
The Edge of Chaos: CAS operates between stability and chaos.
Self-Organization, Innovation, and Emergence: Systems adapt and innovate autonomously to evolve and solve issues.

How sensemaking intricately shapes cyber-resilience practices, which in turn attempt to ease these tensions to improve the quality and reduce the uncertainty of decision-making. Feedback loops allow agents to measure, sense, and adapt, ensuring continuous system improvement and driving innovation. Agents within CAS respond to signals, learn from changes, and recommend innovations. They ensure the system adapts and evolves.

AI-native SOCs (Security Operations Centres) with adaptive capabilities and Next Generation SIEM (Security Information and Event Management) solutions require continuous customization and improvement based on business context. When implemented appropriately, systems help reduce toil and alert fatigue, allowing employees to focus on long-term strategic and preventive harm.

Further maturity can be achieved with Tabletop exercise and Simulation with emulators / Digital Twin, a closed-loop system, where data from the physical world is used in the digital world for analysis and simulation. This integration between the real, model and your business environment using the digital twin definition model DTDL model ML over Knowledge graphs, and digital worlds facilitates continuous improvement, optimization, and informed decision-making in various applications. Digital Twins is well-adopted for digital manufacturing, cybersecurity, supply chains, smart cities, etc.

A cyber-resilience program that aims to be effective should be seen as a complex adaptive system, being nimble to threats, and adapting to optimize to minimize disruptions and maintain trust and stability in the digital environment.

References:

https://crefnavigator.mitre.org/navigator : Cyber resilience framework by MITRE

https://www.bcg.com/publications/2020/how-to-become-an-all-weather-resilient-company