The document emphasizes the shift from traditional cybersecurity to a more proactive approach known as cyber resilience, which focuses on maintaining system functionality despite cyber threats. It outlines several strategies including adopting cloud security, implementing data-centric security measures, and fostering a culture of resilience within organizations. Additionally, it encourages anticipating attacks and integrating security throughout the development process to minimize vulnerabilities.

1. FROM
CYBERSECURITY
TO CYBER
RESILIENCE

2. ABSOLUTELY
IMPOSSIBLE
ABSOLUTE SECURITY IS
It’s not a question of “if” adversaries will
attempt to breach systems and data.
It’s a matter of “when.”
Cybersecurity protections are important.
But they aren’t enough.
Copyright © 2018 Accenture. All rights reserved. 2

3. EFFECTIVE
DEFENSE
THE NATURE OF
Instead of focusing solely on cybersecurity,
take a cue from Mother Nature.
Design for Cyber Resilience—the ability
to continuously deliver the intended
outcome despite adverse cyber events.
Do everything you can to prevent attacks—
and to minimize impact and potential loss
when an event does happen.
Copyright © 2018 Accenture. All rights reserved. 3

4. Overdesigned
Systems
approach from
Civil/Mechanical
Engineering Self-Contained
Redundant
Systems
Aeronautical
approach
Failure-Proof
Hardware
failed approach
to IT hardware
Fail-Over
Hardware
automated
switching to cold
sites with backup
generators and
disaster recovery
resources
Failure-Tolerant
Designs
highly
automated,
distributed,
over-designed,
redundant
systems
Copyright © 2018 Accenture. All rights reserved. 4
SHORTHISTORYOFRESILIENCE
AS SEEN
IN CLOUD
COMPUTING
AND THE
ELECTRIC
POWER GRID

5. STEAL.MODIFY.
Our adversaries want two things: to steal and modify data.
We must make it hard for them to attack data or take control.
And design systems to minimize the damage when they do.
Copyright © 2018 Accenture. All rights reserved. 5
HARDTOFIND
ATTACK
DAMAGE
STEAL

6. RESILIENCE
Copyright © 2018 Accenture. All rights reserved. 6
=ITRESILIENCE
=MISSIONRESILIENCE
CYBER
STOPREACTING.STARTANTICIPATING.
Anticipation is a hallmark of Cyber Resilience.
Engaging in proactive behavior is essential to achieving Cyber
Resilience. You can start with 6 steps to Cyber Resilience.

7. BE BRILLIANT
ATTHE BASICS
The “basics” include patching, updates,
access permissions, and other “blocking
and tackling” elements of cybersecurity.
These are absolutely essential—but only
represent the beginning.
Copyright © 2018 Accenture. All rights reserved. 7

8. EMBRACE THE
CLOUD FOR SECURITY
Security must be at the top of the many reasons
to migrate federal systems to the cloud. By
embracing the cloud you can tap into elastic
workloads, multi-zone computing, and multi-
cloud strategies that make it exponentially
harder for adversaries to find and harm you.
Copyright © 2018 Accenture. All rights reserved. 8

9. IMPLEMENT DATA-
CENTRIC SECURITY
Harden your data using one or more techniques
of data-centric security:
Copyright © 2018 Accenture. All rights reserved. 9
Encryption Marking
Tokenization
Segmentation
Throttle access
Tagging
Strong identity and access
management
Automated access decisions

10. DEMAND APPLICATION
SECURITY BYDESIGN
Make security integral to every stage of your
development process. Adopt DevSecOps
practices and use automated scanning and
testing to continually identify potential
vulnerabilities. Consider polymorphic coding
techniques to constantly shape-shift your
application attack surface—further frustrating
and raising the cost to your adversaries.
Copyright © 2018 Accenture. All rights reserved. 10

11. LEVERAGE SOFTWARE-
DEFINED NETWORKING
If adversaries can’t find you, they can’t attack
you. With software-defined networking, you can
constantly shape-shift your network. Literally
changing routes mid-session—sending
adversaries on the proverbial wild goose chase.
Copyright © 2018 Accenture. All rights reserved. 11

12. ENGAGE IN
PROACTIVE DEFENSE
Apply AI and security automation and orchestration
tools to detect and act at machine speed. Constantly
probe and pressure-test your environment to find
vulnerabilities before your adversaries do. Use threat
intelligence to better understand your adversaries
and focus on the threats that matter most.
Copyright © 2018 Accenture. All rights reserved. 12
In other words: become the hunter—not the hunted.

13. THENATUREOFEFFECTIVEDEFENSE
Weave together the 6 steps to create the fabric of Cyber Resilience.
But remember:
Copyright © 2018 Accenture. All rights reserved. 13
Cyber Resilience doesn’t happen
overnight.
ONE STEP AT A TIME.
This isn’t just about systems. It’s also
about people and mindset. Bring
together Mission, IT, and Security.
CULTURE OF RESILIENCE.
Prioritize by what matters to the mission.
Focus first on the “crown jewels” and
take steps to assure day-to-day mission
continuity. For minimum mission
disruption, start fresh and engineer
Cyber Resilience into new systems.
AGILE APPROACH.

14. 15
GUS HUNT
Managing Director and Cyber Strategy Lead,
Accenture Federal Services
gus.hunt@accenturefederal.com
linkedin.com/in/gus-hunt-55b57b3/
twitter.com/gushunt_
Copyright © 2018 Accenture. All rights reserved.
accenture.com/cyber