In Episode 85 of TheCyber5, we are joined by Chief Technologist of Transformative Cyber Innovation Lab for the Foundation for Defense of Democracies (FDD) Dr. George Shea.  

Here are four topics we discuss in this episode:

• What is the Operational Resiliency Framework (ORF)? 

The Operational Resiliency Framework (ORF) is a framework that is intended to be used by executives to ensure business continuity processes when their suppliers are knocked offline during natural disasters and cyber attacks. 

• Defining Minimum Viable Services

Step one, and the most important step, is defining a minimum level of service for all products and services. When disasters or cyber attacks occur, the minimum viable service will reveal the critical suppliers that need extra attention from a redundancy and monitoring perspective. 

• Resilience is Not Going to Stop a Cyber Attack

The ORF is not a compliance requirement nor will this framework stop a cyber attack. However, this framework is designed to help organizations respond when an attack has taken place and is ongoing. For example, if an attacker is already within the system, it’s important to keep valuable services running and ensure the suppliers that enable those critical services don’t go down. This framework goes beyond your perimeter to the suppliers and customers. 

• Cyber Configurations Are Critical

While this is not a cyber security framework, technical controls and configurations on the suppliers is an important part of the process for minimum viable services to be up and running.