Skip to main content
shared header v2
Push Down Banner V1 Analytics Patch, remove after implementing V2 (S9 or S10)
Global nav V2 patch, remove after adding the mobile languages fix in the codebase (S7 or S8)

Perspectives Home / Security

Governments Stress Test Digital Resilience — Companies Should, Too

Nations run exercises to expose potential cracks in their infrastructure. What can enterprises learn from doing the same?


“Resilience” is hip, but it is not new. In fact, its first known usage dates back to 1626 by Sir Francis Bacon in Sylva sylvarum; or, A naturall historie. Today, the Oxford English Dictionary defines resilience as “the quality or fact of being able to recover quickly or easily from, or resist being affected by, a misfortune, shock, illness, etc.; robustness; adaptability.”

U.S. government agencies, like the Department of Homeland Security and industry alike — including Splunk — focus on building resilience given our critical dependence on Information and Communications Technology (ICT) and the pervasiveness of disruptions by bad actors, glitches or natural (or manmade) disasters.

Director of the Cybersecurity and Infrastructure Security Agency (CISA) Jen Easterly recently called out Ukraine’s approach to cybersecurity. In an August 9 blog, she writes, “Ukraine has demonstrated an impressive ability to quickly respond to, and effectively restore its critical infrastructure, despite facing barbaric kinetic attacks. It is critical for the United States to take inspiration from Ukraine's successes and proactively fortify its defenses and improve its response and recovery mechanisms.”

There are several models for building resilience. Most align with Easterly’s model discussed in that same blog: 

First, organizations must identify their most critical functions and assets, define dependencies that enable the continuity of these functions, and consider the full range of threats that could undermine functional continuity.

Second, organizations must perform dedicated resilience planning, determining the maximum downtime acceptable for customers, developing recovery plans to regain functional capabilities within the maximum downtime, and testing those plans under real-life conditions.

Finally, organizations must be prepared to regularly adapt to changing conditions and threats. This starts with fostering a culture of continuous improvement based on lessons learned and evolving cross-sector risks.

Each step is critical, but the foundation to success is measuring and monitoring performance and the time it takes to recover or rebound. Businesses and governments alike need telemetry to understand the status of network operations and identify anomalous activity. This capability encompasses more than detecting security issues — it also includes monitoring and discerning the difference between technical glitches, such as hardware or software failure, or physical disruption, such as weather or an explosion. 

A critical gap is the need for exercises within enterprises to test resilience capabilities. In 1997, the U.S. government sponsored an Eligible Receiver exercise designed to test its ability to identify, detect, and respond to a series of digital and physical infrastructure events. The results were eye-opening. There was widespread confusion as NSA’s red team had little difficulty disrupting systems. Given enterprise dependence on digital infrastructure, resilience exercises are warranted. These need not be as complex as past USG exercises, but they should test critical digital infrastructure dependencies. Many companies maintain “follow the sun” operations which would require tests to encompass operations overseas too. 

The world has changed dramatically since 1997. The word “cyber” was new to almost everyone. This was the era of dial-up modems operating at 56 kilobytes per second. Since 1997, the US Government has run a series of Cyber Storm exercises, the most recent in 2022. 

Simplistically, enterprise digital infrastructure requires an EKG heart monitor and pacemaker. The former evaluates the status of networks to identify potential problems quickly, and the latter keeps operations on track. This is not an academic exercise for enterprises, given the SEC’s recent ruling requiring reporting an “incident” material to investors within four days and a requirement catalog monitoring capabilities.  A key question becomes how fast enterprises can detect and remediate a digital event.

Given the dramatic changes and enterprise dependency on digital infrastructure over the past 25 years, it is time for enterprises to begin regular resilience tests too. 

Read more Perspectives by Splunk


July 11, 2023  •  3 Minute Read

The Best Pieces We've Read (And Watched) This Year — So Far

Splunk’s thought leaders share the most valuable reports, blogs, webcasts and articles they’ve encountered in 2023.

exec orders

August 7, 2023  •  5 Minute Read

Executive Orders: What Happens When CIOs, CTOs and CISOs Join Forces

Finessing board communications. Navigating the explosion of large language models. Considering the state of cyber warfare. These are just a few conversation topics that crop up when CxOs get together for an executive forum.


JULY 11, 2023  •  4 Minute Read

3 Lessons From Cybersecurity Leaders in 2023

The research is in: Here's what we learned from surveying 1,500+ leaders in DevSecOps about the state of security today.