ABSTRACT: Resilience – thriving through adversity – has become a central theme in discussions about energy and other critical infrastructure sectors. Now that energy systems are controlled, automated and networked through information and communications technologies, the definition of energy sector resilience has expanded to include cyber resilience. This focus commonly emphasizes technology and technological solutions aimed at preventing, mitigating or rebounding from crises. For instance, the most prominent United States definition of cyber resilience (from the Department of Commerce) is largely reactive – “withstand, recover from, and adapt” – and technology-centric, “to compromises on systems that use or are enabled by cyber resources.” 

The terms “cyber” and “resilience” are both words that mean different things to different people. For some, cyber is purely technical, while for others cyber refers to cyber-enabled disinformation. Resilience might refer to the reliability of a single system, or “the ability to continue to function, perhaps in a degraded state, when that system is unavailable.” [1] 

This paper advocates for a broader concept of energy sector cyber resilience for NATO allies and partners. A concept of energy sector cyber resilience that encompasses social-technical and operational dimensions is needed to better addresses the complex and interdependent nature of these systems, and the potential context of hostilities.

Download the full report here.