Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Connections and Intersections between Resilience Engineering and Security

Connections and Intersections between Resilience Engineering and Security

SnykCon 2020

The interdisciplinary field of Resilience Engineering is over 20 years old, even though it’s only recently come into contact with the online software world. In this SnykCon keynote John Allspaw describes this critical field, lays out some of the few connections that have been made to security in software-centered environments, and suggests some directions this community might go in to pragmatically move these connections and concepts forward.


John Allspaw

October 22, 2020


  1. Connections and Intersections: Resilience Engineering and Security John Allspaw Adaptive

    Capacity Labs
  2. about me Consortium for Resilient Internet-Facing Business IT Adaptive Capacity

  3. Early 2000s Human Factors Safety Science Cognitive Systems Engineering

  4. …a community emerges… Rail Maritime Surgery Intelligence Agencies Law Enforcement

    Aviation/ATM Space Mining Construction Explosives Fire f i ghting Anesthesia Pediatrics Power Grid & Distribution Military Agencies Mid 2000s
  5. None
  6. what makes this work as well as it does? what

    makes this work dif f i cult for people? what makes them good at it?
  7. Resilience is the story of the accident that didn’t happen.

    security incident
  8. anticipating monitoring responding learning Hollnagel, E. (2016). Resilience Engineering Perspectives,

    Volume 2 (C. P. Nemeth, Ed.). CRC Press.
  9. observing inferring planning troubleshooting diagnosing correcting modifying reacting anticipating adapting

  10. adaptation What: • conditions • investments • stances • activities

    …are necessary for effective adaptation to happen…. when/ where/how it needs to?
  11. adaptation What: • conditions • investments • stances • activities

    …are necessary for e f f ective adaptation to happen…. when/where/how it needs to? Resilience is something that you do, not something that you have. bit.ly/ResilienceIsAVerb
  12. incidents do not arrive with clear labels attached “I’m a

    garden-variety outage!” “I’m an attacker-led incident!”
  13. #warroo m 2020-01-26 14:57:4 0 Steve Hey guys, why is

    this happening 3 times a day every last 3 days? Is this some continuous attack effort or some continuous issues with servers? #incident-48712 
 2018-02-12 08:32:31 Lisa I’m not en t i rely sure we’re not being a t t acked at the moment… #emergency-room-3 2019-10-07 05:34:22 Phil wait is it possible that we’re just seeing this because there might be a DDoS going on?
  14. What is the automation doing now? What will it do

    next? How in the world did we ever get into that mode?
  15. anticipating monitoring responding learning What new vulnerabilities — and exploits

    — might be coming? Is our data safe at the moment? Is anyone actively probing or attacking us right now? What happened? How exactly did that happen? How did we know what we knew, when we knew it? What is the automation doing now? What will it do next? How in the world did we ever get into that mode? attacker they
  16. what does it look like to understand RE through a

    security lens?
  17. Challenges to Adversarial Interplay Under High Uncertainty: Staged-World Study of

    a Cyber Security Event DISSERTATION Presented in Partial Fulfillment of the Requirements for the Degree Doctor of Philosophy in the Graduate School of the Ohio State University By 
 Matthieu Branlat, B.S., M.S. 
 Graduate Program in Industrial and Systems Engineering The Ohio State University 2011 bit.ly/BranlatRedBlue
  18. Blue Team’s defense activity Red Team’s attack activity

  19. None
  20. None
  21. None
  22. None
  23. ALL work in security is cognitive work Effective security requires

    sustaining your ability to adapt on both short and long time scales 20+ years of research in Resilience Engineering: resilience = sustained adaptive capacity
  24. Understanding Resilience Engineering will take time the concepts are not

    intuitive and also critically important
  25. Change Is Afoot 2018 2019 J. Paul Reed 2018 Nora

    Jones Casey Rosenthal 2020 Jessica DeVita Chad Todd Tim Tischler 2021 Learning From Incidents In Software http://learningfromincidents.io
  26. Thanks! @allspaw Adaptive Capacity Labs