Potentials for Enhanced Operation
Security Operations Centers (SOC) must be ready to deal with a wide diversity of incidents, events and crises, spanning from the trivial to the unprecedented and genuinely surprising. Their operational agility - the ability to withstand and cope with unpredictable and surprising situations - requires both Robustness and Resilience. Robustness is necessary but not always sufficient. Resilience is the complementary approach in which adaptive capacities are built to prepare for the unexpected.
This section includes the following subsections:
https://impetus-pg.atlassian.net/wiki/spaces/IPGR1/pages/67045148
https://impetus-pg.atlassian.net/wiki/spaces/IPGR1/pages/67045231
Regardless of well the crises management processes are transformed through experience https://impetus-pg.atlassian.net/wiki/spaces/IPGR1/pages/67044930 or improved through strategic leverage , specific and sustained attention should be paid to the operational robustness and resilience, to avoid that the crisis management process (“crisis-as-process” in the figure below) fails or collapses.
Robustness and Resilience - a crucial distinction
A Robust SOC is able to successfully cope with the unexpected as a result of being planned, designed or implemented to absorb perturbations beyond what is anticipated.
A Resilient SOC is able to successfully cope with the unexpected in an emergent way by being able to adjust and adapt its way of functioning in “real time”, in an effective manner related to how the unexpected situation actually arrives and presents itself.
SOCs will benefit from building both Robustness and Resilience. In this section we will sketch out how the IMPETUS solution may be utilised in a process of building such capabilities.
Event vs. (SOC ) Process
Both perspectives will benefit from a distinction between: (see also Strategic Leverage for Improved Performance of the SOC as a Whole)
The crisis-as-event: the events (in public spaces) and the dynamics between them, including the influence from the actions taken by the SOC
The crises-as-process: the (SOC) working processes that produces the actions taken by the SOC
This distinction is based on the broad conceptualisation by [Williams et al., 2017], but here we use it for a specific purpose, namely to highlight the potential enhancement of SOC operations by means of the capacities of IMPETUS tools, as well the potential brittleness and fragility embedded in this potential.
Two Interrelated Types of Brittleness and Fragility
Neither Robustness nor Resilience can guarantee success.
The term brittleness addresses a sudden collapse or failure when events push a process up to and beyond its boundaries for handling changing disturbances and variations. Brittleness is therefore a condition that may cause that something apparently stable turns out to be fragile.
Robustness may therefore be brittle at the boundaries of preparedness; when perturbations and the dynamics of the events overwhelms existing functionality. Fragility of Robustness as a capability is therefore mainly visible related to crisis-as-event.
Resilience may be brittle when the (inevitable) limits and boundaries of adaptive capacities are encountered. Fragility of Resilience as a capability is therefore mainly related to crisis-as-process.
The two types of brittleness and fragility are thus different, but interrelated. Robustness may also be brittle due to improper implementation. At the other extreme, if Robustness is the dominant approach, attempting to prepare for “any” scenario, it may jeopardise adaptive capacity (constituting resilience). Scholars like [Woods 2019] argue that such systems may be “robust, yet fragile”. This pertains especially to crises-as-process.
Keeping Woods' (2019) warning in mind [Woods 2019], it is nevertheless recommended to build Robustness as a foundation. The actual balance point between Robustness and Resilience must be found by each unique organisation. The good news is that the IMPETUS solution may be a platform for capacity building for both Robustness and Resilience of the crises-as-process.
The IMPETUS Tools and Solution as a Base for Capability Building.
Neither Robustness nor Resilience capabilities comes for free, both have their inherent limits, but they can be gradually built through a deliberate process, in which an IMPETUS type of solution is at centre stage.
The IMPETUS solution may be seen as an intermediary; the “eye” observing the crisis-as-event as influenced by SOC decisions and actions, and a collaboration arena for the crises-as-process. In understanding the potential influence of IMPETUS solution as an enabler for capability building, we distinguish between:
The influence on each SOC operator’s contribution to working processes (as described in Impact on Operational processes>Impact on basic SOC processes)
The influence on the SOC working processes as a whole (as described in Impact on Operational processes>Leverage for improved performance of the SOC as a whole)
The initial preparation for the capability building will be that the actual SOC/organisation outlines its own interpretation of the above impacts. That is, an assessment on how the actual portfolio of tools will impact each SOC Operator’s contribution to the work processes, and how this can be leveraged into a higher performance with respect to, e.g., joint situational awareness for the SOC operation.
Scenario Preparation
Moreover, capability building of Robustness and Resilience will require that three types of scenarios of the crises-as-event are outlined from the start.
A Regular scenario which the actual SOC and Operators are very familiar with
An Anticipated scenario reflecting an “irregular”, anticipated scenery and set of events which the SOC and Operators, however, are confident they will be able to identify the proper actions towards
A Surprise scenario partly building on the Anticipated scenario, but which is escalated in a manner which is considered unlikely but not impossible, and in which proper actions and responses are not yet identified
They are labelled R.x, A.x and S.x, respectively, to signify that will need to be updated regularly to support a progression in the development of robustness and resilience.
These three scenario types will be the point of departure for capability building in the crises-as-process domain, with the IMPETUS (type of) solution as an intermediary for both the SOC operator and the SOC as a whole.
In the following, a stepwise approach for building Robustness and Resilience capabilities, respectively, will be outlined in separate sections. However, especially as Resilience building is a never-ending story, it is important to start from the right angle. That is, Robustness is a comparatively more stable property that can be built and thereafter ensured, while Resilience is the more fragile property that must be continuously built and renewed.