Preface

摘要

As society relies more upon integrated cyber-physical systems, the potential for security systems breaches increases. As new safeguards are developed and implemented, adversaries continue to develop new ways to breach and disrupt critical infrastructure. While significant advances in the field of risk assessment have been achieved, risk-based solutions tend to focus on assessing and strengthening individual components of complex systems under specific threat scenarios. Realization of the inability to predict threats resulted in significant interest in resilience-based management. The US National Academy of Sciences (NAS) defines resilience as "the ability to prepare and plan for, absorb, recover from, and more successfully adapt to adverse events." This definition calls for a system view of resilience and provides the basis for several interagency efforts in the USA and EU on developing metrics for resilience management and for integrating temporal capacity of a system to absorb and recover from heterogeneous adverse events and then to adapt; resilience provides an entity with the ability to repair, replace, patch, or otherwise reconstitute lost capability or performance in physical, cyber, social, and cognitive domains. Resilience thus uses strategies of adaptation and mitigation to augment traditional risk management.