Principle: B5 Resilient Networks and Systems
The organisation builds resilience against cyber attack into the design, implementation, operation and management of systems that support the operation of essential functions.
This means ensuring that the essential functions performed by your organisation are resilient to cyber attack.
Organisations should ensure that not only is its technology well built and maintained, but also that consideration is given to how the operation of the essential function can continue in the event of technology failure or compromise to ensure that data remains available.
Technical controls and secure architecture designs should be utilised to both reduce the impact of an attack and minimise the attack surface.
Policy
The following requirements are placed on government departments:
- Government Organisations shall meet the CAF requirements of the relevant Government Profile under this principle.
Guidance
- You should be prepared to respond to significant disruption by having business continuity and disaster recovery planning in place. The NCSC’s Mitigating malware and ransomware attacks Action 4 encourages you to identify your critical systems and data, develop an incident management and recovery plan and continually test and update these to protect the availability of your systems and data.
- The NCSC’s Preventing Lateral Movement guidance includes content on architectural controls, configuration changes and security procedures to reduce the attack surface for a threat actor in the event of a compromise. It advises network segmentation where systems and data may not need to communicate with each other and that user access is limited only to a specific system where required. See the NCSC’s Reduce the impact of compromise for supplementary information.
- The NCSC’s Denial of Service (DoS) guidance will allow you to understand the DoS and DDoS (Distributed DoS) attack vectors, implement inbuilt network level defences and, in the case of an incident, to quickly deploy mitigations to reduce the impact or an attack. The NCSC’s Secure by Design Make disruption difficult section adds further information on designing a system with scalability in mind, whilst considering potential bottlenecks and understanding dependencies on third-party service providers.
- You should make appropriate use of diverse technologies, geographic locations and so on, to provide resilience. The NCSC cloud security principle 2 on asset protection and resilience discusses how the use of availability zones and hosting data across multiple data centres and geographic regions can ensure that the impact of a potential outage is minimised.
- In the event of an adverse event, you should be able to revert to backups that are known to be functioning, accessible and readily available. The ‘Back up your data’ section of the NCSC’s Data Security guidance promotes backing up of business essential data, through discussing the maintenance of secured offline, potentially off-site, backups of operational data and recommending that these backups be tested regularly to ensure that your data remains accessible.
Enhanced profile guidance
- Backups should be secured at centrally accessible or secondary sites to provide additional resilience to your essential functions. The NCSC’s Data Security guidance recommends keeping an offline backup separate from your network, or in a cloud service designed for this purpose, with access and credential restrictions implemented on these servers.
Further information
Further guidance and information can be found on the NCSC’s CAF Guidance webpage.