Context of resilience, ontology & taxonomy
In 2009 ENISA published a report on gaps in standardisation related to resilience of communication networks. It highlighted the lack of a consistent taxonomy for cyber security that identifies the role of resilience. As a result, in 2011 ENISA launched a project with the objective of defining both an ontology and taxonomies of resilience. These should be used as the basis of further work in technical standardisation of means for providing and management of resilient networks, which will be discussed at a workshop in Brussels, 17, Oct.
What is missing?
Existing standards in the field have so far only addressed resilience indirectly. Therefore, they have been without detailed definition of the taxonomy and thus of the semantics of security. As metrics play a significant role in giving a meaning to any comparison of system resilience. It is therefore essential that they are normalised and promoted. The primary purpose of an ontology and taxonomies defined in this context is to use them as the basis of definitions and processes in the future work. Ultimately, the intent is to use them as mandatory standards to be followed for all network based resilience measures.
Definition of Taxonomy
A taxonomy is most often defined as a classification of terms and has close a relationship with the use of ontology. There are three characteristics that define a taxonomy:
- A form of classification scheme to group related things together and to define the relationship these things have to each other.
- A semantic vocabulary to describe knowledge and information assets.
- A knowledge map to give users an immediately grasp of the overall structure of the knowledge domain covered by the taxonomy, which should be comprehensive, predictable and easy to navigate.
How do you define resilience?
- Resilience is a also known as ‘Critical Infrastructure and Information Protection’ (CIIP) and a key task for the Agency. By the use of the term resilient, we characterise the networks that provide and maintain an acceptable level of service in face of faults (unintentional, intentional, or naturally caused) affecting their normal operation. The main aim of the resilience is for faults to be invisible to users.
What's an ontology?
- In computer science and information science, an ontology formally represents knowledge as a set of concepts within a domain, and the relationships between those concepts.
Against this background, the Agency and the European Commission Directorate General Information Society and Media (DG INFSO)’s Unit "Trust and Security" are jointly organising this workshop. The objective is to provide a platform for the exchange of ideas on this subject; including:
- Impact of resilience on standardisation activities for future networks;
- The regulator viewpoint: Why resilience is critical?
- The network operator viewpoint: Addressing resilience at network planning/dimensioning stage;
- The manufacturer viewpoint: How resilient equipment strategies impact innovation;
- Technological and research challenges: damaged networks recovery techniques; preservation of privacy in a network stress event.
Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!