Skip to Main Content
The National Academies of Sciences, Engineering and Medicine
Forum on Cyber Resilience
Cyber Forum Home

Workshop on Recoverability as a First-class Security Objective


The Forum on Cyber Resilience facilitates and enhances the exchange of ideas among scientists, practitioners, and policy makers concerned with urgent and important issues related to the resilience of the nation's computing and communications systems, including the Internet, other critical infrastructures, and commercial systems. Forum activities help to inform and engage a broad range of stakeholders around issues related to technology and policy in the context of cyber resilience, cybersecurity, privacy, and related emerging issues. A key role for the Forum is to surface and explore topics that can help advance the national conversation around these issues.

Large-scale data breaches have spotlighted the challenge of maintaining confidentiality of data.[1] Cyberattacks and breaches, such as ransomware, can also compromise availability and/or integrity of critical systems. The abilities to mitigate the effects of a successful attack and to reliably recover either to full functionality, or to a well-understood set of critical functionalities are important; in some circumstances, recovering to full functionality is more important than the ability to protect confidentiality. This workshop will explore such recoverability as a first-class security objective—at different granularities (from documents to data centers) and from both research and operational perspectives.


Topics speakers at the workshop will be invited to address:


Policies and Practices

  • How to design effective organizational policies, terms of service, and/or guarantees that provide sufficient incentive for services to reliably recover from disruption; what policy and organizational changes help to improve recoverability prospects?

  • What aspects of the legal, policy, and regulatory landscape affect requirements for recoverability? For example, e-discovery rules, by which parties are expected to share documents electronically, has implications for how information systems that support legal efforts are designed and architected.

  • What data and metadata are needed to effectively recover after a widespread ransomware or destructive malware incident in an enterprise?

  • Examples of recovery approaches at a variety of scales (documents to data centers) and for various kind of security properties; case studies. To what extent can learning and insights from these experiences be generalized to be accessible to others who wish to develop better recoverability prospects?

  • Cyber recoverability in practice – what can we learn from DevOps and SysAdmin communities about bringing systems and capabilities back online after a breach or failure?

  • In addition to technical recovery what plans and processes can help recover from failures of trust (for instance, a significant certificate authority is breached, with revelation of the private signing key)?

  • What kinds of advance preparation are useful to help response plans be more effective?

Learning from Other Domains

  • What would be the digital infrastructure equivalent of a power grid ‘black start’? What is the equivalent of ‘safe mode’ while in recovery? Can recovery of all or part of an on-premises configuration be quickly recovered to a public cloud environment, and what preparation would be needed to make this possible?

  • Assessing recoverability needs – what are the critical aspects and how can those be determined? For instance, how do organizations (or industries/sectors) prioritize between repairing damage versus providing services? What non-digital processes and capabilities aid digital recovery? How are recovery efforts complicated when IOT devices are involved?

  • What lessons can be learned from other industries and sectors related to community resilience and disaster response and recovery?


  • Research that is required to facilitate recovery, including problem formulation, coping with various scale dimensions, and addressing system administration and configuration as first-class security research considerations.


The workshop will take place February 8, 2018 at the National Academy of Sciences Building, 2101 Constitution Avenue, Washington, D.C.


Workshop on Recoverability as a First-Class Security Objective

12:30 p.m. Welcome & Overview
                    Fred Schneider, Forum chair

12:35 p.m. Framing Keynote
                    Butler Lampson, Microsoft Research

1:25 p.m.   Heather Adkins, Google

2:15 p.m.   Dave Edelman, Citigroup

3 p.m.         Break

3:15 p.m.   Steve Schmidt, Amazon

4 p.m.         Tim Roxey, North American Electric Reliability Corporation

4:45 p.m.   Steve Cauffman and Matthew Barrett, National Institute of Standards and Technology

5:30 p.m.   Wrap-up Discussion, Reactions, and continued Q&A
                    Richard Danzig, moderator