BRUSSELS Greece Jan. 24, 2011 The resilience of data networks is vital for the economy and society. Yet, abnormal but legitimate traffic, malicious attacks, accidents or human mistakes, and technical failures at lower levels can still hamper network access. This has major consequences for the information society, as networks is found everywhere, behind energy, water, e-commerce; i.e. the entire critical information infrastructure. ENISA now presents the design principles of "end-to-end resilience" in a widened scope, e2e Resilience, in its new report ; i.e. how networks will allow for connectivity, also with quality in focus. The e2e approach involves aspects beyond, and in addition to, technology for standardisation bodies and policy makers.
new comprehensive Agency report This extended scope of end-to-end resilience is achieved from the planned combination of prevention, protection, response and recovery arrangements, whether technical, organisational or social
This report provides principles of designing networks able to carry end-to-end traffic, which is of great use for the national regulators."
In detail, the report stipulates that e2e requires:
- To cope with incidents from very minor up to extreme impacts
- To cope with situations that can be handled through everyday incident response procedures up to crises too complex to be handled in a day-to-day procedural manner
The report also provides a comprehensive characteristics of a resilient system:
A resilient system is reliable
- A resilient infrastructure features high availability that is an effect of all components
- A resilient system should provide for business continuity and management of unforeseen or unexpected risks
- A resilient system should offer a security level adequate to the information being transmitted
- End-to-end resilience requires resilience in all components of the infrastructure
The report also identifies good practices to achieve resilience, which should be used by standardisation bodies and policy makers.
SOURCE ENISA – European Network and Information Security Agency