F.О. Korobeynikov

Èlektron. model. 2023, 45(4):88-110


A review of scientific publications aimed at determining the basis for the formation of the resilience paradigm in the security sphere is provided. The main stages of the evolution of the resilience paradigm in the context of security are considered, including its origin, development and multifactorial impact on the security of critical systems and infrastructures at different levels. The definitions, concepts, and key ideas underlying the paradigm are examined in detail, highlighting the fundamental principles that contributed to its emergence. Special attention is paid to the constructs underlying the resilience paradigm in the security domain. Emphasis is placed on their practical implementation in frameworks and international legislation.


resilience, information security, risks, critical infrastructure.


  1. Kuhn, T.S., & Schlegel, R. (1963). The Structure of Scientific Revolutions. Physics Today, 16(4), 69.
  2. Fluri, P., & Tagarev, T. (2020). The Concept of Resilience: Security Implications and Implementation Challenges. Connections: The Quarterly Journal, 19(3), 5-12.
  3. Linkov, I., Bridges, T., Creutzig, F., Decker, J., Fox-Lent, C., Kröger, W., Lambert, J.H., Levermann, A., Montreuil, B., Nathwani, J., Nyer, R., Renn, O., Scharte, B., Scheffler, A., Schreurs, M., & Thiel-Clemen, T. (2014). Changing the resilience paradigm. Nature Climate Change, 4(6), 407-409.
  4. Directive (EU) 2022/2557 of the European Parliament and of the Council of 14 December 2022 on the resilience of critical entities and repealing Council Directive 2008/114/EC
  5. Department of defense strategy for operating in cyberspace (2011) Department of Defense USA
  6. Cambridge Advanced Learner’s Dictionary & Thesaurus (2023) Cambridge University Press.
  7. Holling, C.S. (1973). Resilience and Stability of Ecological Systems. Annual Review of Ecology and Systematics, 4 (1), 1-23.
  8. Walker, B., Holling, C.S., Carpenter, S.R., & Kinzig, A.P. (2004) Resilience, Adaptability and Transformability in Social-ecological Systems. Ecology and Society, 9 (2).
  9. Foucault, M. (1970). The archaeology of knowledge. Social Science Information, 9(1), 175-185.
  10. Woods, D.D., & Hollnagel, E. (2017). Prologue: Resilience engineering concepts. Resi­lience Engineering (p. 1-6). CRC Press.
  11. Komatsubara, A. (2008). When Resilience Does Not Work. In: Nemeth, C.P. (2008). Resilience Engineering Perspectives, Volume 1: Remaining Sensitive to the Possibility of Failure (E. Hollnagel, Ed.) (1st ed.). CRC Press.
  12. Schaefer, D., Abdelhamid, T., Mitropoulos, P. & Howell, G. (2008). Resilience Engineering: A New Paradigm for Safety in Lean Construction Systems, 16th Annual Conference of the International Group for Lean Construction, 723-734, 16-18 July 2008.
  13. Han, S., Lee, S., & Peña-Mora, F. (2010). System Dynamics Modeling of a Safety Culture Based on Resilience Engineering. Construction Research Congress 2010, American Society of Civil Engineers.
  14. Chialastri, A., Pozzi, S. (2008). Resilience in the Aviation System. In: Harrison, M.D., Sujan, MA. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2008. Lecture Notes in Computer Science, vol. 5219. Springer, Berlin, Heidelberg.
  15. Malakis, S. and Kontogiannis, T. (2008). Cognitive Strategies in Emergency and Abnormal Situations Training: Implications for Resilience in Air Traffic Control. Third Symposium on Resilience Engineering, Jaun-les-Pins, 28-30 June 2008, Ashgate.
  16. Mallak, Larry. (1998). Measuring Resilience in Health Care Provider Organizations. Health manpower management. 24. 148-52.
  17. Haimes, Y.Y. (2009). On the Definition of Resilience in Systems. Risk Analysis, 29(4), 498-501.
  18. Hale, AR., & Heijer, H. (2006). Defining resilience. In E. Hollnagel, D.D. Woods, & N. Leveson (Eds.), Resilience Engineering (pp. 35-40). Ashgate. ISBN 075464641 6
  19. Stephenson, A., Seville, E., Vargo, J. and Roger, D. (2010) Benchmark Resilience: A Study of the Resilience of Organisations in the Auckland Region. In: Resilient Organisations Research Report 2010/03b, Resilient Organisations Research, Auckland.
  20. McDonald, N. (2017). Organisational Resilience and Industrial Risk. In: Resilience Engineering by David D. Woods, Erik Hollnagel, (pp. 155-180), CRC Press. ISBN: 9781317065289
  21. Grote, G. (2008). Rules Management as a Source of Loose Coupling in High-Risk Systems. In: Hollnagel, E., Nemeth, C.P. and Dekker, S.W.A., Eds., Resilience Engineering Perspectives Volume 1: Remaining Sensitive to the Possibility of Failure, Ashgate, Aldershot. ISBN 9780754671275
  22. Westrum, R. (2006). A Typology of Resilience Situations. In: Hollnagel, E., Woods, D.D. and Leveson, N., Eds., Resilience Engineerng: Concepts and Precepts, Ashgate, Aldershot, 55-66. ISBN 9780754649045
  23. Patterson, Emily & Woods, David & Cook, Richard & Render, Marta. (2007). Collaborative Cross-Checking to Enhance Resilience. Cognition, Technology & Work. 9. 155-162.
  24. Vogus, Timothy & Sutcliffe, Kathleen. (2007). Organizational Resilience: Towards a Theory and Research Agenda. Conference Proceedings - IEEE International Conference on Systems, Man and Cybernetics. 3418-3422.
  25. Bracco, F., Gianatti, R., Pisano, L. and Savona, I. (2008). Cognitive Resilience in Emergency Room Operations: A Theoretical Framework. Third Resilience Engineering Symposium, 28-30 November 2008, Antibes Juan-les-Pins, MINES ParisTech.
  26. Hollnagel, E., Woods, D. (2006). Epilogue: resilience engineering precepts. Resilience engineering-concepts and precepts. Aldershot: Ashgate; pp. 347-58. ISBN 9780754649045
  27. Woods, D. (2006) Resilience engineering: redefining the culture of safety and risk management. Hum Factors Ergon Soc Bull. ISBN 9780754649045
  28. Carmeli, A., Friedman, Y., & Tishler, A. (2013). Cultivating a resilient top management team: The importance of relational connections and strategic decision comprehensiveness. Safety Science, 51(1), 148-159.
  29. Sheridan B. (2008). Risk, human error, and system resilience: fundamental ideas. Hum Factors. 2008 Jun; 50(3):418-26.
  30. Costella M.F., Saurin T.A., de Macedo Guimarães L.B. (2009). A method for assessing health and safety management systems from the resilience engineering perspective. Safety Science, 47.
  31. NIST Special Publication 800–160, Volume 2, Developing Cyber-Resilient Systems: A Systems Security Engineering Approach.–160v2r1.pdf
  32. Oxford Learnerʼs Dictionary. Online Dictionary. Oxford University Press.
  33. NIST Special Publication 800-30 Rev. 1, Guide for Conducting Risk Assessments.–30r1.pdf
  34. Dekker, S.W.A., Hollnagel, E., Woods, D.D. and Cook, R. (2008). Resilience Engineering: New Directions for Maintaining Safety in Complex Systems. Final Report, November 2008. 1-6. Lund University School of Aviation, Sweden.
  35. Deborah J. Bodeau & Richard Graubart (2011). Cyber Resiliency Engineering Framework. The MITRE Corporation.
  36. Cyber Resiliency Engineering Framework (CREF) Navigator. The MITRE Corporation. Online framework.
  37. Stefan H. Verstappen (1999). The Thirty-Six Strategies of Ancient China, China Books & Periodicals. ISBN ‏ 0835126420 Thirty_Six_Strategies
  38. ISO 22316:2017, Security and resilience ― Organizational resilience ― Principles and attributes.
  39. ISO/TS 22318:2021 Security and resilience ― Business continuity management systems ― Guidelines for supply chain continuity management.
  40. Jason Hay, Patrick Craven, Benjamin Merrel, PhillipWilliams, Grace Wusk (2022) Resiliency in future cislunar space architectures. NASA Resiliency Framework. Framework.pdf
  41. Marc Berkowitz (2013). Space Mission Resilience, AIAA SPACE 2013 Conference and Exposition September 10-12, 2013. San Diego, CA.
  42. Hulse, D., Walsh, H., Dong, A., Hoyle, C., Tumer, I., Kulkarni, C., & Goebel, K. (2021). FMDTOOLS: A Fault propagation Toolkit for Resilience Assessment in Early Design. International Journal of Prognostics and Health Management, 12(3).
  43. Analytical framework on risk and resilience (2017). UN System Chief Executives Board for Coordination.
  44. Wang, , Miao, S., Tang, J. Vulnerability and Resilience Analysis of the Air Traffic Control Sector Network in China. Sustainability 2020, 12, 3749,
  45. Shafieezadeh, A., Ivey Burden, L. Scenario‐Based Resilience Assessment Framework for Critical Infrastructure Systems: Case Study for Seismic Resilience of Seaports. Reliabi­lity Engineering & System Safety 2014, 132, 207-219,
  46. Lu, Q. Modeling Network Resilience of Rail Transit under Operational Incidents. Transportation Research Part A: Policy and Practice Volume 117, November 2018, Pages 227-237,
  47. Rehak, D., Senovsky, P., Slivkova, S. Resilience of Critical Infrastructure Elements and Its Main Factors. Systems 2018, 6, 21.
  48. Ouyang, M., & Fang, Y. (2017). A Mathematical Framework to Optimize Critical Infrastructure Resilience against Intentional Attacks. Computer-Aided Civil and Infrastructure Engineering, 32(11), 909-929.
  49. Rød, B., Barabadi, A., Gudmestad, O. (2016) Characteristics of Arctic Infrastructure Resilience: Application of Expert Judgement. International Society of Offshore and Polar Engineers: Rhodes, Greece. ISBN 978-1-880653-88-3; ISSN 1098-6189
  50. Mottahedi, A., Sereshki, F., Ataei, M., Nouri Qarahasanlou, A., Barabadi, A. The Resilience of Critical Infrastructure Systems: A Systematic Literature Review. Energies 2021, 14, 1571.
  51. Mohanty, S.K., Chatterjee, R., Shaw, R. Building Resilience of Critical Infrastructure: A Case of Impacts of Cyclones on the Power Sector in Odisha. Climate 2020, 8, 73.
  52. Carlson, J.L., Haffenden, R.A., Bassett, G.W., Buehring, W.A., Collins, III, M.J., Folga, S.M., Petit, F.D., Phillips, J.A., Verner, D.R., and Whitfield, R.G. (2012). Resilience: Theory and Application. Technical Report. Argonne National Lab. (ANL),
  53. Petit, F., Verner, D., Phillips, J., & Lewis, L.P. (2018). Critical Infrastructure Protection and Resilience—Integrating Interdependencies. У Advanced Sciences and Technologies for Security Applications (с. 193-219). Springer International Publishing.
  54. Linkov, I., Eisenberg, D.A., Bates, M.E., Chang, D., Convertino, M., Allen, J.H., Flynn, S.E., & Seager, T.P. (2013). Measurable resilience for actionable policy. Environmental science & technology, 47(18), 10108-10110.
  55. Petit, F.D.P., Bassett, G.W., Black, R., Buehring, W.A., Collins, M.J., Dickinson, D.C., Fisher, R.E., Haffenden, R.A., Huttenga, A.A., Klett, M.S., Phillips, J.A., Thomas, M., Veselka, S.N., Wallace, K.E., Whitfield, R.G., & Peerenboom, J.P. (2013). Resilience Measurement Index: An Indicator of Critical Infrastructure Resilience. Office of Scientific and Technical Information (OSTI).
  56. Kott, A., & Linkov, I. (2021). To Improve Cyber Resilience, Measure It. Computer, 54(2), 80-85.
  57. Erik Hollnagel (2008). From protection to resilience: Changingviews on how to achieve safety. Ecole des Mines de Paris, CRC, Sophia Antipolis, France. https://www.academia. edu/22733335/From_protection_to_resilience_Changing_views_on_how_to_achieve_safety?source=swp_share
  58. Fisher, Ronald & Norman, Michael. (2010). Developing measurement indices to enhance protection and resilience of critical infrastructure and key resources. Journal of business continuity & emergency planning. 4 (3). 191-206. PMID: 20826384
  59. Brown, C., Seville, E., & Vargo, J. (2017). Measuring the organizational resilience of critical infrastructure providers: A New Zealand case study. International Journal of Critical Infrastructure Protection, 18, 37-49.
  60. Deborah Bodeau, Richard Graubart, Rosalie Mcquaid, John Woodill, Jr. (2018). Cyber Resiliency Metrics Catalog. The MITRE Corporation.
  61. Watson, J.-P., Guttromson, R., Silva-Monroy, C., Jeffers, R., Jones, K., Ellison, J., Rath, C., Gearhart, J., Jones, D., Corbet, T., Hanley, C., & Walker, L.T. (2014). Conceptual Framework for Developing Resilience Metrics for the Electricity, Oil, and Gas Sectors in the United States. Office of Scientific and Technical Information (OSTI).
  62. Panagiotis Trimintzios (2010). Measurement Frameworks and Metrics for Resilient Networks and Services: Challenges and Recommendations. The European Network and Information Security Agency (ENISA). publications/metrics-tech-report/at_download/fullReport
  63. Linkov, I., Eisenberg, D.A., Plourde, K., Seager, T.P., Allen, J., & Kott, A. (2013). Resilience metrics for cyber systems. Environment Systems and Decisions, 33(4), 471-476.
  64. Deborah Bodeau, Richard Graubart, (2016). Cyber Resilience Metrics: Key Observations. MITRE Corporation.
  65. Hosseini, S., Barker, K., Ramirez‐Marquez, J.E. A Review of Definitions and Measures of System Resilience. Reliability Engineering & System Safety 2016, 145, 47-61,
  66. Francis, R., & Bekera, B. (2014). A metric and frameworks for resilience analysis of engineered and infrastructure systems. Reliability Engineering & System Safety, 121, 90-103.
  67. Pant, R., Barker, K., & Zobel, C.W. (2014). Static and dynamic metrics of economic resilience for interdependent infrastructure and industry sectors. Reliability Engineering & System Safety, 125, 92-102.
  68. Cheng, C., Bai, G., Zhang, Y.-A., & Tao, J. (2020). Improved integrated metric for quantitative assessment of resilience. Advances in Mechanical Engineering, 12(2), 168781402090606.
  69. Council Recommendation of 8 December 2022 on a Union-wide coordinated approach to strengthen the resilience of critical infrastructure (Text with EEA relevance) 2023/C 20/01 ST/15623/2022/INIT OJ C20, 20.1.2023, p. 1-11
  70. Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection (Text with EEA relevance) OJ L 345, 23.12.2008, p. 75-82
  71. UK Cyber Resilience Strategy for Defence, (2022). Ministry of Defence UK.
  72. Presidential Policy Directive — Critical Infrastructure Security and Resilience. (PPD-21) critical-infrastructure-security-and-resil
  73. A Guide to Critical Infrastructure Security and Resilience (2019) USA. CISA
  74. Critical Infrastructure Security and Resilience Research, Development, Test, and Evaluation Spend Plan (2022) Science and Technology Directorate USA.
  75. ISO/IEC 27000:2018 Information technology — Security techniques — Information security management systems — Overview and vocabulary

Full text: PDF