New cyber resilience metric targets critical infrastructure vulnerabilities

A team of cybersecurity and systems engineering researchers from Indonesia has unveiled a new framework aimed at assessing and strengthening the cyber resilience of critical infrastructure. The study, published in Sensors, introduces a structured, multidimensional metric designed to gauge how prepared vital national systems are to withstand, respond to, and recover from cyber threats.

The research, titled "Guarding Our Vital Systems: A Metric for Critical Infrastructure Cyber Resilience", proposes a novel cybersecurity maturity model, called the InfraGuard Framework, that maps resilience capabilities across multiple domains relevant to infrastructure such as power grids, hospitals, airports, and transportation systems. The framework is designed to fill gaps in existing security assessment tools by combining preventative, preparatory, and responsive cyber capabilities into a single integrated model.

What does cyber resilience mean for infrastructure operators?

The InfraGuard Framework defines cyber resilience not only as the capacity to prevent and withstand cyberattacks, but also the ability to continue operating critical services and swiftly recover from disruptions. Unlike typical cybersecurity approaches that emphasize defense and perimeter protection, this model captures the dynamic nature of modern cyber threats and emphasizes the need for agility, adaptability, and maturity across system functions.

The framework is structured around three functional domains: Cyber as a Shield, Cyber as a Space, and Cyber as a Sword. Each domain reflects a critical operational aspect. The Shield domain focuses on awareness and risk prevention, highlighting how well a system can foresee and manage threats before they occur. The Space domain reflects preparedness and system robustness, addressing the infrastructure’s capacity to maintain continuity during an attack. The Sword domain emphasizes response and recovery, particularly the institution’s ability to mitigate damage, resume operations, and neutralize threats once an incident is underway.

Each of these domains is measured against six defined levels of maturity, ranging from non-existent (Level 0) to optimized (Level 5), allowing organizations to quantitatively assess their performance. These maturity levels are adapted from international standards such as ISO/IEC 15504, COBIT, and the NIST Cybersecurity Framework, giving the model credibility and applicability across global contexts.

The researchers point out that critical infrastructure is often the first and most targeted area in cyber warfare, and current systems frequently fail to implement comprehensive resilience strategies. The InfraGuard Framework seeks to enable decision-makers to identify blind spots, prioritize security investments, and implement continuous improvement processes.

How does the InfraGuard Framework measure resilience?

The measurement system within the InfraGuard Framework is built around a set of key performance indicators linked to each resilience domain. These indicators include situational awareness capabilities such as real-time threat monitoring and anomaly detection; risk management practices like the frequency of risk assessments and mitigation strategies; and infrastructure robustness features including average annual downtime and system redundancy levels.

Preparedness is measured by training frequency, incident drills, and backup availability, while critical incident recovery metrics include mean time to recovery (MTTR), service level agreement (SLA) compliance, and containment success rates. Lastly, assurance metrics such as control implementation, compliance certifications, and audit results serve as validation mechanisms to reinforce the overall cyber hygiene posture.

Each of these components is scored on a scale from 0 to 5, and cumulative scores determine an organization’s overall resilience rating. A total score of 0–20 represents low resilience, 21–35 indicates a developing stage, 36–45 marks a strong capability, and 46–50 places the organization in the optimized category. This simple yet comprehensive classification system provides immediate, actionable insights for infrastructure operators and regulators.

The InfraGuard Framework does not rely solely on theoretical constructs. The authors illustrate its practicality through three hypothetical cyberattack scenarios: an unencrypted SCADA system breach in a power grid, a ransomware infection in a smart hospital, and a malware attack on a port’s container terminal. Each scenario demonstrates how different capability shortfalls contribute to system-wide vulnerability and how scoring through InfraGuard can guide recovery planning and preventive action.

Why is this model timely and important?

Existing tools tend to be fragmented, overly technical, or focused on static compliance, failing to provide a clear picture of an organization's actual readiness and recovery strength in the face of a cyber crisis.

The InfraGuard Framework is timely in addressing this gap. By blending governance, technical, and operational resilience elements, it provides a holistic view of preparedness. Furthermore, the model’s emphasis on maturity levels enables not just a snapshot, but a developmental pathway for improvement. Organizations can use their scores to establish benchmarks, identify underperforming areas, and track progress over time.

Another notable contribution of the model is its adaptability. While developed in an Indonesian context, the framework’s reference to international cybersecurity standards makes it highly transferrable. Its sector-agnostic design means it can be tailored to public and private sector infrastructure across diverse geographies. As cyber-physical systems grow more interconnected, especially with the proliferation of IoT, 5G, and AI technologies, the potential attack surface expands. InfraGuard offers a scalable and evolving methodology to stay ahead of these threats.

The study also indirectly serves as a policy instrument. By enabling governments and regulatory bodies to assess the cyber resilience of critical infrastructure consistently, it creates opportunities for national-level dashboards, sectoral benchmarking, and early-warning mechanisms.

The researchers acknowledge that the current version of InfraGuard is a conceptual and prescriptive model. While it integrates established cybersecurity theories and resilience research, it has yet to be empirically tested in field settings. The next steps would involve piloting the model across real infrastructure operators, refining indicators based on operational data, and integrating dynamic metrics that account for evolving threat landscapes.