A resilience agenda is an essential part of protecting national security in a digital age. Digital technologies impact nearly all aspects of everyday life, from communications and medical care to electricity and government services. Societal reliance on digital tools should be paired with efforts to secure societal resilience. A resilience agenda involves preparing for, adapting to, withstanding, and recovering from disruptions in ways that advance societal interests, goals, and values. Emphasizing resilience offers several benefits: 1) It is threat agnostic or at least relatively threat neutral; 2) its inward focus emphasizes actions under the control of a targeted nation, rather than attempting to change behaviors of external adversaries; and 3) because resilience can address multiple threats simultaneously, it may be less subject to politicization. A resilience strategy is well-suited to address both disruptions to computer systems—whether from cyberattacks or natural disasters—and disruptions to the information environment from disinformation campaigns that sow discord. A resilience agenda is realistic, not defeatist, and fundamentally optimistic in its focus on how society can withstand and move forward from adverse events.
This Essay identifies tactics to bolster resilience against digitally enabled threats across three temporal phases: anticipating and preparing for disruptions, adapting to and withstanding disruptions, and recovering from disruptions. The tactics of a resilience strategy across these phases are dynamic and interconnected. Resilience tactics in the preparation phase could include creating redundancies (including low-tech or no-tech redundancies) or “pre-bunking” disinformation campaigns. Actions in the preparation phase help with adapting to and withstanding disruptions when they are ongoing. Forewarning people about cyberattacks can ensure they do not panic when crucial services cease to function. More persistent and recurrent threats like disinformation campaigns may require structural adaptations, like privacy law reform, to curb the exploitation of personal data to amplify democracy-damaging disinformation. Recovering from disruptions draws on steps taken earlier. Resilience tactics in the recovery phase could include reverting to manual controls and turning to pre-positioned hardware stockpiles that enable continuity of operations after cyberattacks and supporting and protecting journalists and researchers subject to intimidating online abuse. These are just possibilities—a resilience strategy is ours to imagine and pursue, and doing so is a crucial step to strengthen national security in a digital age.