information (n.): Knowledge that's important. More importantly, the stuff you use to blackmail other people.
resiliency (n.): Recovering from bad news in a timely fashion.
The concept of information resiliency is sort of a buzzword among the information warfare crowd. Essentially, what it asserts is:
- You know you're going to get attacked.
- If someone is determined enough to attack you, then they probably have the goal of not only removing your capabilities, but defeating your ability to come back quickly.
- If they're trying to defeat your ability to come back quickly, a logical place to attack - besides your access paths - would be your information.
- How do you make your information "resilient" (note the word "resistant" is not used) to attack?
And here's really the meat of it. If I'm trying to fuck up your whole program, and I'm truly insidious, i'm going to feed you disinformation. Yet there's a problem: I can't just feed you information! You won't trust it. You probably should think it's not really disinformation, but that it's true. So, to do that, I am going to compromise YOUR information, that your guy in the van wrote. Information resiliency is not preventing your information from compromise, but expecting it and taking steps to bounce back.
Of course, you have to protect your information from yourself, too. Information compromise isn't always external. And there's this guy Murphy, too....
How do you make your information resilient? Well, you have to have information agility. The integrity of your information is primarily going to rely on controlling modifications to that information, as well as knowing who modified it in a legitimate fashion. But you also have to have a way to recover the "original" information in the event it's modified. One possible way of taking care of several of these concerns is setting up a trust mechanism or trust quotient: In other words, assigning a numerical value to your confidence in given information and then storing that information (with the confidence number) in a non-writable format. Sort of like the Voting/XP system: People bless information as gospel, and once enough people have blessed it, save it and run it off into a database somewhere.
Another possibility is having an information authority figure, or a set of them. But this is bad news: Then you lead into control by the few rather than the many. That way lies madness: that little power elite cabal gets the ability to bless or deny something that could be extremely important to you. Information is power. The haves versus the have nots. And so on.