3.  Ensure collaboration across the ecosystem

            With the increasing complexity of industry and cross-industry supply chains and ecosystems, it is key
            that critical infrastructure organizations have a holistic view of their ecosystem and work closely to build
            resilience. Cyber incidents are a question of when, not if, and to mitigate vulnerabilities early and respond
            to  threats  more  rapidly  in  real  time,  businesses  should  collaborate  with  government  officials  and
            regulators before security breaches occur to ensure incident reporting and information sharing systems
            are well understood. Cooperation should also extend to third parties that provide goods and services to
            critical infrastructure organizations. Organizations are as strong as their weakest link and attackers will
            target these weak links in supply chains to compromise the other entities in the network. To that end,
            ecosystem players should share cyber-threat information, and develop and test incident scenarios to
            better react in case of attacks.


            Cyber resilience is not a destination but a continuous journey. As such, it cannot be regarded as a one-
            time, or a one-actor effort. At a time when the cyber threat landscape is in constant flux, it requires cross-
            organization and cross-industry collaboration to ensure business continuity and security.








































                                                                                                              85