Abstract As cyber threats grow in complexity and impact, the limitations of traditional cybersecurity frameworks—focused primarily on prevention and control—have become increasingly evident. This paper introduces the Cyber Resilience Cube, a novel multidimensional framework that enables more comprehensive planning, assessment, and governance of cyber resilience as a holistic, organizational function. Drawing on interdisciplinary theory and extensive analysis of over 30 federal and international policy documents, the Cube organizes resilience capabilities across three axes: time (Plan, Absorb, Recover, and Adapt), system scale (Component to Ecosystem), and domain (Technical, Organizational, Human, and Institutional). The paper demonstrates how this structure exposes blind spots in current policy, highlights underdeveloped capabilities such as adaptation and cross-sector coordination, and offers a diagnostic tool for aligning investments, planning documents, and oversight mechanisms. Applications include recent incident analysis and alignment with global frameworks (e.g. NIST CSF 2.0 and ISO 27001). The Cube enables a shift from compliance-driven security to mission-driven resilience—advancing both conceptual clarity and operational utility in the evolving landscape of cyber risk.
Ryan P. Hilger (Thu,) studied this question.