What We Do
We study cyber resilience: how everyday digital systems (payments at a bank, records in a hospital, controls on a plant floor, equipment on the power grid) keep serving people when something breaks, overloads, or is attacked.
Some of that is robustness: design and redundancy so critical functions keep working and stay available when components fail, overload, or stay under sustained pressure. The rest unfolds before and after an incident: watching for and tracking threats, tightening prevention where risk rises, and when something still gets through, detecting it early, limiting how far harm spreads across linked services, and restoring trusted normal operations.
These systems are distributed and strongly interdependent. We use Cyber Capability Maturity Models to spot strengths and gaps, including how well teams share information and help each other when trouble spreads.
Our approach
We assess cyber resilience at sector level across operators, regulators, suppliers, and national institutions. Under stress, harm often spreads along dependencies and information gaps, so we treat the sector as one connected system.
Our working framework is PROGRESS, a sector-level capability maturity model that turns assessments into prioritized improvement plans.
Who we help
- Governments and public authorities responsible for critical sectors
- Regulators and infrastructure operators
- Development institutions and international partners
- Research and policy communities working on cyber resilience
Research Highlights
Global impact
Applied examples across sectors and countries.
Publications & Resources
Peer-reviewed outputs and reference documents.
Conferences & Trainings
Agendas, participants, and visual records.
For curious readers
What PROGRESS Is
Concept, scope, and when the method applies.
PROGRESS Methodology
Process steps, matrices, and operational dimensions.
CIP Navigator
Interactive navigation for critical infrastructure protection workflows.
