Autonomous Cyber Resilience

We translate our vision of ACR into tangible outcomes for our partners. We combine strategic guidance, collaborative development, and pioneering technology to build system capabilities. But true resilience cannot be retrofitted. It must be integrated by design and precisely tuned to a system’s specific operational priorities and risk profile. Since the system’s owner has this knowledge, co-creation with an organisation’s engineers and architects is essential for effective ACR. We work with your teams to embed resilience that is proportionate, effective, and aligned with your objectives.

TNO provides the foundations that enable our partners to implement ACR independently. These include practical design and implementation guidelines: architectural blueprints, example implementations, and best practices for building inherently resilient systems. We offer design specifications that define how system components should communicate and interact. And we build and share technologies to demonstrate what’s possible and accelerate adoption. Our contributions

Enabling ACR requires a structured and repeatable path. TNO has developed a methodology for engineering inherent resilience. Our ACR design framework is built on several core principles for system development, from the component level to complex digital ecosystems. Through automated cyber resilience principles – like mission- and risk-awareness, risk-adaptive functionality, nested defence, and periodic security – we enable proactive security measures. This can facilitate compliance with critical aspects of the European Cyber Resilience Act (CRA), the Network and Information Systems Directive (NIS2) and beyond. And through autonomous response principles like proportional response and ‘as autonomous as possible’, we develop defences that are proportionate, safe, and trustworthy.

Our ACR architecture incorporates two distinct decision-making loops. The ‘fast loop’ uses decentralised, local, self-healing mechanisms, similar to the immune system instantly responding to a pathogen. The ‘slow loop’ is more centralised. It performs higher-level reasoning and strategic decision-making, like a Security Operations Centre (SOC). This dual-loop architecture – operating on our principles – ensures that every action is mission-aware, proportional, and supports nested defence. From the fastest local reaction to the most considered strategic response.

The ultimate goal of ACR is to create systems so robust that their resilience can be continuously and automatically validated. The pinnacle of this continuous assurance is called ‘security chaos engineering’: continuously testing a live system’s resilience and enabling it to learn by actively injecting faults, simulating attacks, and destroying components.

For mission-critical systems in which live-fire testing is too risky, digital twins are emerging as a key enabling technology. These high-fidelity replicas can provide safe environments to stress-test any developed ACR mechanisms in the future. TNO has strong expertise in continuous testing, autonomous resilience engineering, and digital twinning. We look forward to bringing these promising technologies together with chaos engineering in future projects.