Buzzword Watch: Prosilience

Summer Fowler at CMU has invented a new word: prosilience:

I propose that we build operationally PROSILIENT organizations. If operational resilience, as we like to say, is risk management “all grown up,” then prosilience is resilience with consciousness of environment, self-awareness, and the capacity to evolve. It is not about being able to operate through disruption, it is about anticipating disruption and adapting before it even occurs—a proactive version of resilience. Nascent prosilient capabilities include exercises (tabletop or technical) that simulate how organizations would respond to a scenario. The goal, however, is to automate, expand, and perform continuous exercises based on real-world indicators rather than on scenarios.

I have long been a big fan of resilience as a security concept, and the property we should be aiming for. I’m not sure prosilience buys me anything new, but this is my first encounter with this new buzzword. It would certainly make for a best-selling business-book title.

Posted on March 2, 2017 at 6:08 AM19 Comments


Lenny March 2, 2017 6:22 AM

She’s describing war games. I’m pretty sure we’ve had this since the ’50’s.

Dan March 2, 2017 6:55 AM

This sounds a lot like a new buzzword for chaos monkey.
It might take, though, as it would allow to build upon the concept beyond the basic idea of randomly killing stuff.

MIPR Me March 2, 2017 7:30 AM

The common denominator is sillience, which the O.E.D. defines as parroting silly crap like Hillary got her ass kicked cause of Russia.

Paul A Sand March 2, 2017 8:35 AM

E. O. Wilson wrote a book titled Consilience about the “unity of knowledge” across broad fields of science, arts, humanities, etc.. As near as I can tell, this has absolutely no relevance to “prosilience”.

The provenance of the word might be due to someone observing how people went from being “reactive” (bad) to “proactive” (good). Hence, “resilience” becomes “prosilience”.

supersaurus March 2, 2017 8:42 AM


ding! there goes my bs-o-meter, density scale, pegged again.

vas pup March 2, 2017 9:11 AM

Chinese mindset on security:

China is in the midst of what it calls a “people’s war on terror” in its far west. What sparked this latest campaign was a knife attack:

Xinjiang’s security forces are already well armed with every form of “nutcracker”, including highly trained manpower, rapid response units, mobile police stations, surveillance cameras, helicopters, drones, satellite tracking of vehicles, biometrics and grid style management of every community right down to the individual household.
In many countries terror triggers the impulse to repress and punish the community which appears to harbor the “terrorist”. But other societies debate the dangers of alienation and the risk that those criminalized may become even more vulnerable to exploitation by extremists.
Already the technologies of an Orwellian police state are advancing across China. Security services have no inhibitions about accessing social media accounts and private financial records to build an increasingly complete picture of the lives of persons of interest.
A vaguely worded new anti-terror law and accompanying narrative of foreign threats justify every constriction of civil liberties and detention of human rights lawyers, labor activists, religious believers and feminists.
And China does have traditions of soft power as well as hard – strains of Confucian paternalism in which a benign emperor rules through WISDOM and NATURAL AUTHORITY, NOT through FEAR(!)

Rhys March 2, 2017 10:03 AM

There are better things to put your attention to.

You might start with this:
You might also read this:

We had NCW/NCOps. What happened? Just fashion statements by academia looking for a sound-byte of recognition. Ask CMU where CMMI/CMMI-S is today?

Bolt-on security vs built-in fails because we, USA, no longer invests in our infrastructure(s). Every short cut taken to provide the illusion of productivity is where we find ourselves today. no longer make long-term investments in our communities, our people, our, our execution skills. InfoSec with unequal OpSec is just as inexcusable.

So what happened to IPv6 deployment?

What about all the leaks? Marisa Meyers will still keep ~$170mm in equity and ~$55mm after her performance leaking information that raises the cost for future authentication systems (in addition to the fraud to her stockholders and Verizon’s). Or Anthem, or Target, or OPM…on-and-on. Why aren’t these private companies “taxed” for the cost (formal term- externalities) that must now be borne by this nation’s private and public sectors?

de La Boetie March 2, 2017 1:28 PM

Might be worth having a look at Nicholas Taleb’s ideas on anti-fragility, which is more than resilience, effectively evolved battle-hardening.

For sure, current communications and software systems and the processes around them are terribly fragile, with loads of SPOF, certainly at the logical level.

albert March 2, 2017 3:05 PM


“…How did this thread go so off topic so fast?…”

It depends how you define ‘off topic’. The academic paper Bruce cited is all about generalities and theoretical concepts. You’ll not get any technical specifics from it, so nothing is really off topic. I count 7 comments that address the topic, in one way or another.

Cyber security is enmeshed in the political, social, military, and corporate. Were it strictly technical, we’d have a lot less to talk about, and perhaps better security:)

. .. . .. — ….

JPA March 2, 2017 7:33 PM

I like the idea of silence.

But I have a hard time being silent in the face of such blather. Resilience is defined as the ability to recover quickly from difficulties. In the article Fowler does not seem to use that definition of resilience, defining it instead as “risk management all grown up” whatever the h– that is, and then proposes “prosilience” as something that is seems nothing more than a way of being resilient (as in ability to recover quickly from difficulties).

supersaurus March 3, 2017 5:03 AM


how about scrambling the letters? after all it’s a blog about crypto. here, I’ll use a method I just invented: “ceeeiilnr”? first try to decrypt “bhillstu”, it is a bit easier.

Teacher Teacher March 3, 2017 5:48 AM

IT Security needs to start in junior school. The majority is cluless and no wonder why as it is an accelerating security lanscape.

Spotted this, haven’t looked it over but it’s probably alright for a classroom introduction.

Ph March 3, 2017 8:20 AM

Yet another reactive process is made proactive.
The biggest flaw? how to qualify an action that needs proactive reaction.
Nevermind the reactive processes on the other side reacting to this (pro)action.
So they also employ proactive reactions, triggering the defensive reactions of the first side.
Now you wil get a whole lot of mess distinguishing the proactive reactions from active attacks, mix in the bias of USA vs Russia vs China vs various ‘state actors’ and the fun will ensue.

just don’t go effing around other people stuff just because you are paranoid about your own stuff.

k15 March 3, 2017 11:03 AM

Prosilience is about anticipating an entity’s actions in order to squelch them in the bud?

Interesting. I wonder who the interested clients would be.

k15 March 3, 2017 11:45 AM

Of all the tools that are designed for use in fostering a resilient society, what characterizes the ones that a cigar-chewing henchperson cannot easily turn toward misanthropic purposes?

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.