Improving Cyber Resilience with a Dwell Time Based Strategy

A. Sood
George Mason University and SCIT Labs, Virginia, United States

Keywords: Cyber Resilience, Dwell Time, Cyber Security, Control System Security, Server Security

Cyber security products have become increasingly sophisticated. One challenge remains. Preventing all intrusions is nearly impossible. Consequently, security thinking has evolved to maximizing Cyber Resilience i.e. “an entity's ability to continuously deliver the intended outcome despite adverse cyber events”. Different products attain this goal in different ways but they all have one feature in common – emphasis on perimeter defense to prevent intrusions. SCIT envisages a completely different paradigm.We add a layer of defense extending the Moving Target Defense paradigm, and seek to minimize damage AFTER an intrusion has occurred, by limiting the time available to the attacker. Intruder DWELL TIME is easily understood and measured and is an important defense mechanism. A typical attack takes place in 3 phases – Get In (Phishing), Stay In (Lateral Move) and Act (Ex-filtration). We will show that an approach that reduces available time during Stay In and Act steps has application in mitigating attacks. In this poster we will address: -Define resilience and recovery and compare with alert systems. -Mitigating direct and indirect attacks on IT and OT systems. . -Benefits and limitations of a dwell time based approach. -Use cases.