George Mason University and SCIT Labs, Virginia, United States
Keywords: Cyber Resilience, Dwell Time, Cyber Security, Control System Security, Server SecurityCyber security products have become increasingly sophisticated. One challenge remains. Preventing all intrusions is nearly impossible. Consequently, security thinking has evolved to maximizing Cyber Resilience i.e. “an entity's ability to continuously deliver the intended outcome despite adverse cyber events”. Different products attain this goal in different ways but they all have one feature in common – emphasis on perimeter defense to prevent intrusions. SCIT envisages a completely different paradigm.We add a layer of defense extending the Moving Target Defense paradigm, and seek to minimize damage AFTER an intrusion has occurred, by limiting the time available to the attacker. Intruder DWELL TIME is easily understood and measured and is an important defense mechanism. A typical attack takes place in 3 phases – Get In (Phishing), Stay In (Lateral Move) and Act (Ex-filtration). We will show that an approach that reduces available time during Stay In and Act steps has application in mitigating attacks. In this poster we will address: -Define resilience and recovery and compare with alert systems. -Mitigating direct and indirect attacks on IT and OT systems. . -Benefits and limitations of a dwell time based approach. -Use cases.