Federal cybersecurity officials highlight hacker ‘dwell time’ metric

Federal cybersecurity officials highlight hacker ‘dwell time’ metric
© Getty Images

Information security officials on Tuesday highlighted the importance of focusing on the time between when a hacker enters a network and when the intruder is expelled. 

The metric, called a “dwell time,” is crucial to understanding an organization’s resilience in the wake of cyberattacks, Rod Turk, acting chief information officer at the Department of Commerce, said at a meeting of industry experts and government officials on Tuesday. 

“[Dwell time is a] really, really good metric to be looking at throughout the government in terms of making our systems resilient,” Turk said. 

ADVERTISEMENT
Turk's comments were echoed by Bernard Wilson, a network intrusion program manager at the Secret Service, who said that the agency wants to be able to measure how well it works to reduce dwell time in the wake of cyberattacks.

Research released by FireEye in 2015 found that hackers spent on average 205 days inside organizations’ systems in 2014 before being detected, down from 229 the previous year. 

Turk and Wilson appeared alongside industry experts at a government leadership summit in Washington hosted by Nuix, an Australia-based IT software company.

The federal government has worked to improve data security in the wake of high-profile breaches, including the Office of Personnel Management breach disclosed in 2015 that saw Chinese hackers compromise the personal information of more than 20 million Americans.

Turk noted that cybersecurity will be a persisting challenge for the federal government as hackers continue to exploit vulnerabilities in systems, despite efforts to secure them through the use of encryption and other tools.

“We always used to say there’s no sure thing but death and taxes, but there’s a third thing — it’s cybersecurity,” Turk said. “The threat is ever present. … It has a very long continuum in what the threat is.” 

The panel, which also included two leaders in the cybersecurity industry who work with federal government agencies, agreed on the importance of penetration testing to find vulnerabilities and continuous monitoring to detect threats.