May 1, 2018
Having a robust set of indicators is important to assessing an agency’s cybersecurity, but how long hackers have access to a network may be the most important, one federal IT official said.
In cybersecurity, the metric known as dwell time is the measure of how long it takes an organization to identify a breach from the time an adversary gains access. In 2017, the global average time to detection was 191 days, according to a study by the Ponemon Institute and IBM, down from 201 days in 2016.
For Rod Turk, Commerce Department acting chief information officer and former department chief information security officer, this metric can inform all the others.
“If you’re doing your work and you’re preventing things from getting into your organization, then guess what, your dwell time is near zero or at zero,” Turk said during a panel on cybersecurity Tuesday at the 2018 CFO/CIO Summit hosted by the Association of Government Accountants and the Association for Federal Information Resources Management.