HADES logo

2018 Government Innovation Awards

Turning the tables on hackers

Sandia National Laboratories’ primary mission is securing the nation’s nuclear arsenal, which faces very real threats. The labs’ networks experience 1.5 billion cyber events a day, ranging from incorrect password entries, phishing and malware attacks, and more serious nation-state activities, said John Zepper, Sandia’s director of computer and networking services.

High-Fidelity Adaptive Deception and Emulation System

Sandia National Laboratories

Government Innovation Awards icon

Click here for all the 2018 Public Sector Innovation winners

In response, Sandia officials developed the High-Fidelity Adaptive Deception and Emulation System (HADES) to go beyond a traditional honeypot and use cutting-edge technology to give its operators the opportunity to run sting operations on the people trying to break into their systems.

Although HADES’ deception environments are isolated from Sandia’s host systems and data, designers spent a lot of time making it look like the real thing. Vince Urias, a cybersecurity researcher at Sandia, said they make up intricate profiles “for admins and engineers and the folks who are working 9 to 5 and those who work 12-hour shifts and take lots of coffee breaks.” Those “users” all have records with recently downloaded files, browser histories, varying uptimes and other small details that mimic authentic network behavior.

Those details and imperfections give the environment a lived-in feeling that keeps attackers engaged longer and lets operators monitor their behavior, develop signatures and implement adaptive countermeasures in real time.

“Think about robbing a house: If you walked into a house and everything was perfect and clean and there was no information, what would you do?” Urias said. “When an adversary comes in, they’re there to do something — to steal information or break things. If they can tell it’s a facsimile, if there is no depth to the information, at some point the adversary doesn’t want to interact with that system.”

Furthermore, HADES is designed to pull certain information from a network in order to replicate it as quickly as possible, which means it is adaptable for use by others. Urias said Sandia has patented the system and plans to license it to other government agencies and external organizations in the future.    

About the Author

Connect with the GCN staff on Twitter @GCNtech.


  • business meeting (Monkey Business Images/Shutterstock.com)

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (Shutterstock.com)

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected