HADES logo

2018 Government Innovation Awards

Turning the tables on hackers

Sandia National Laboratories’ primary mission is securing the nation’s nuclear arsenal, which faces very real threats. The labs’ networks experience 1.5 billion cyber events a day, ranging from incorrect password entries, phishing and malware attacks, and more serious nation-state activities, said John Zepper, Sandia’s director of computer and networking services.

High-Fidelity Adaptive Deception and Emulation System

Sandia National Laboratories

Government Innovation Awards icon

Click here for all the 2018 Public Sector Innovation winners

In response, Sandia officials developed the High-Fidelity Adaptive Deception and Emulation System (HADES) to go beyond a traditional honeypot and use cutting-edge technology to give its operators the opportunity to run sting operations on the people trying to break into their systems.

Although HADES’ deception environments are isolated from Sandia’s host systems and data, designers spent a lot of time making it look like the real thing. Vince Urias, a cybersecurity researcher at Sandia, said they make up intricate profiles “for admins and engineers and the folks who are working 9 to 5 and those who work 12-hour shifts and take lots of coffee breaks.” Those “users” all have records with recently downloaded files, browser histories, varying uptimes and other small details that mimic authentic network behavior.

Those details and imperfections give the environment a lived-in feeling that keeps attackers engaged longer and lets operators monitor their behavior, develop signatures and implement adaptive countermeasures in real time.

“Think about robbing a house: If you walked into a house and everything was perfect and clean and there was no information, what would you do?” Urias said. “When an adversary comes in, they’re there to do something — to steal information or break things. If they can tell it’s a facsimile, if there is no depth to the information, at some point the adversary doesn’t want to interact with that system.”

Furthermore, HADES is designed to pull certain information from a network in order to replicate it as quickly as possible, which means it is adaptable for use by others. Urias said Sandia has patented the system and plans to license it to other government agencies and external organizations in the future.    

About the Author

Connect with the GCN staff on Twitter @GCNtech.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected