Securing cyber-physical systems

Decoy system diverts hackers from critical infrastructure

Scientists at the Pacific Northwest National Laboratory have created a cybersecurity technology designed to stop hackers from damaging critical infrastructure networks by luring them instead into an artificial world and feeding them false signals of success.

Shadow Figment is based on honeypots, which attract hackers by providing what appears to be an easy target so cybersecurity researchers can study the attackers’ methods.

PNNL’s technology uses a machine learning enhanced honeypot that learns from observing the real-world operational-technology system where it is installed. It responds to an attack by sending signals that indicate that the system under attack is responding in plausible ways. This “model-driven dynamic deception” is much more realistic than a static decoy, PNNL officials said in a recent release.

The strategy is to keep attackers engaged, “giving our defenders extra time to respond,” said Thomas Edgar, a PNNL cybersecurity researcher who led the development of the technology.

In cyber-physical systems supporting critical infrastructure, the number of potential targets -- such as valves, controls, pumps, sensors, chillers and so on -- is practically limitless. Hackers inserting false data into a single system could trigger safety procedures that shut down power and water distribution.

Shadow Figment creates interactive clones of operational technology systems that behave just as experienced operators and cyber criminals would expect. If a hacker turns off a fan in a server room in the artificial world, PNNL officials said, the program would respond realistically by signaling that air movement has slowed and the temperature is rising. The ruse would hopefully keep bad actors engaged with the mirror system where they can do no harm.

“Even a few minutes is sometimes all you need to stop an attack,” Edgar said. “But Shadow Figment needs to be one piece of a broader program of cybersecurity defense. There is no one solution that is a magic bullet.”

The technology, which is one of five cybersecurity technologies created by PNNL and packaged together in a suite called PACiFiC, has been licensed to Attivo Networks.

“This cybersecurity tool has far-reaching applications in government and private sectors—from city municipalities, to utilities, to banking institutions, manufacturing, and even health providers.” said Kannan Krishnaswami, a commercialization manager at PNNL.

About the Author

Connect with the GCN staff on Twitter @GCNtech.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected