Decoy system diverts hackers from critical infrastructure
Scientists at the Pacific Northwest National Laboratory have created a cybersecurity technology designed to stop hackers from damaging critical infrastructure networks by luring them instead into an artificial world and feeding them false signals of success.
Shadow Figment is based on honeypots, which attract hackers by providing what appears to be an easy target so cybersecurity researchers can study the attackers’ methods.
PNNL’s technology uses a machine learning enhanced honeypot that learns from observing the real-world operational-technology system where it is installed. It responds to an attack by sending signals that indicate that the system under attack is responding in plausible ways. This “model-driven dynamic deception” is much more realistic than a static decoy, PNNL officials said in a recent release.
The strategy is to keep attackers engaged, “giving our defenders extra time to respond,” said Thomas Edgar, a PNNL cybersecurity researcher who led the development of the technology.
In cyber-physical systems supporting critical infrastructure, the number of potential targets -- such as valves, controls, pumps, sensors, chillers and so on -- is practically limitless. Hackers inserting false data into a single system could trigger safety procedures that shut down power and water distribution.
Shadow Figment creates interactive clones of operational technology systems that behave just as experienced operators and cyber criminals would expect. If a hacker turns off a fan in a server room in the artificial world, PNNL officials said, the program would respond realistically by signaling that air movement has slowed and the temperature is rising. The ruse would hopefully keep bad actors engaged with the mirror system where they can do no harm.
“Even a few minutes is sometimes all you need to stop an attack,” Edgar said. “But Shadow Figment needs to be one piece of a broader program of cybersecurity defense. There is no one solution that is a magic bullet.”
The technology, which is one of five cybersecurity technologies created by PNNL and packaged together in a suite called PACiFiC, has been licensed to Attivo Networks.
“This cybersecurity tool has far-reaching applications in government and private sectors—from city municipalities, to utilities, to banking institutions, manufacturing, and even health providers.” said Kannan Krishnaswami, a commercialization manager at PNNL.
Connect with the GCN staff on Twitter @GCNtech.