Scientists have created a cybersecurity expertise referred to as Shadow Figment that’s designed to lure hackers into a synthetic world, then cease them from doing harm by feeding them illusory tidbits of success.
The goal is to sequester unhealthy actors by fascinating them with a lovely — however imaginary — world.
The expertise is geared toward defending bodily targets — infrastructure equivalent to buildings, the electrical grid, water and sewage programs, and even pipelines. The expertise was developed by scientists on the U.S. Division of Power’s Pacific Northwest Nationwide Laboratory.
The place to begin for Shadow Figment is an oft-deployed expertise referred to as a honeypot — one thing enticing to lure an attacker, maybe a fascinating goal with the looks of easy accessibility.
However whereas most honeypots are used to lure attackers and examine their strategies, Shadow Figment goes a lot additional. The expertise makes use of synthetic intelligence to deploy elaborate deception to maintain attackers engaged in a faux world — the figment — that mirrors the true world. The decoy interacts with customers in actual time, responding in sensible methods to instructions.
“Our intention is to make interactions appear sensible, in order that if somebody is interacting with our decoy, we hold them concerned, giving our defenders additional time to reply,” mentioned Thomas Edgar, a PNNL cybersecurity researcher who led the event of Shadow Figment.
Exploiting attackers’ “success”
The system rewards hackers with false alerts of success, preserving them occupied whereas defenders be taught in regards to the attackers’ strategies and take actions to guard the true system.
The credibility of the deception depends on a machine studying program that learns from observing the real-world system the place it’s put in. This system responds to an assault by sending alerts that illustrate that the system underneath assault is responding in believable methods. This “model-driven dynamic deception” is way more sensible than a static decoy, a extra frequent device that’s rapidly acknowledged by skilled cyberattackers.
Shadow Figment spans two worlds that years in the past had been impartial however at the moment are intertwined: the cyber world and the bodily world, with elaborate buildings that depend on advanced industrial management programs. Such programs are extra usually within the crosshairs of hackers than ever earlier than. Examples embrace the takedown of huge parts of the electrical grid within the Ukraine in 2015, an assault on a Florida water provide earlier this 12 months, and the current hacking of the Colonial pipeline that affected gasoline provides alongside the East Coast.
Bodily programs are so advanced and immense that the variety of potential targets — valves, controls, pumps, sensors, chillers and so forth — is boundless. Hundreds of units work in live performance to convey us uninterrupted electrical energy, clear water and cozy working circumstances. False readings fed right into a system maliciously may trigger electrical energy to close down. They may drive up the temperature in a constructing to uncomfortable or unsafe ranges, or change the focus of chemical substances added to a water provide.
Shadow Figment creates interactive clones of such system in all their complexity, in ways in which skilled operators and cyber criminals would count on. For instance, if a hacker turns off a fan in a server room within the synthetic world, Shadow Figment responds by signaling that air motion has slowed and the temperature is rising. If a hacker adjustments a setting to a water boiler, the system adjusts the water circulation price accordingly.
Shadow Figment: undermining unwell intent
The intent is to distract unhealthy actors from the true management programs, to funnel them into a synthetic system the place their actions haven’t any impression.
“We’re shopping for time so the defenders can take motion to cease unhealthy issues from occurring,” Edgar mentioned. “Even a couple of minutes is typically all it’s essential to cease an assault. However Shadow Figment must be one piece of a broader program of cybersecurity protection. There isn’t any one answer that could be a magic bullet.”
PNNL has utilized for a patent on the expertise, which has been licensed to Attivo Networks. Shadow Figment is one among 5 cybersecurity applied sciences created by PNNL and packaged collectively in a collection referred to as PACiFiC.
“The event of Shadow Figments is one more instance of how PNNL scientists are targeted on defending the nation’s crucial property and infrastructure,” mentioned Kannan Krishnaswami, a commercialization supervisor at PNNL. “This cybersecurity device has far-reaching functions in authorities and personal sectors — from metropolis municipalities, to utilities, to banking establishments, manufacturing, and even well being suppliers.”
“The event of Shadow Figment illustrates how PNNL expertise makes a distinction in so many lives,” mentioned Kannan Krishnaswami, a commercialization supervisor at PNNL. “The Laboratory’s analysis gives safety in opposition to an array of threats, together with cyberattacks.”