RICHLAND, Wash.-Scientists have created a cybersecurity know-how referred to as Shadow Figment that’s designed to lure hackers into a synthetic world, then cease them from doing harm by feeding them illusory tidbits of success.
The intention is to sequester unhealthy actors by fascinating them with an attractive-but imaginary-world.
The know-how is geared toward defending bodily targets-infrastructure similar to buildings, the electric grid, water and sewage methods, and even pipelines. The know-how was developed by scientists on the U.S. Division of Power’s Pacific Northwest National Laboratory.
The place to begin for Shadow Figment is an oft-deployed know-how referred to as a honeypot-something enticing to lure an attacker, maybe a fascinating goal with the looks of easy accessibility.
However whereas most honeypots are used to lure attackers and examine their strategies, Shadow Figment goes a lot additional. The know-how makes use of synthetic intelligence to deploy elaborate deception to maintain attackers engaged in a fake world-the figment-that mirrors the actual world. The decoy interacts with customers in actual time, responding in reasonable methods to instructions.
“Our intention is to make interactions appear reasonable, in order that if somebody is interacting with our decoy, we maintain them concerned, giving our defenders additional time to reply,” stated Thomas Edgar, a PNNL cybersecurity researcher who led the event of Shadow Figment.
Exploiting attackers’ “success”
The system rewards hackers with false alerts of success, protecting them occupied whereas defenders study concerning the attackers’ strategies and take actions to guard the actual system.
The credibility of the deception depends on a machine studying program that learns from observing the real-world system the place it’s put in. This system responds to an assault by sending alerts that illustrate that the system beneath assault is responding in believable methods. This “model-driven dynamic deception” is rather more reasonable than a static decoy, a extra widespread device that’s rapidly acknowledged by skilled cyberattackers.
Shadow Figment spans two worlds that years in the past have been unbiased however are actually intertwined: the cyber world and the bodily world, with elaborate constructions that depend on advanced industrial management methods. Such methods are extra usually within the crosshairs of hackers than ever earlier than. Examples embody the takedown of enormous parts of the electrical grid within the Ukraine in 2015, an assault on a Florida water provide earlier this yr, and the current hacking of the Colonial pipeline that affected gasoline provides alongside the East Coast.
Bodily methods are so advanced and immense that the variety of potential targets-valves, controls, pumps, sensors, chillers and so on-is boundless. Hundreds of units work in live performance to carry us uninterrupted electrical energy, clear water and cozy working situations. False readings fed right into a system maliciously might trigger electrical energy to close down. They may drive up the temperature in a constructing to uncomfortable or unsafe ranges, or change the focus of chemical substances added to a water provide.
Shadow Figment creates interactive clones of such system in all their complexity, in ways in which skilled operators and cyber criminals would anticipate. For instance, if a hacker turns off a fan in a server room within the synthetic world, Shadow Figment responds by signaling that air motion has slowed and the temperature is rising. If a hacker adjustments a setting to a water boiler, the system adjusts the water circulate fee accordingly.
Shadow Figment: undermining ailing intent
The intent is to distract unhealthy actors from the actual management methods, to funnel them into a synthetic system the place their actions don’t have any influence.
“We’re shopping for time so the defenders can take motion to cease unhealthy issues from taking place,” Edgar stated. “Even a couple of minutes is typically all it is advisable to cease an assault. However Shadow Figment must be one piece of a broader program of cybersecurity protection. There isn’t any one answer that may be a magic bullet.”
PNNL has utilized for a patent on the know-how, which has been licensed to Attivo Networks. Shadow Figment is one in all 5 cybersecurity applied sciences created by PNNL and packaged collectively in a set referred to as PACiFiC.
“The event of Shadow Figments is yet one more instance of how PNNL scientists are targeted on defending the nation’s important belongings and infrastructure,” stated Kannan Krishnaswami, a commercialization supervisor at PNNL. “This cybersecurity device has far-reaching purposes in authorities and personal sectors-from metropolis municipalities, to utilities, to banking establishments, manufacturing, and even well being suppliers.”
The crew’s most up-to-date outcomes have been printed within the spring issue of the Journal of Information Warfare.
Edgar’s colleagues on the mission embody William Hofer, Juan Brandi-Lozano, Garrett Seppala, Katy Nowak and Draguna Vrabie. The work was funded by PNNL and by DOE’s Workplace of Expertise Transitions.