Scientists have created a cybersecurity technology called Shadow Figment that is designed to lure hackers into an artificial world, then stop them from doing damage by feeding them illusory tidbits of success. The aim is to sequester bad actors by captivating them with an attractive, but imaginary world. The technology is aimed at protecting physical targets — infrastructure such as buildings, the electric grid, water and sewage systems, and pipelines.
The starting point for Shadow Figment is an oft-deployed technology called a honeypot, which is something attractive to lure an attacker — perhaps a desirable target with the appearance of easy access. While most honeypots are used to lure attackers and study their methods, Shadow Figment goes much further. The technology uses artificial intelligence to deploy elaborate deception to keep attackers engaged in a pretend world (the figment) that mirrors the real world. The decoy interacts with users in real time, responding in realistic ways to commands.
The system rewards hackers with false signals of success, keeping them occupied while defenders learn about the attackers’ methods and take actions to protect the real system. The credibility of the deception relies on a machine learning program that learns from observing the real-world system where it is installed. The program responds to an attack by sending signals that illustrate that the system under attack is responding in plausible ways. This “model-driven dynamic deception” is much more realistic than a static decoy, a more common tool that is quickly recognized by experienced cyberattackers.
Shadow Figment spans two worlds that years ago were independent but are now intertwined — the cyber world and the physical world — with elaborate structures that rely on complex industrial control systems. Physical systems are so complex and immense that the number of potential targets — valves, controls, pumps, sensors, chillers, and so on — is boundless. Thousands of devices work in concert to bring uninterrupted electricity, clean water, and comfortable working conditions. False readings fed into a system maliciously could cause electricity to shut down, drive up the temperature in a building to uncomfortable or unsafe levels, or change the concentration of chemicals added to a water supply.
Shadow Figment creates interactive clones of such a system, in all their complexity, in ways that experienced operators and cyber criminals would expect.
For example, if a hacker turns off a fan in a server room in the artificial world, Shadow Figment responds by signaling that air movement has slowed and the temperature is rising. If a hacker changes a setting to a water boiler, the system adjusts the water flow rate accordingly.
Shadow Figment has far-reaching applications in government and private sectors, from city municipalities and utilities, to banking institutions, manufacturing, and health providers.