The cybersecurity technology - called Shadow Figment - is designed to lure hackers into an artificial world, then stop them from doing damage by feeding them illusory tidbits of success. The aim is to sequester bad actors by captivating them with an attractive - but imaginary - world.
The technology is aimed at protecting physical targets - infrastructure such as buildings, the electric grid, water and sewage systems, and even pipelines. The starting point for Shadow Figment is an oft-deployed technology called a honeypot - something attractive to lure an attacker, perhaps a desirable target with the appearance of easy access.
But while most honeypots are used to lure attackers and study their methods, Shadow Figment goes much further. The technology uses artificial intelligence to deploy elaborate deception to keep attackers engaged in a pretend world - the figment - that mirrors the real world. The decoy interacts with users in real time, responding in realistic ways to commands.
"Our intention is to make interactions seem realistic, so that if someone is interacting with our decoy, we keep them involved, giving our defenders extra time to respond," says Thomas Edgar, a PNNL cybersecurity researcher who led the development of Shadow Figment.
The system rewards hackers with false signals of success, keeping them occupied while defenders learn about the attackers' methods and take actions to protect the real system.
The credibility of the deception relies on a machine learning program that learns from observing the real-world system where it is installed. The program responds to an attack by sending signals that illustrate that the system under attack is responding in plausible ways. This "model-driven dynamic deception" is much more realistic than a static decoy, a more common tool that is quickly recognized by experienced cyberattackers.
Shadow Figment spans two worlds that years ago were independent but are now intertwined: the cyber world and the physical world, with elaborate structures that rely