What is Shadow Figment and how does it work?

Scientists at the US Department of Energy’s Pacific Northwest National Laboratory have created a cybersecurity technology called Shadow Figment that is designed to lure hackers into an artificial world, then stop them from doing damage by feeding them imaginary bites of success. 

The aim is to seize bad actors by captivating them with an attractive, but imaginary, world. The technology is aimed at protecting physical targets, infrastructures such as buildings, the electric grid, water and sewage systems, and even pipelines.

How does it work?

The starting point for Shadow Figment is a technology called a honeypot, which is something attractive to lure an attacker, perhaps a desirable target with the appearance of easy access. The technology uses AI to deploy elaborate deception to keep attackers engaged in a pretend world that mirrors the real world. The decoy interacts with users in real-time, responding in realistic ways to commands.

Shadow Figment is a model-driven cyber defence designed specifically for control system environments. The technology utilises a distributed computational platform to define and deploy deceptive devices. Deployed decoys respond to protocol queries from an attacker with realistic, plausible return signals. As attackers interact with decoys, alerts are sent to defenders and incident responders to inform and educate them about active attacks.

“Our intention is to make interactions seem realistic, so that if someone is interacting with our decoy, we keep them involved, giving our defenders extra time to respond,” said Thomas Edgar, a PNNL cybersecurity researcher who led the development of Shadow Figment.

The system rewards hackers with false signals of success, keeping them occupied while defenders learn about the attackers’ methods and take actions to protect the real system.

“We’re buying time so the defenders can take action to stop bad things from happening,” Edgar said. “Even a few minutes is sometimes all you need to stop an attack. But Shadow Figment needs to be one piece of a broader programme of cybersecurity defence. There is no one solution that is a magic bullet.”

PNNL has applied for a patent on the technology, which has been licensed to Attivo Networks. Shadow Figment is one of five cybersecurity technologies created by PNNL and packaged together in a suite called PACiFiC.