Industrial control systems are the workhorses that power modern life. They keep electrons pumping through transmission lines, water flowing through pipes and filtration systems, and oil and gas flowing through pipelines. So, it’s a big deal if these systems are brought down by a cyber attack.
Researchers are currently exploring better ways to protect these vital systems from such intrusions. For instance, this article describes work done at security firm Trend Micro to identify would-be attackers by attracting them to decoys. In cyber security parlance, a decoy is called a “honeypot”. A honeypot is a system that looks like it is part of an important operation but really serves as an attractive facade. By tracking the traffic coming into the honeypot, the owner of the real system can learn who his adversaries are and what tricks they are employing. Armed with this knowledge, he stands a better chance of blocking them.
The use of honeypots is nothing new. In fact, honeypots have been the subject of much controversy ever since people started using them about fifteen years ago. Some wonder whether it is fair to entice hackers into committing crimes with “low-hanging fruit”. Others worry that we are training more skillful bad actors by helping them learn what a traps look like and how to avoid them. In my opinion, honeypots serve a vital role in helping cyber security professionals identify new and emerging threats. Hacking is a legitimate exercise and certainly has its place, but any computer hacker worthy of the title knows that one should hack only those systems for which permission has been granted. If a hacker is lured into attacking a system that was just too tempting to pass up, that’s an offense and should be treated as such.
In this particular case, an organization in China that is suspected of being part of the Chinese military was found to have launched an attack against what they thought was a vital part of a water control system. What they actually had hacked was a decoy system that monitored their every move. The researchers who planted the decoy were able to identify who the bad actor was, where he was located, and what techniques he used to break in. That’s a lot of very helpful information. By employing systems like these more widely, researchers can assemble a catalog of bad actors and their techniques. This will help security professionals program the system’s network appliances with smarter rules for blocking and filtering malicious traffic.
Although they are controversial, honeypots will continue to play an important role in organizations’ cyber security arsenals, particularly as the battlefront shifts to critical infrastructures.