A University of Rhode Island researcher is working on a new way to protect our nation’s power grid from cyberattacks — by sending decoy information to would-be hackers.
Hui Lin says his concept would feed false information to cybercriminals who try to intrude upon a network that controls energy infrastructure. The hope is that the bad intelligence will lead adversaries to develop ineffective attack strategies.
"It's like setting a trap for the attackers even before they initiate any malicious activities,” said Lin in a news release.
Lin said cyber criminals who want to target an industrial control system will often first gain access, and then perform in-depth reconnaissance in order to craft a strategy. His work aims to disrupt that reconnaissance.
Lin — an assistant professor of engineering and leader of the Dependable Cyber-Physical Systems Laboratory — just won a five-year $500,000 grant from the National Science Foundation to further develop the idea, the university announced this week.
The research comes as national leaders express concern about the security of U.S. energy systems. The Department of Homeland Security in January warned that domestic terrorists have developed "credible, specific plans" to attack the nation's grid.
Virtual attacks on energy systems are not new. Ukraine’s grid was attacked in 2015, leaving 200,000 households without power. Cyber criminals breached South Korean nuclear and hydroelectric companies in 2014, then posted manuals for two nuclear reactors online. More recently, hackers exploited software from the IT group SolarWinds to compromise federal agencies and private sector companies, some in the electricity sector. And last year, a vulnerable password led to a ransomware attack on the digital system that controls the Colonial Pipeline.
According to an annual threat assessment issued by the U.S. intelligence community, countries with cyberattack capabilities targeting critical infrastructure include Russia, China, Iran, and North Korea.
Lin's project is jointly funded by the U.S. government's Secure and Trustworthy Cyberspace program and the Established Program to Stimulate Competitive Research.
"When attacks happen, we try to detect them as soon as possible and try to recover as quickly as possible," said Lin. "But what I'm trying to propose is that instead of passive detection, let us disrupt reconnaissance and even mislead some of the reconnaissance that potential attackers would perform.
