An exploration of defensive deception in industrial communication networks

Process control networks constitute a vantage point for computer network attacks on electrical power infrastructures such as power plants and electrical substations. Consequently those networks represent a critical point of network defense in power grid computer networks. In this paper we discuss research that draws on military deception to conduct a cognitive hacking into the attacker’s mind at the process control network level. This research enables the defender to influence the attacker’s target selection process, and thus pilot it towards simulated physical processes and equipment. A hijacked target selection process causes the attacker to generate specific network traffic that makes a significant contribution to the detection of the ongoing network intrusion. Our cognitive hacking approach is based on displays created via simulation of the appearance of physical processes and equipment. The main counter attack vectors employed consist of emission of deceptive network traffic and exploitation of information conversion as means of concealing deceptive simulation. We have implemented this research as a small proof of concept prototype, and thus in the paper we also discuss an analysis of its deception effects via application of signal detection theory.