The Air Force is trying to take some of its cyber deception methods to new limits as the service doubles down on its cyber priorities.
The service is looking into transforming the traditional “honeypot” method of catching hackers. Honeypots are systems installed in a network that are easy to hack into. Once an intruder gets into the system the owner can gather information on the hacker.
While this has been successful in the past, hackers have caught on and military needs for hacker information have grown.
The Air Force is experimenting with a more complex deception technique.
“The idea is to try to fool the adversary about what’s going on in the world, so that they either make bad decisions they take longer or they are easier to detect,” said Adam Wick, research lead at Galois, the company contracted with the Air Force for the project.
The goal of the program, named Prattle, is to give fake information to the intruder to direct them toward areas of a network that aren’t important or are traps. The program might also provide the hacker with fake documents or with documents that are watermarked so they can be tracked.
The name fits with the program’s function, as the definition of prattle is to talk at length or in a foolish way.
The Air Force is giving Galois a $750,000 grant to work on the program as part of a larger $100 million effort to expand cyber detection technologies. The funds will be used to take the program out of its prototype phase.
“The Air Force has a couple reasons to be interested in this. One is that there are many Air Force networks that are short-term networks — basically they’re set up for a mission, the mission executes and then they shut down the network and move it away. In those cases, having tools which delay adversaries is extremely effective. If we can delay an adversary for half an hour, 45 minutes, but the network is only going to be up for 25 or 30 [minutes] then we have protected the network just through delay,” Wick said.
The Air Force is also interested in seeding a network with “honey data” to detect where leaks happen. That is where false and watermarked documents come in.
The Air Force will review the systems to make sure they follow the proper National Institute of Standards and Technology security controls are implemented.
Officials working within the Air Force’s Task Force Cyber Secure created seven “lines of attack” for a Cyber Campaign to increase cybersecurity. Among other objectives, they aim to ensure cybersecurity is “baked in” to new weapons systems and that existing platforms are secured as much as possible, deliver cybersecurity training to the acquisition workforce and use threat data from the intelligence community to inform the acquisition process.
Gen. Ellen Pawlikowski, the commander of Air Force Materiel Command, estimated only about $10 million to $20 million has been spent on the campaign in its first year, but all seven areas have shown some signs of progress, including through a new process in which the Air Force is assessing the vulnerability of its systems sorted by “mission threads,” not necessarily by big weapons platforms. The first such analysis is almost completed, she said.
“We have identified certain classes of equipment that we know we need to focus on first, including what I would generically call ‘support equipment,’” Pawlikowski said in September. “That’s not been an area that’s gotten a lot of cybersecurity attention, but almost all aircraft get connected to some kind of automatic test equipment.”