Elements of disinformation theory: cyber engagement via increasing adversary information consumption

TL;DR

This paper proposes a strategic deception approach using honeypots and sensor spoofing to increase adversary information processing costs in cyber-physical systems, leveraging threat intelligence to optimize engagement tactics.

Contribution

It introduces a novel adversary engagement strategy that maximizes adversary information consumption while increasing their operational costs through sensor spoofing and honeypots.

Findings

Sensor spoofing can significantly increase adversary information intake.

Perfect threat intelligence improves the effectiveness of deception strategies.

Numerical results demonstrate the trade-offs between intelligence accuracy and engagement success.

Abstract

We consider the case where an adversary is conducting a surveillance campaign against a networked control system (NCS), and take the perspective of a defender/control system operator who has successfully isolated the cyber intruder. To better understand the adversary's intentions and to drive up their operating costs, the defender directs the adversary towards a ``honeypot" that emulates a real control system and without actual connections to a physical plant. We propose a strategy for adversary engagement within the ``honey" control system to increase the adversary's costs of information processing. We assume that, based on an understanding of the adversary's control theoretic goals, cyber threat intelligence (CTI) provides the defender knowledge of the adversary's preferences for information acquisition. We use this knowledge to spoof sensor readings to maximize the amount of information the adversary consumes while making it (information theoretically) difficult for the adversary to detect that they are being spoofed. We discuss the case of imperfect versus perfect threat intelligence and perform a numerical comparison.