Threat modelling with Santa
If there is one person who, like no other, knows that there is a lot to protect to keep people happy, then it’s Santa and his factory filled with elves, toys and sugary goodness. Not only are there plenty of things to protect, but there are also a lot of things to consider that might play out in unexpected ways, and jeopardize Christmas.
This is why Santa not only knows what to protect, but he also knows the limitations of the resources he needs to be able to keep children happy and make sure the process of making and delivery toys and candy stays operational.
Threat modelling
Threat modelling looks at the interplay between what is there to protect, who or what might be causing concern or disruption, and what can be used to counter or limit those effects. It means considering the unthinkable, getting comfortable with some of the worst outcomes, and backtracking those to see what can be done to make sure they either don’t happen, don’t happen as often and/or can be reduced to small hiccups rather than the potential of ruining Christmas. Ultimately it is a question of "when" not "if" something is going wrong, and Santa is no slouch.
What to protect
The number one question being asked by any organization is pretty straight forward: how much security do I really need?
This sounds like a simple question, but unfortunately it is incomplete. A better question could be: "how much security do I need to protect me against the threats that might jeopardize the functioning and well-being of my organization?"
That means having an overview of what needs protecting, but also to have an idea on the potential things that could go wrong, so you know how much protection you need for any given situation or outcome. That means being open to failure, anticipating it and even making it your own by making investments that will lower the risk to a level that can be accepted by everyone involved. But when delivering toys and candy to children, there is no second guessing, so Santa is on a mission to make sure he knows the ins and outs of his organization.
Let’s get started
We wouldn’t need cyber security if there wasn’t anything to protect. So, knowing what to protect and the role it plays in your organization is crucial. Luckily, Santa has his operation all figured out, and defined the follow areas to protect to be able to run his operation:
Assets
- Book of names
The book of names is crucial to Santa’s operations. Keeping track of what each child wished for and knowing where they live is what Santa needs to be able to make sure he can deliver all the presents to the right houses, at the right address and all within one evening.
- Toy factory
Toys are, of course, at the top of every kid’s dream and thus there is a lot of demand to satisfy. With such a high demand for children expecting their toys means Santa must run a tight ship and needs to know what problems might occur, anticipate them, and be able to think fast when they play out.
- Toys
Toys are the end-product of the toy factory and need to be delivered to the children. But toys can be the problem too; toys need to be made with the necessary quality. Bad toys need to be able to be identified and, once all is said and done, they need to get out of the factory to make room for… more toys. If not, the toys themselves can become the biggest obstacle of the factory itself and its main product might become its own threat.
- Candy
Nothing says winter feast like a mouth full of candy. But that candy needs a steady flow of key ingredients, a reliable elf work force, and a well-protected set of recipes and quality requirements
Controls
- Toy factory gate (physical security)
This brass gate made by generations of elves is not only good for keeping polar bears out. It is also great for making sure no toys or candy leave the building that is not in a bag or on a sled.
- Bells (detection/monitoring)
Even if little control exists over what gets lost or what ends up in the wrong bag, or who is allowed near the book of names, at the very least everyone will know when someone has entered a room because of the doorbells hanging next to every door giving access to something that matters. Even if we cannot stop someone from going into the room, at least everyone will be alerted to it so action can be taken.
- Multi-Factor Authentication (Santa + Rudolph’ password is required to unlock the book)
Santa talks in his sleep and has been known to blurt out his password! An absolute nightmare as the curious elves also want to know which children have been naughty. But it is not the end of the world. That is why for opening the cyberbook of names (yes, Santa invests in the future) you need not only Santa’s password, but also Rudolph’s password of the day, as part of a larger passphrase. Multi-Factor Authentication (MFA) or in this case, Santa Rudolph Authentication (SRA) is what is keeping security in check while still allowing Santa to be who he is.
- Vault (not everything needs the same protection, stick the important things in secured locations)
There is no candy like Santa’s workshop candy. That means quality ingredients, a great secret recipe and being able to protect both from not being available. This means only the most crucial elements of the factory, such as the candy recipes and book of names, will need to go into the vault. But that does mean knowing what is crucial and worth protecting, and what can be easily replaced and written off.
Threat Actors
- Accidental incidents
The number one source of delays at the toy factory are the elves themselves, or just happenstance events that cause a lot of chaos if not practiced. The wrong color of dye on the candy canes, someone dropping a box of ornaments, the wrong toy being wrapped for the wrong child. These things happen, and to ignore them is to ignore the very nature of the winter festivities: to celebrate what we do well, but to also embrace and learn from our mistakes and try and do better.
- Nosy kids
It’s one thing to receive letters from children asking for certain toys. It’s another to try and defend against well planned out psyops operations of social engineering, kids trying to figure out if their neighbor is going to get the red bike or a piece of coal. As much as kids should be experimenting and exploring the world, there are some things that need to stay out of their hands, which means a design and handling philosophy that makes those boundaries clear, while not having to build a wall.
- Polar bears
As beautiful as they are curious, it is a little-known fact that polar bears love playing with toys. Especially video games. There is a reason why there are no polar bears allowed at video game tournaments, because no amount of hours in the day would be enough practice to beat a polar bear at Tetris. But it does mean Santa needs to take the necessary precautions to make sure that polar bears cannot just walk in and rummage around, start opening boxes, scaring the elves and generally just making a mess.
- Elves
As much as elves are the engine behind the toy factory, they can be as mischievous as they are productive. Elves are curious by nature and love to get into the details of what is supposed to be off-limits to them. And they love talking about it in the locker rooms. Names of children and what they wished for, the secret candy recipes, as well the list of ingredients, and special maps Santa uses to get to every house in time. Even Santa must protect these things against nosy elves who simply can’t help themselves but could ruin the festivities if information was to be leaked to others.
Threats
- Obtaining information (Intellectual Property theft)
As much as Santa’s candy and toys are popular, there are always other parties that want to steal the recipes for their own gain. Sometimes loosely organized trouble makings directed nation state agencies such as the EBSBS (Easter Bunny Secret Bureau of Sugar) lurking about wanting to get in on the action.
- Stealing candy (Theft)
What is better than candy? That’s right, more candy! And that means that candy sometimes gets lost or misplaced. Being able to have control over where the candy is stored gives the luxury of being able to protect it, as you can’t protect what you don’t know about.
- Ruining Christmas (Denial of Service, crisis management)
As any operation that requires precise timing and precise information, it is easy to lose control, which could end up in ruining Christmas. That is why it is important for Santa and his management elves to look at what it would take.
- Supply chain (lack of wood to make toys, no more sugar to make candy)
Making anything requires resources, and a steady flow of resources at that. Planning where resources come from, being able to bridge period of delays and being able to obtain products from different sources while knowing how long delivery takes is crucial to any organized team of do-gooders such as Santa’s crew.
Image credit: HASLOO/depositphotos.com
Tom Van de Wiele is Principal Threats & Technology Researcher, WithSecure.