Threat Model for Christmas
This year, Nixu had the pleasure of helping Santa out with the security of the entire end-to-end process for delivering gifts to millions of people worldwide. No other process is quite as extensive and complex as the one Santa uses to deliver billions of gifts within one day, all over the globe. It's no surprise that the process is full of risks that could ruin the Christmas for everyone. Having strong roots in Nordics and specifically in Finland, Nixu was a natural partner for Santa.
In a brief interview, Santa gave the following comment:
When we decided to modernize and streamline our business to meet the requirement of today’s children, we wanted to guarantee the confidentiality of our data and ensure the changes do not compromise the traditionally high quality of our distribution process. Working with cybersecurity professionals was a pleasure. Who knew that even delivery of presents to children everywhere relates to cybersecurity these days. Thankfully we are now ready to provide everyone a happy Christmas!
Nixu’s CEO Petri Kairinen had following to say regarding the exercise:
Since childhood I have had the secret dream of working for Santa. Obviously, we are all now very excited after delivering this comprehensive threat modeling service for Santa and his associates. Nixu is very committed to its mission of keeping the digital society running. In this regard, nothing could be more important than making sure Santa’s digitalized business is resilient and able to meet the GDPR requirements.
We publish some of the highlights and a rough outline for the results here with permission from Santa himself. It should be noted that the full threat model is more comprehensive. However, to thwart attacks by The Grinch, we only publish some parts of the model to keep the implementation details secret at this time. Hopefully, more information can be released after Christmas time is over.
Hopefully, this allows you to appreciate all the gifts that arrive again this year even more.
Process
Following process describes the rough outline and steps involved in gift manufacturing and delivery. The BPMN chart detailing the whole process has been omitted as it contains details which could help The Grinch to better target his attacks on weak points.
Reconnaissance Phase (whole year)
Santa and the elves work tirelessly during the whole year to ensure a smooth Christmas for everyone.
Activity | Actions |
Observing kids and their behavior |
|
Keeping a wish-list for each kid |
|
Verifying naughty/nice status |
|
Keeping track of gift trends |
|
Maintaining equipment |
|
Maintaining supply chain |
|
Preparations (December)
In order to be ready for 24th, Santa and the elves carry out various activities in advance.
Activity | Actions |
Obtaining parts for toys |
|
Creating delivery plan |
|
Creating toys |
|
Packaging toys |
|
Delivery (December 24th)
To ensure a successful Christmas, following actions are taken on the big day.
Activity | Actions |
Delivery preparations |
|
Delivering the presents |
|
Delivery of late presents (if needed) |
|
Identified threats
Some of the threats identified in the analysis have been listed here.
Threat | Outcome |
Gifts not delivered at all | Children everywhere have a sad Christmas |
Gifts delivered late | Children are initially disappointed, potentially ruining the Christmas mood even if the gifts are delivered later |
Gifts are delivered but to wrong locations (e.g. through intentional misdirection) | Children as sad, The Grinch may obtain the presents himself |
Gifts don’t follow latest trends | Children are sad as they didn’t receive the items that they wanted, resulting in bad will towards Santa |
False negatives in recon, kids are labeled as naughty/nice by mistake | Some children end up sad through no fault of their own, potentially leading to reputation risks |
Naughty/nice registry leaks from Santa’s database | Reputation risk, especially for naughty children |
Santa receives fake letters for gift requests | The Grinch may receive undeserved presents, process may be delayed |
Certification for Santa’s process and equipment is not up-to-date | Equipment failures or other disruptions to delivery can occur |
Manual process for record-keeping is inaccurate due to manual error | Process is disrupted due to faulty data, presents are diverted, delayed or lost entirely |
Supply chain for presents is disrupted | Presents cannot be manufactured in time, kids don’t receive gifts |
Recommendations
Nixu identified some potential controls and corrective actions that are recommended to ensure that the process flows smoothly and kids can have a great Christmas.
Ensure that physical security for the North Pole is properly implemented. | The Grinch may attempt to prevent gift delivery by tampering with the sled, the presents or other items involved in the delivery process. Ensure that physical security controls (e.g. locks, keycards etc.) are used on premises which are critical for security. |
Ensure that reliable time source is used. | The Grinch may potentially try to delay gift delivery through e.g. tampering with available time sources. Ensure that reliable and shared time source is utilized by everyone involved in the process. |
Ensure that travel plans cannot be modified. | Ensure that e.g. GPS jamming or manipulation from The Grinch can be avoided. Store the travel plans in secure location and utilize digital signatures to ensure that the plans haven’t been tampered. It’s highly recommended to integrate to NORAD’s Santa Tracker and ensure that the data they receive from radars correlates with data collected by the sensors on Santa’s sled: |
Ensure that up-to-date information about toy trends are available | Collect information about popular toys from reliable sources. Watch out for false resources set up by The Grinch which may carry false information about what kids are popular. Evaluate blockchain-based technology as a future option for collecting trusted reviews. |
Ensure that information used to make naughty/nice decisions is up-to-date | Verify that data about children is up-to-date. If social media accounts and similar are used as part of the reconnaissance, ensure that proper identification is done so that kids don’t suffer from misdeeds of other kids. |
Implement proper security on all digital systems | Ensure that data about children and their naughty/nice status as well as their toy preferences are only stored in secure systems. Also ensure that proper security monitoring is in place to detect unauthorized access attempts by The Grinch. |
Authenticate letters from children | Consider secure authentication methods that would ensure that gift lists are authentic and really coming from the kids. Note that The Grinch may have helpers who can, using a reasonable budget, cause Denial of Service attack on the elves reading the letters if enough fake letters are delivered without validation. |
Ensure that equipment and process have been re-certified | Verify that certificates for the sled and the process itself are still valid and meet the latest requirements. For example, ensure that the FAA certification for the sled and Santa’s uniform are still valid and meet the latest guidelines. https://www.faa.gov/news/press_releases/news_story.cfm?newsId=12237 |
Implement digital platform for processing data | Consider replacing the manual book-keeping methods with modern digital equivalents, ensuring that all kids receive the right presents and in time. Also consider cloud-based SaaS solutions with solid track record on security. |
Ensure that suppliers have adequate protections against cybersecurity threats | Check all contracts with suppliers providing parts for toys and ensure that they have adequate cybersecurity requirements in place. Discuss with vendors and remind them of the importance of Christmas. |
With the success story, the Nixu team wishes Happy Holidays and Merry Christmas to everyone!