Threat Model for Christmas

Matti Suominen

December 22, 2017 at 13:21

This year, Nixu had the pleasure of helping Santa out with the security of the entire end-to-end process for delivering gifts to millions of people worldwide. No other process is quite as extensive and complex as the one Santa uses to deliver billions of gifts within one day, all over the globe. It's no surprise that the process is full of risks that could ruin the Christmas for everyone. Having strong roots in Nordics and specifically in Finland, Nixu was a natural partner for Santa.

pukki

In a brief interview, Santa gave the following comment:

When we decided to modernize and streamline our business to meet the requirement of today’s children, we wanted to guarantee the confidentiality of our data and ensure the changes do not compromise the traditionally high quality of our distribution process. Working with cybersecurity professionals was a pleasure. Who knew that even delivery of presents to children everywhere relates to cybersecurity these days. Thankfully we are now ready to provide everyone a happy Christmas!

Nixu’s CEO Petri Kairinen had following to say regarding the exercise:

Since childhood I have had the secret dream of working for Santa. Obviously, we are all now very excited after delivering this comprehensive threat modeling service for Santa and his associates. Nixu is very committed to its mission of keeping the digital society running. In this regard, nothing could be more important than making sure Santa’s digitalized business is resilient and able to meet the GDPR requirements.

We publish some of the highlights and a rough outline for the results here with permission from Santa himself. It should be noted that the full threat model is more comprehensive. However, to thwart attacks by The Grinch, we only publish some parts of the model to keep the implementation details secret at this time. Hopefully, more information can be released after Christmas time is over.

Hopefully, this allows you to appreciate all the gifts that arrive again this year even more.

Process

Following process describes the rough outline and steps involved in gift manufacturing and delivery. The BPMN chart detailing the whole process has been omitted as it contains details which could help The Grinch to better target his attacks on weak points.

Reconnaissance Phase (whole year)

Santa and the elves work tirelessly during the whole year to ensure a smooth Christmas for everyone.

Activity

Actions

Observing kids and their behavior

  • Collecting information about kids and their behavior
  • Analyzing nice and naughty deeds

Keeping a wish-list for each kid

  • Collecting wish-lists from kids
  • Identifying wishes through other means

Verifying naughty/nice status

  • Categorizing kids based on their deeds during the year

Keeping track of gift trends

  • Identifying which gifts would be popular

Maintaining equipment

  • Ensuring that the sled is operational
  • Maintaining the toy factory at North Pole

Maintaining supply chain

  • Ensuring that enough toy parts are available during December

Preparations (December)

In order to be ready for 24th, Santa and the elves carry out various activities in advance.

Activity

Actions

Obtaining parts for toys

  • Working with vendors
  • Ensuring adequate supply

Creating delivery plan

  • Identifying locations to which gifts are delivered
  • Identifying the most efficient route for the sled

Creating toys

  • Creating the toys based on wishlists from kids

Packaging toys

  • Packaging the toys and labeling them for delivery

Delivery (December 24th)

To ensure a successful Christmas, following actions are taken on the big day.

Activity

Actions

Delivery preparations

  • Packing the sled
  • Verifying the delivery route

Delivering the presents

  • Delivery of presents based on pre-created delivery plan
  • Accessing buildings in most suitable manner (often through chimney)

Delivery of late presents (if needed)

  • Delivering forgotten or lost presents in Just-In-Time manner
  • “Oh, we found this one under the table”

Identified threats

Some of the threats identified in the analysis have been listed here.

Threat

Outcome

Gifts not delivered at all

Children everywhere have a sad Christmas

Gifts delivered late

Children are initially disappointed, potentially ruining the Christmas mood even if the gifts are delivered later

Gifts are delivered but to wrong locations (e.g. through intentional misdirection)

Children as sad, The Grinch may obtain the presents himself

Gifts don’t follow latest trends

Children are sad as they didn’t receive the items that they wanted, resulting in bad will towards Santa

False negatives in recon, kids are labeled as naughty/nice by mistake

Some children end up sad through no fault of their own, potentially leading to reputation risks

Naughty/nice registry leaks from Santa’s database

Reputation risk, especially for naughty children

Santa receives fake letters for gift requests

The Grinch may receive undeserved presents, process may be delayed

Certification for Santa’s process and equipment is not up-to-date

Equipment failures or other disruptions to delivery can occur

Manual process for record-keeping is inaccurate due to manual error

Process is disrupted due to faulty data, presents are diverted, delayed or lost entirely

Supply chain for presents is disrupted

Presents cannot be manufactured in time, kids don’t receive gifts

Recommendations

Nixu identified some potential controls and corrective actions that are recommended to ensure that the process flows smoothly and kids can have a great Christmas.

Ensure that physical security for the North Pole is properly implemented.

The Grinch may attempt to prevent gift delivery by tampering with the sled, the presents or other items involved in the delivery process. Ensure that physical security controls (e.g. locks, keycards etc.) are used on premises which are critical for security.

Ensure that reliable time source is used.

The Grinch may potentially try to delay gift delivery through e.g. tampering with available time sources. Ensure that reliable and shared time source is utilized by everyone involved in the process.

Ensure that travel plans cannot be modified.

Ensure that e.g. GPS jamming or manipulation from The Grinch can be avoided. Store the travel plans in secure location and utilize digital signatures to ensure that the plans haven’t been tampered.

It’s highly recommended to integrate to NORAD’s Santa Tracker and ensure that the data they receive from radars correlates with data collected by the sensors on Santa’s sled:

https://www.noradsanta.org/

Ensure that up-to-date information about toy trends are available

Collect information about popular toys from reliable sources. Watch out for false resources set up by The Grinch which may carry false information about what kids are popular. Evaluate blockchain-based technology as a future option for collecting trusted reviews.

Ensure that information used to make naughty/nice decisions is up-to-date

Verify that data about children is up-to-date. If social media accounts and similar are used as part of the reconnaissance, ensure that proper identification is done so that kids don’t suffer from misdeeds of other kids.

Implement proper security on all digital systems

Ensure that data about children and their naughty/nice status as well as their toy preferences are only stored in secure systems. Also ensure that proper security monitoring is in place to detect unauthorized access attempts by The Grinch.

Authenticate letters from children

Consider secure authentication methods that would ensure that gift lists are authentic and really coming from the kids. Note that The Grinch may have helpers who can, using a reasonable budget, cause Denial of Service attack on the elves reading the letters if enough fake letters are delivered without validation.

Ensure that equipment and process have been re-certified

Verify that certificates for the sled and the process itself are still valid and meet the latest requirements.

For example, ensure that the FAA certification for the sled and Santa’s uniform are still valid and meet the latest guidelines.

https://www.faa.gov/news/press_releases/news_story.cfm?newsId=12237

Implement digital platform for processing data

Consider replacing the manual book-keeping methods with modern digital equivalents, ensuring that all kids receive the right presents and in time. Also consider cloud-based SaaS solutions with solid track record on security.

Ensure that suppliers have adequate protections against cybersecurity threats

Check all contracts with suppliers providing parts for toys and ensure that they have adequate cybersecurity requirements in place. Discuss with vendors and remind them of the importance of Christmas.

With the success story, the Nixu team wishes Happy Holidays and Merry Christmas to everyone!