Cybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know.
Santa and the Zero-Trust Model: A Christmas Story
How would the world's most generous elf operate in a world of zero-trust security? A group of cybersecurity experts lets us know.
December 23, 2019
Figure 1: (image by olly, via Adobe Stock)
On Christmas Eve, snow will fall, Yule logs will blaze, visions of sugarplums will dance in children's heads, and in the eyes of zero-trust experts, countless security breaches will happen in homes around the world.
Zero-trust security has blanketed IT like the snow Bing Crosby sang about. Based on the idea of maintaining strict access controls and not trusting anyone or any component by default — even those already inside the network perimeter — zero trust seeks to prevent intrusion wherever possible and minimize the damage from intrusions that do occur.
Each Christmas Eve, though, a party we've never met and know only by reputation enters our homes and leaves packages. The question Dark Reading put to security experts is whether this "Santa Claus" can be made compliant with the requirements of zero-trust security — or whether modern security might mean the end of children's dreams.
"For far too many years, we’ve given carte blanche to Santa Claus to ignore basic security best practices —— not to mention safety issues bringing potential carcinogens with him down the chimney," says Willy Leichter, vice president at Virsec. "Simply saying we 'trust' the big guy is dangerous and naïve."
"Santa's visit has been invited, typically, by one of the junior members of the household. This junior staffer is likely to have also given Santa a list of items that can be used to bribe his way through security," points out Kevin Sheu, vice president of product marketing at Vectra.
This reality makes it likely, experts say, that Santa Claus will be able to make his way through the outer perimeter, so the focus shifts to minimizing potential damage. How might that work when it comes to the jolly, ol' elf?
Background Basics
"First and foremost, Santa needs a background check before we go any further," says Tyler Reguly, manager of security research and development at Tripwire. "I want to know everything about where this magical elf that makes it around the globe in 24 hours has been. I want to know everything about him."
Getting deep background on a possibly imaginary individual isn't enough of a challenge. The required knowledge doesn't stop with Santa, himself. Reguly points out that Santa seems to have an extensive supply chain, and that the supply chain and support staff should come under scrutiny, as well. That means Mrs. Claus, the sly Elf on the Shelf, and the elves at the North Pole manufacturing and shipping facility must be accounted for.
When it comes to Santa authentication, Sheu points out that the zero trust's evolution means a simple one-time event might not be enough. Instead, he points out, it's about the one-time decision and then long-term follow-up to make sure that the authorization is still appropriate. After all, the Santa authenticated at the North Pole might or might not be the Santa who shows up on our roof — and not everyone is willing to outsource the interim security to NORAD's Santa Tracker.
Santa Supply Chain
Other experts brought up the fact that Santa himself is only the most visible end of a very long supply chain. "Do we know that Santa has effectively assessed the reliability of his elves and of the production process?" asks Bob Maley, CSO of NormShield. "Have the reindeer been trained to land on the roof safely?"
Maley suggests that the level of supply chain verification can be subject to consideration of just how critical the risk is, and points out that, historically, the risk of Santa-inflicted damage is low. Still, that doesn't mean Santa should necessarily be given free rein within the household.
"There's got to be some clear communication of who's arriving and an announcement of who he is, with confirmation that he is who he says he is before he even lands," says Reguly. "And then, assuming you have a chimney, I think the next step, of course, has to be authentication at the chimney."
(Continued on next page: Segmentation, and about those gifts...)
A Segmented Home
Given the importance of the pre-entry authentication, Tripwire's Reguly says processes must be in place to prevent unauthorized intruders from tailgating Santa down the chimney. And once the big man is inside, the security issues are not laid to rest.
"You have to watch internal lateral movements, so it's privileged access to a specific area. It's not really easy access to the entire house," Vectra's Sheu says. "You know, the key is keeping Santa Claus within a specified radius of the designated gift reception area."
The goal then being is to corral Santa to the tree, the stocking-hanging center, and wherever the cookie-and-milk bribe has been left. And to ensure compliance, Reguly suggests a comprehensive logging regimen taking into account every internal stop Santa makes, along with the activity at each.
Virsec's Leichter takes a comprehensive view of a solution, with better real-time monitoring and forensics of what Santa actually does.
"While some believe he comes and goes too quickly to track — realistically, delivering to billions of households only leaves micro-seconds per visit — more advanced security technology can deliver this kind of split-second detection, threat analysis, and, if required, automatic protection actions — closing the chimney flue before to prevent him from escaping after misdeeds," Leichter says. "This may sound harsh, but mythical figures who have nothing to hide should not object to visibility and accountability.
"If we don’t enforce zero-trust consistently, good luck cleaning up after the Easter Bunny," he adds.
About Those Gifts
Kiersten Todt, managing director of the Cyber Readiness Institute, points out that the gifts themselves carry risk, especially if they're wrapped — a physical form of encryption that hides the true contents of the package. Sheu says some would suggest an authorized man-in-the-middle attack — unwrapping, verifying, and rewrapping each gift — but he says that technology has provided us with a better approach.
"If you give Santa a public key and you have a private key, he can insert the public key at the time of wrapping, and you can validate it," he says. And keeping track of all the certificates for all the gifts delivered around the world on Christmas Eve? The perfect application, Sheu says, for the distributed ledger of a blockchain.
Naughty and Nice
Once experts began looking at Santa from a zero-trust perspective, every aspect of his "operation" came under scrutiny. One of those aspects is the naughty and nice list (checked twice!) that forms the basis of the delivery schedule.
"Who created that naughty or nice list? Did the parents create it or did some 4-year-old create it and hand it off to Santa Claus?" Sheu asks. In order to make sure that the critical list has been created and stored properly, he says, "you would you need to verify the validity with a blockchain."
Further, if this naughty-and-nice list were to be exposed in a data breach, the impacts would be far-reaching.
Todt imagines that an up-to-date list might be stored on Santa's smartphone, which leads to a whole new level of security concern. "There is technology that exists that encrypts not just messaging but video, phone, etc., and that's where we have to go," Todt says. "It's also about mobile security."
She continues, "You can no longer absolve yourself of responsibility in the tech space if you're using a phone to do anything. If Santa isn't taking the appropriate precautions, then yes, that would be an issue."
The Risk Profile
Ultimately, experts agreed that Santa's visit could be conducted under a zero-trust model, but said that a risk assessment would be appropriate before investing in the process.
As with any new security scheme, moving to zero trust for Santa should start with a risk assessment. NormShield's Maley says that despite the myriad attack possibilities, existing data shows that the probability of Santa committing theft is virtually nonexistent. So is the risk truly high enough to merit the investment?
If zero trust is enacted, says Maley, we may also need to "tell our kids that, well, Santa is not coming to our house. That's an example of, well, I think we have gone overboard with zero trust, perhaps."
Maley defines "overboard" in stark terms. "And the pain is real because if we tell our kids Santa is not coming ... I wouldn't want to be in that house," he says.
Related Content:
Video: Santa Gets Hacked! (from Twist and Shout)
About the Author
You May Also Like