The threat model is one of the most basic tools IT professionals use to analyze security incidents and scenarios. It is the first stop along the security path where potential hazards can be identified and quantified.

Threat models involve judgments about which threats are important to a particular situation. An automated tool that simply lists any potential problem without assigning a probability to it is useless to the overall process. It’s like having to read through a log file in its entirety to find one anomalous event that indicates a breach.

Security analysts need a way to focus on what is relevant to the problem at hand. A threat model can point out all possible scenarios, but it also needs to focus attention on the most important factors in a security context. That focus arises from a judgment call regarding the entire security fabric.

The Threat Model Is a Judgment Call

The environment plays a significant role in the threat modeling process. If the threat model is based on the understanding that a system will be operating with certain parameters, changing those parameters usually causes unintended consequences. Second-order effects come along with any change in an assumed environment.

Threat modeling will always involve judgment. It’s how we create the needed focus, allow for the atypical situation and plan for it. But judgment calls need to be evaluated against data from the field to ensure that they are both correct and relevant.

Looking at the assumed environment of a deployed project versus current realities can help IT managers decide what needs to be reviewed and how soon the items need to be changed. Reviews also help sniff out any second-order effects from environmental change, or perhaps even stop them in their tracks.

That’s what happened in 2016 — the environment changed. Today, cybercriminals primarily use ransomware and Trojans instead of poisoned email attachments to advance their malicious goals. There are more internet-connected devices than ever controlling mundane but necessary industrial things. Cybercriminals can hijack something as simple as your home thermostat or security camera to take down an entire country’s internet service. These days, things are working together in funny ways.

A Game of Phone Tag

An edition of “60 Minutes” described how German researchers were able to connect to a U.S. congressman’s phone by hijacking the telephone switching system. Although he vowed to hold congressional hearings on the matter, he eventually realized that security standards had changed since the telephone system was installed. The threat model at the time assumed that if you could connect, you were cleared from a security standpoint. The connections to the switching network were deemed outside the sphere of influence.

In threat model parlance, the switching network had a dashed trust boundary around its perimeter. Things functioned at the same privilege level within that dashed line box, but anything outside it was beyond the ken.

Obviously, the designers had totally different assumptions about networks and how they functioned at that time. What the congressman experienced was not a vulnerability in the telephone network, but a design decision made for that network that affected security.

Blowing the Whistle on SS7

Signaling System 7 (SS7) was designed to keep the control frequencies of the telephone switch from being carried along with the data. Computer programmer John Draper figured out that he could take control of a telephone line by blowing a whistle that he found in a cereal box at 2600 Hz because the existing switching system worked that way.

Once the line was commandeered, the voice data could be redirected to a new destination without tripping any billing notifications. The billing mechanism came when the “local” call was initially placed. This meant that a local call could be turned into a long-distance call while still being billed as local.

The threat model used for SS7 ensured that the switching control channels were not present along with the voice data. That model became obsolete as time went on and network connection methods changed. This obsolescence can be the fate of any extant threat model, which eventually may not reflect the realities of a current situation and who the threat actors truly are.

2017: The Year of Metadata

The threat models of 2017 will bring metadata into sharper focus. Many routine computer connections can generate a lot of metadata that is then sent in the clear and easily harvestable by those who can listen.

Let’s say that, for some reason, you’re utilizing clientside certificates. It may even aim to enhance security, but client certificates are exchanged before the Transport Layer Security (TLS) connection becomes encrypted. If it’s a server-to-server connection, it may be acceptable. But it won’t work for normal clients because the metadata is so easily traceable, and only recently has its full potential entered into security decisions. That changed the threat model for these environments.

The new threat models of 2017 will need to be flexible. Otherwise, they run the risk of not representing the right threats.

More from Data Protection

Data Privacy: How the Growing Field of Regulations Impacts Businesses

The proposed rules over artificial intelligence (AI) in the European Union (EU) are a harbinger of things to come. Data privacy laws are becoming more complex and growing in number and relevance. So, businesses that seek to become — and stay — compliant must find a solution that can do more than just respond to current challenges. Take a look at upcoming trends when it comes to data privacy regulations and how to follow them. Today's AI Solutions On April…

Defensive Driving: The Need for EV Cybersecurity Roadmaps

As the U.S. looks to bolster electric vehicle (EV) adoption, a new challenge is on the horizon: cybersecurity. Given the interconnected nature of these vehicles and their reliance on local power grids, they’re not just an alternative option for getting from Point A to Point B. They also offer a new path for network compromise that could put drivers, companies and infrastructure at risk. To help address this issue, the Office of the National Cyber Director (ONCD) recently hosted a…

Why Quantum Computing Capabilities Are Creating Security Vulnerabilities Today

Quantum computing capabilities are already impacting your organization. While data encryption and operational disruption have long troubled Chief Information Security Officers (CISOs), the threat posed by emerging quantum computing capabilities is far more profound and immediate. Indeed, quantum computing poses an existential risk to the classical encryption protocols that enable virtually all digital transactions. Over the next several years, widespread data encryption mechanisms, such as public-key cryptography (PKC), could become vulnerable. Any classically encrypted communication could be wiretapped and is…

How the CCPA is Shaping Other State’s Data Privacy

Privacy laws are nothing new when it comes to modern-day business. However, since the global digitization of data and the sharing economy took off, companies have struggled to keep up with an ever-changing legal landscape while still fulfilling their obligations to protect user data. The challenge is that there is no one-size-fits-all solution regarding data privacy's legal requirements. Depending on the location and jurisdiction, data privacy laws can vary significantly in terms of scope and enforcement. But while the laws…