A Threat Intelligence Thought Exercise

I was at dinner on Tuesday with 6 security professionals and I proposed this hypothetical situation and I thought it was worth writing up and sharing.

Background:

  • Six identical safes with $1,000,000 inside are being built into the side of a public building and are being randomly assigned to everyone at the dinner.
  • At the end of 90 days any money left in your safe is yours.
  • You will be given a live video feed of your safe.
  • There is an advanced and persistent team of safe crackers trying to crack all six safes.
  • You are loaned $100,000 to spend on security for your safe that must be repaid when  the project is over.
  • Everyone at the dinner is your friend.

Threat Intelligence Questions:

  • While doing video monitoring you notice that you see activity that you think is coming from the safecrackers every Monday night from 2100 to 2200.
    • Do you tell the other safe owners?
  • While looking at your safe you try the passcode 8675309 because the song is stuck in your head and find it is an unknown one time backdoor.
    • Do you tell the other  safe owners?
  • You are approached by 2 other safe owners who would like to form an alliance with where you will share all information you have on threats and at the end of the 90 days you split any remaining money evenly.
    • Do you join the alliance?
  • Does sharing what you know with the other safe owners make you more or less secure? 
  • Does joining the alliance  make you more or less secure? 
  • If 4 people are in the  alliance does that make you more or less secure? 

Bonus Traditional Security Questions:

  • A physical security firm will place an unarmed but well meaning guard in front of your safe from 0700 to 1900 every day for the 90 days. The cost is $40,000.
  • A monitoring firm will monitor the video feed of your safe for the 90 days and send you a text message if something looks wrong. The cost is $40,000.
  • A famous ex-hacker will spend two weeks trying to break into your safe and another week writing a report you will only kind of read. The cost is $60,000.
  • A company has a team of 100 less skilled but trust worthy safecrackers who they can have try to break into your safe. They will run the program for you, pay a reward to anyone who successfully cracks your safe and tell you exactly how the did it. The cost is $60,000.
    • How do you spend your money?
  • On day 30 you are told only one safe has been successfully broken into.   You have not spent any of your money.
    • Do you buy anything now? 
  • On day 60 you are told only one safe has been successfully broken into.   You have not spent any of your money.
    • Do you buy anything now? 

I think there are a bunch more questions I could ask but I think this is a great thought exercise to think through and discuss.

If you have any thoughts you can share them with me on twitter @jgamblin. I just do not have the patience to moderate blog comments.

Here is a picture of a safe so my links look better when I share this:

Site Footer