Shostack + Friends Blog

 

The Architectural Mirror (Threat Model Thursday)

[no description provided] Before and After building

A few weeks ago, I talked about "reflective practice in threat modeling", thinking about how we approach the problems we face, and asking if our approaches are the best we can do. Sometimes it's hard to reflect. It's hard to face the mirror and say 'could I have done that better?' That's human nature.

Sometimes, it can be easier to learn from an analogy, and I'll again go to physical buildings as a source. (I last discussed this in "Architectural Review and Threat Modeling".)

Here, we see 91 units of housing delayed for 3-4 months about the color of the exterior:

A project to create 91 units of microhousing on First Hill will take a second try at getting final sign-off from the board...In June, the board asked that the project return for a second pass citing unhappiness with the choice of cement fiber panel finish to step down at the upper levels of the northern edge of the building and echoing public comment that the color of bricks selected for the building was too dark for the neighborhood’s existing “context.” (Capitol Hill Seattle blog)

Now, Seattle has a very visible crisis of housing and homelessness. These 91 units will likely help 91 people or families get off the street. But...the color of the bricks is wrong, so stay on the streets for an extra few months? I exaggerate for effect and consideration, not of this choice, but to ask for reflection — are there choices imposed by security that make such a tradeoff in your organization?

Are you holding back revenue or customer satisfaction for goals that might wait, or might simply not be as important from an executive standpoint?

And if you have a tracking system for projects, it has to work.

The number of Seattle permit applications completing initial review plummeted 75 percent from April to May, from 266 to 66. Builders say problems with the system are setting their projects back by weeks or months...Soon after launch, the new system repeatedly stalled and permit documents appeared to go missing. Tempers grew so hot that at one point the city called the police on a livid customer... In May, less than 11 percent of medium-complexity projects hit the two-week target. ("Rocky launch of Seattle’s new construction-permit system causes delays, anger.")

Security can be the reason projects are consistently randomized or miss their deadlines, and when it is, other teams work around us, ignore us, or question why they're paying for a security function that doesn't function.

The world is a fine source of opportunities to reflect, if only we take advantage.