The incident at Nakatomi Plaza - and what it means for data security
Over Christmas, Rob Tiffany shared this breaking news. Fans of the original Die Hard movie (94% on Rotten Tomatoes!) know what’s going on.
I often use Nakatomi Plaza as a metaphor when talking about data security and governance. The original idea is not mine. Geoff Manaugh discussed it years ago on his architecture blog BLDGBLOG. He described Nakatomi Space …
McClane explores the tower—called Nakatomi Plaza—via elevator shafts and air ducts, crashing through windows from the outside-in and shooting open the locks of rooftop doorways. If there is not a corridor, he makes one; if there is not an opening, there will be soon.
Over the course of the film, McClane blows up whole sections of the building; he stops elevators between floors; and he otherwise explores the internal spaces of Nakatomi Plaza in acts of virtuoso navigation that were neither imagined nor physically planned for by the architects.
This has always seemed to me an appropriate metaphor for the ways in which unconventional users navigate enterprise data architectures.
These users could be malicious - hackers or disgruntled staff. (These are often called bad actors in the security business. I will resist the pun. You may not.) Often, however, they are well-intentioned users simply trying to get their job done, but having to work they around restrictive controls.
One client had a shared folder named Cappuccino, where CSV files were stored for data analysis. Why the weird name? Because I don’t have access to the ERP directly, so every time the admin creates an export for me I am reminded to buy her a cappuccino. At another client, business analysts used screenshots and OCR tools to get data from PDF files which they felt were essential to their tasks. They were navigating a kind of Nakatomi Space in the enterprise enterprise.
Well-intentioned users find these spaces as workarounds. Malicious users seek them out. I saw a particularly egregious hack at an e-commerce site where the entry to the system was via the rarely-used and untested Close Account screen. Who would have thought of looking there? John McClane would have found it.
I disagree with one thing in Manaugh’s original and insightful article. He says that both the terrorists and the SWAT team use unconventional approaches to the building. That’s only partially true: their approaches may be non-standard but they are informed by a very conventional understanding of the building, because they have the plans. MacClane neither knows nor cares about the architecture. The freedom that ignorance gives him makes him much more dangerous.
What can we do? And what about Argyle?
How can we protect against Nakatomi Space attacks? How do we design an architecture to be secure against people who don’t care about architecture?
Penetration testing is an important part of any organization’s security strategy. But ironically, in a laudable effort to make this approach more thorough and complete, it has too often been standardised into a methodology. That methodology becomes, in effect, another component of the architecture. We can’t defend against the unconventional with conventions.
Red teams may be more effective for our scenario. They simulate real-world attacks on an organization’s systems, using the same tactics, techniques, and procedures (TTPs) as a malicious actor would. The goal is to test defenses and identify any vulnerabilities or weaknesses. Red teams will use a variety of methods such as phishing emails, social engineering, physical security testing, and also network penetration tests. Note the human element here, not just the technicalities.
In the end, Nakatomi Plaza was a triumph of the unconventional over the highly organised. And don’t forget Argyle. Even drivers have a role to play.