Skip to main content

Your submission was sent successfully! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates from Canonical and upcoming events where you can meet our team.Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

  1. Blog
  2. Article

joemcmanus
on 10 March 2020

On boxing, tabletop exercises and threat models


‘Everybody has a plan until they get hit. Then, like a rat, they stop in fear and freeze.’ Mike Tyson

At Canonical we have recently performed a series of cyber tabletop exercises (TTX). A TTX is an information security preparedness drill where a cyber incident scenario is played out to improve your tactics, techniques and procedures (TTPs).  When performing a TTX it is important to use the same amount of staff and effort as though a real incident were occuring. This helps to uncover deficiencies in your TTPs and address those issues before a real event occurs. Being as efficient as possible is critical during incident response because as time passes data that can help determine root cause is lost and the attacker may still be causing harm to the environment. 

This past month we performed two TTXs with different groups within Canonical. This type of exercise requires support from the top down, you will be interrupting work for up to a day and it is imperative that the management of each team is behind this effort. At Canonical security is in our DNA and this exercise was performed with full support of everyone within the company. 

When performing a TTX it is important to not only include your engineering teams but also include representatives from each organizational unit; support, web, marketing, etc. For our TTX we measure our success by tracking time from the malicious act, detection, reaction, internal communication, external communication and remediation. Each subsequent TTX should be more efficient than the previous.

To aid in construction of our TTX scenarios the Ubuntu Security team produces threat models of our products and services. By performing a threat model we can identify weaknesses, work with the engineering product owners to prioritize fixes and use the threat model to create realistic TTX events.  We use the STRIDE methodology for threat modelling, which breaks threats in to 6 categories:

  • Spoofing
  • Tampering
  • Repudiation
  • Information disclosure
  • Denial of service
  • Elevation of privilege

Cyber incidents can happen, it is imperative that part of your overall security plan not only include preventative measures but also include reactive plans. As Ben Franklin is often credited with saying “ if you fail to plan, you are planning to fail”.  How we react to an incident is as important as how we strive to prevent them. By exercising your cyber response plans you will be better prepared if a hack happens. If you have any questions about setting up your own threat models or table top exercise just let us know – @ubuntu_sec on twitter.

Related posts


Felipe Vanni
13 November 2024

Join Canonical in Paris at Dell Technologies Forum

AI Article

Canonical is thrilled to be joining forces with Dell Technologies at the upcoming Dell Technologies Forum – Paris, taking place on 19 November. This premier event brings together industry leaders and technology enthusiasts to explore the latest advancements and solutions shaping the digital landscape. Register to Dell Technologies Forum – ...


Serdar Vural
12 November 2024

Bringing automation to open source 5G software at Ubuntu Summit 2024

5G Article

In today’s massive private mobile network (PMN) market, one of the most common approaches to PMN software and infrastructure are proprietary private business solutions. However, as our recent demonstrations at the October 2024 Ubuntu Summit in the Hague showed, open source software with enterprise-grade support is a cost-effective alterna ...


Amir Abdel Baki
7 November 2024

Life at Canonical: Freyja Cooper’s perspective as a new joiner in Communications

Ubuntu Article

Canonical has developed a unique onboarding process that enables new hires to quickly settle and establish themselves in our globally distributed environment. In this series, we interview team members who joined the company within the last year to ask them about their experience so far. In an earlier article, we heard from Amy Song, a ...