Editor’s be aware: This text incorporates plot spoilers.
Society’s understanding of expertise and cybersecurity typically is predicated on easy stereotypes and sensational portrayals within the leisure media. I’ve written about how sure situations are entertaining however deceptive. Consider black-clad teenage hackers prowling megacities difficult company villains. Or consider counterintelligence specialists repositioning a satellite tv for pc from the again of a surveillance van by way of a cellphone name.
However generally Hollywood will get it proper by depicting actuality in ways in which each entertain and educate. And that’s vital, as a result of whether or not it’s a big firm, authorities or your private data, all of us share most of the identical cybersecurity threats and vulnerabilities. As a former cybersecurity business practitioner and present cybersecurity researcher, I consider the ultimate season of “Star Trek: Picard” is the newest instance of leisure media offering helpful classes about cybersecurity and the character of the fashionable world.
So how does “Star Trek: Picard” relate to cybersecurity?
The character of the menace
The present’s protagonist is Jean-Luc Picard, a retired Starfleet admiral who commanded the starship Enterprise-D in a earlier sequence. Starfleet is the navy wing of the United Federation of Planets, of which Earth is a member. In Season 3, the ultimate season, Picard’s final enemy, the Borg, returns to strive conquering humanity once more. The Borg is a cybernetic collective of half-human, half-machine “drones” led by a cyborg queen.
The Borg has partnered with different villains and labored for over a decade to deploy hidden brokers in a position to compromise the DNA knowledge contained within the software program underpinning the transporter – a teleportation gadget used usually by Starfleet personnel. Over a few years, a sure subgroup of Starfleet personnel had their DNA altered through the use of the transporter.
Thus, in launching their ultimate assault, the Borg is ready to immediately activate 1000’s of “drones” to do its bidding within the type of altered, compromised Starfleet personnel. As Geordi La Forge, the Enterprise-D’s engineer, notes, “They’ve been assimilating the complete fleet this complete time, with out anybody ever realizing it.”
As a substitute of malicious software program taking on computer systems, the plot entails malicious genetic code taking on people.
The Borg’s extended, stealthy infiltration of the federation is indicative of how as we speak’s handiest cyberattackers work. Whereas it’s comparatively straightforward to detect when hackers try and breach a system from the skin, consultants fear in regards to the results of an enemy infiltrating essential methods from inside. Attackers can put malicious code in software program throughout manufacturing or in software program updates, each of that are avenues of assault that don’t arouse suspicion till the compromised methods are activated or focused.
This underscores the significance of guaranteeing the safety and integrity of digital provide chains from product growth on the vendor by way of product deployment at shopper websites to make sure no silent “drones,” corresponding to malware, are ready to be activated by an adversary.
Equally vital, “Star Trek: Picard” presents the very actual and insidious nature of the insider menace confronted by as we speak’s organizations. Whereas not contaminated with a cybernetic virus, just lately arrested Massachusetts Air Nationwide Guard airman Jack Teixeira exhibits the harm that may happen when a trusted worker has malicious intent or turns into co-opted and inflicts important harm on an employer.
In some instances, these compromised or malicious people can stay undiscovered for years. And a few world adversaries of the U.S., corresponding to China and Russia, are identified for taking a long-term perspective in relation to planning and conducting espionage actions – or cyberattacks.
People stay the weakest hyperlink
“Synchronistic expertise that permits each ship in Starfleet to function as one. An impenetrable armada. Unity and protection. The final word safeguard.”
With these phrases, humanity’s navy defenders activated a characteristic that linked each Starfleet vessel collectively underneath one unified automated command system. Whereas supposed to function an emergency functionality, this method – known as Fleet Formation – was rapidly hijacked by the Borg as a part of its assault on Earth. In essence, Starfleet created a Borg-like protection system that the Borg itself used to assault the federation.
Right here, probably the most well-intentioned plans for safety have been thwarted by enemies who used humanity’s personal applied sciences towards them. In the true world, capabilities corresponding to on-demand real-time software program updates, ChatGPT and centrally administered methods sound engaging and supply conveniences, price financial savings or new capabilities. Nonetheless, the lesson right here is that organizations mustn’t put them into widespread use with out rigorously contemplating as most of the potential dangers or vulnerabilities as sensible.
However even then, expertise alone can’t defend people from ourselves – in any case, it’s individuals who develop, design, choose, administer and use expertise, which suggests human flaws are current in these methods, too. Such failings regularly result in a stream of high-profile cybersecurity incidents.
Resiliency is just not futile
To counter the Borg’s ultimate assault on Earth, Picard’s crew borrows its previous starship, Enterprise-D, from a fleet museum. The rationale is that its ship is the one main fight vessel not linked to the Borg collective by way of Starfleet’s compromised Fleet Formation protocol and due to this fact is ready to function independently through the disaster. As La Forge notes, “One thing older, analog. Offline from the others.”
When a community has been compromised, it’s vital to have the ability to use methods that aren’t linked to the community.
From a cybersecurity perspective, guaranteeing the supply of knowledge sources is without doubt one of the business’s guiding ideas. Right here, the Enterprise-D represents defenders in response to a cyber incident utilizing property which might be exterior of an adversary’s attain. Maybe extra vital, the vessel symbolizes the necessity to think twice earlier than embracing a very networked computing setting or counting on any single firm or supplier of companies and connectivity for every day operations.
From pure disasters to cyberattack, what’s your plan in case your IT setting turns into corrupted or inaccessible? Can your group keep operational and nonetheless present mandatory companies? For essential public messaging, do governments and firms have their very own uncorruptible Enterprise-D capabilities to fall again on, such because the fediverse, the decentralized microblogging platform that’s resistant to the impulsive manipulations of Twitter’s possession?
Put together for the unknown
The “Star Trek” universe explores the unknown in each the universe and up to date society. How the crews take care of these experiences depends on their coaching, the appreciation of broad views and talent to plan revolutionary options to the disaster of the week. Usually, such options are derived from characters’ pursuits in music, portray, archaeology, historical past, sports activities and different nontechnical areas of research, recreation or experience.
Equally, as trendy digital defenders, to efficiently confront our personal cyber unknowns we want a broad appreciation of issues past simply cybersecurity and expertise. It’s one factor to know at a technical stage how a cyberattack happens and the way to reply. However it’s one other factor to know the broader, maybe extra systemic, nuanced, organizational or worldwide elements that could be causes or options, too.
Classes from literature, historical past, psychology, philosophy, regulation, administration and different nontechnical disciplines can inform how organizations plan for and reply to cybersecurity challenges of every type. Balancing stable technical information with foundations within the liberal arts and humanities permits individuals to adapt comfortably to consistently evolving applied sciences and shifting threats.
Dystopic metaphors in fiction typically mirror present social considerations, and the “Star Trek” universe is not any completely different. Though rooted in a science fiction fantasy, “Star Trek: Picard” gives some correct, sensible and comprehensible cybersecurity reminders for as we speak.
Season 3, particularly, presents viewers each leisure and schooling – certainly, one of the best of each worlds.
Richard Forno has acquired analysis funding associated to cybersecurity from the Nationwide Science Basis (NSF) and the Division of Protection (DOD) throughout his tutorial profession.
