What Star Trek Predicts About The Future of Information Security

Friday, September 18, 2009

I had a funny thought while talking with some folks from Intel about what the future state of of information security would look like and how that relates to what our favorite nerdy show, Star Trek, has to say on the topic. This is meant to be a funny post, but there may be some truth buried in here somewhere too. Without further ado:

Physical security will always be a problem: How many times have we seen people open up random access panels on the Enterprise and start pulling out chips when something goes awry or just start swapping them out right and left? Crawling through tubes to get past obstacles and the like… all point to the fact that even the most sophisticated military war machine of the future won’t stop some teen aged acting ensign in engineering from taking over control of the whole ship in about 35 seconds.

Organizations will focus on secure transport and network security and will still ignore drive encryption and the insider threat: I don’t really recall any times where enemies were able to intercept any meaningful communications between the Enterprise and other federation ships. That must mean they are using TLS16/SSL34.0 in the future, which is good, but for some reason any schmuck diplomat from some third world (pun intended) alien race can get any information out of the computer he wants without ever even supplying a password!

PCI doesn’t stop hackers, now or ever: They don’t use money in the future. Probably because consumers are so sick of having their credit cards stolen is my guess. I’m also guessing based on how many holes still exist; SQL injection still exists even hundreds of years in the future. So currency, and therefore the payment industry had to go. Even Quark trades in gold-pressed latinum - you don’t see the Ferengi taking plastic.

Biba and Bell La-Padula security models will always be a good idea, but will still never be properly implemented: Seriously, the federation is pretty lax in their whole openness. I mean, should you really let people on your ship, carrying weapons, with no or minimal escort and allow them to use your computers, write to them, copy information off of them and so on? Balancing the prime directive and giving some industrial revolution era alien species access to a computer with the engine schematics to the warp core of the most advanced war ship in the fleet sorta seems a little out of whack. Maybe that’s what they get for not having money in the future - no one’s worried about losing their job.

The singularity is a non-event and will end up being a wash for security: I mean, Data is pretty cool, but he is really more than a oddity in the show. Sure, he’s saved the Enterprise a number of times, but he’s also pretty darned hackable in the future too. He’s been compromised more than most of the other people on the show combined. This is not a good outlook. Why they didn’t bother to root-kit him, I’ll never know. But if Data is the tipping point of a potential Skynet, I’m not too worried - he plays violin and he owns a cat.

Individuals will almost completely give up on the idea of protecting their privacy: Everyone on the Enterprise is pretty happy with the idea of carrying around RFID chips on their badges all the time, even when they’re off duty and getting some R&R and T&A on Risa.

Organizations will always ignore single points of failure, even after it bites them in the ass: I can’t even tell you how many times the Enterprise has managed to damage the one and only di-lithium crystal that they have on the whole ship. They know they can’t whip up a new one with the replicators but they still don’t carry even one spare. Then they end up being stranded or having to use the sensor array to catch radiation from some exploding sun or some other retarded plan that always manages to work out exactly perfectly, but always necessitates near death experiences in the process. Why, for all that’s holy, wouldn’t you just bite the bullet and pay to have two on board? Yes, I’m talking to you, Jean Luke and you too Mr. CISO.

The iterative development model will be proven bad for security and quality exactly 1,000,000 times but will still be used in production anyway: How many times have we seen engineering making changes to the warp core while they are 200 light years from any star base or any other craft for that matter? And how many times has that gone smoothly again? No, it’s a bad idea now, and it will always be a bad idea. But then again, maybe you shouldn’t worry so much about keeping your data and integrity intact… it always manages to get fixed in an hour or so anyway, right?

Biometrics will always be used as a backup to password authentication - but both still suck: Sure, voice print recognition has been used a few times, as has hand scanners and even an iris check a few times. But the vast majority of times someone has entered in a password on the show (which incidentally is almost never - giving you an idea about how lax security will be in the future) it has been by saying it out loud. Hackers must be pretty un-inventive in the future because I’m guessing digital voice recorders are pretty easy to get your hands on.

Virtualization security is an oxymoron - even in the distant future: I mean, really, how many times has the whole damned ship been taken over by some overzealous holodeck character? Whoever wrote the holodeck hypervisor really needs to be put in a room with Warf for a few hours so he can explain with his batleth what the need for true physical and logical isolation is. Why some Sherlock Holmes character should have access to main memory, I’ll never know. Too bad we aren’t smart enough in the distant future to think about hardware isolation instead of relying exclusively on dangerously faulty software.

And with that, I’ll let you go back to your regular scheduled programming.

Original Source:
Possibly Related Articles:
Vulnerabilities Webappsec->General
Post Rating I Like this!
Lance Miller This is a great read.
Todd Zebert What fun.