In my movie reviews, I will analyze the realism of the technology and scenarios depicted.
I am frequently asked to comment on how realistic movies like Untraceable, War Games, Die Hard 4 and Firewall are from the computing and, especially, the security perspectives. Clearly, most screenwriters are forced to take liberties, and people want to know what is real and what isn’t.
I admit that Star Trek is a bit of a stretch for this column. Its technology is supposed to exist centuries in the future, so how can I judge it? But you just can’t ignore Star Trek, because the original series was the inspiration for many of today’s computer technologies, and it probably motivated a lot of people to enter the computer industry.
CAUTION: From here on, this review contains spoilers. Throughout the movie, I spotted things that can serve as lessons in computer security.
Start with that Romulan ship from the future. It clearly had technology that was several generations ahead of what the Federation had. Lesson: Time travel aside, computer security professionals are in an arms race. While we are not talking about centuries of advantage in technology, the fact is that security professionals need to keep their tools and systems up to date. One missed patch can render all other security efforts moot.
Early on, James Kirk becomes the only cadet to successfully pass the infamous Kobayashi Maru test at Starfleet Academy. He does so by hacking academy systems to change the test. Lesson: The biggest threat to university computers is the student body. You would like to think that college security would progress by the 23rd century to prevent insider computer attacks. At the very least, there should have been proper access controls to prevent Kirk from accessing the test files.
When the Romulans want the frequencies of Earth’s defenses, they capture Capt. Pike. The Federation should have immediately assumed that everything Pike knew was compromised and changed the frequencies of the defenses. Lesson: This is directly analogous to changing shared access codes and passwords when a person leaves an organization. For example, secure organizations have cryptolocks in their facility, and the codes need to be changed. While I hope that shared passwords are rare, administrator passwords need to be changed immediately on the departure of any person with administrator access.
Kirk and Spock beam aboard the Romulan ship, and the captain isn’t aware of their presence until after everyone in the engine room is dead. Lesson: You should always have an intrusion-detection system in place, as you never know what might happen.
The Enterprise voice-recognition system cannot understand Chekov’s thick Russian accent when he is trying to authenticate himself. Comical, but again, you would have expected better by the 23rd century. Lesson: Take a look at your own authentication systems. In a situation more dire than the one Chekov faced, flawed authentication could result in disaster. And you don’t want a system like the Enterprise’s, which requires you to speak the password in front of everyone.
In the original series, whenever an extra in a red shirt beamed down to a planet with the regular cast members, they were sure to be killed off in a few minutes. In the movie, Kirk, Sulu and a red-shirted guy go on a mission, and guess which one parachutes right into an energy beam. Lesson: Never be the guy in the red shirt. Sadly, many CISOs are that guy in their company. If anything goes wrong, they get the blame, and the CIO and CEO come out unscathed. Look at the track record of a company’s security personnel before you take on the job.
I have a problem with a cadet (Kirk, of course) being promoted directly to captain of the Federation flagship. It is demoralizing to the thousands of Star Fleet officers already serving and looking for their own deserved promotions. Lesson: Sadly, I think many security professionals can empathize with those bypassed Star Fleet officers, since many unqualified people end up in security management positions.
I even see a lesson in the best line of the movie. A Romulan, holding Kirk up by his neck and gloating over his helplessness, asks him what he is trying to say. Kirk’s response: “I have your gun.” Then he shoots him. Lesson: You need to completely stop a computer hacker or other adversary before you begin celebrating.
One more thing that has to be commented on, even without a direct security lesson: Spock getting freaky with Uhura is just wrong, and on so many different levels that it is hard to figure out where to start. From a military perspective, Spock is guilty of improper fraternization and could be court-martialed.
There will be a sequel, as well there should — although I still won’t accept the Spock getting freaky with Uhura thing. Let’s just hope it doesn’t turn into a long episode that tries to be thought-provoking. Personally, I also hope that there is no Picard in the new Trek timeline.