What StarTrek Teaches Us About Security

Star Trek ๐Ÿ––๐Ÿป. That is probably where I saw my first computer. Not the new, lens-flared, hyper-paced world of J.J. Abrams; the 1960โ€™s rainbow colored ๐ŸŒˆ world of the, best, captain, in, the, federation. William Shatner played a fine hero. I was totally bought in. To the mission. To the technology. To a world ๐ŸŒŽ that I knew, in my first decade of life, was approaching. The tools of the time, the computers, the scientific instruments, the ship itself, were wielded by the heroes for a heroic outcome. And, when they were operating outside human thought, they proved to be repeated antagonists.

It was about this time when I was able to experience the immense joy of touching a small piece of that future when I met my first PDP-11 ๐Ÿ’ป. Well, a terminal connected to one. And the first bit of text I saw on that computer was, โ€œWhat are your orders captain?โ€ Somebody had run a terminal based Star Trek game on this very expensive computer. The rest of the afternoon disappeared in some imagined explosions ๐Ÿ’ฅ of Romulan warbirds, but mostly the ignominious demise of the Enterprise.

Growing up with computers, I grew up with the increasing dependence the world has on computers. This dependence came with increasing vulnerability. The world of punch cards was hard to hack. When I first learned about viruses ๐Ÿฆ , I was intrigued. Who would want to inflict damage? Why tear down when you can build? How would you go about this? The burgeoning engineer in me felt the challenge.

My first โ€œvirusโ€ replaced the DIR command โŒจ๏ธ, this was back in the days of TRSDOS. The DIR command, which was supposed to print to the screen computer directory ๐Ÿ“‚, now printed a fantastical directory that showed the files on Captain Kirkโ€™s computer. A file on the โ€˜Corbomite Deviceโ€™. A file on โ€˜Star Mapsโ€™. A list of all of โ€˜Newly Assigned Yeoman.โ€™ This was followed by another command replacement that would format the storage device. I was beginning to see the damage that could be done, and this was back when computers were stand alone islands of information.

The ethos of the early internet ๐Ÿ‘จ๐Ÿปโ€๐Ÿ’ป was one of adventure ๐Ÿงœโ€โ™€๏ธ. Nothing was served to you, you needed to go searching. It was before HTTP and URLโ€™s. You were expected to either know where you were going or manually spelunk through files. FTP was around. Usenet acted like a centralized bulletin board service, mostly in the hands of universities ๐Ÿซ. There were also tools like Gopher and Archie that attempted to organize the decentralized information. Data was scattered and unorganized. Information was available for everyone. Telnet provided early command line tools for chatting. Imagine! Chatting with another human, real-time, on a computer. It was not much different than the dots and dashes of Morse code 200 years before. It was glorious.

Email was a little too bourgeoisie for many. It was a time when you needed a local application to access email, and there was both a charge per email and a charge for your time online. But, computers were now becoming connected in large institutions, and the modem was starting to bring that connection into the home. It was clear that a threat was growing, and with it the introduction of software ๐Ÿ’ฟ to fight viruses on local machines โ€“ the Norton Anti-Virus, McAfee. Clearly, we were entering a new phase. The mid-nighties ignited the personal encryption revolution. PGP (Pretty Good Privacy) came along. Then public-private keys ๐Ÿ”‘. This led to digital signatures. And, yet, the world didnโ€™t seem to notice. In 1996, I gave a speech at an engineering conference in New Orleans. I predicted computer clock speeds would soon top 1 GIGA hertz and industrial plants would soon be operated remotely over the internet. Neither of these were believed by my audience ๐Ÿคจ, and why would they, email was just overtaking standard snail mail ๐Ÿ“ญ in volume. It was the dark ages.

It wasnโ€™t long before the whole world was wired together and every large company ๐Ÿฌ was investing heavily in computer infrastructure. It is difficult to imagine companies investing in data centers today, outside of the big providers. Infrastructure is now a service. Platforms are a service. Software is a service. But, with this shift, some have forgotten (or not experienced) that there are still threats, even when you outsource. When we built it ourselves, we seemed to remember security. The physical aspects. The human aspects. The software aspects. Intellectual property is now your competitive advantage. It needs to be secured. Both its readability, via encryption, and its availability by eliminating exploits.

We may not be fighting Klingons yet ๐Ÿ›ธ, but we can learn from Star Trek. As Kirk once said, โ€œeach ship has its own combination code, to prevent an enemy from doing what we are attempting. To order Reliant to lower her shields.โ€ Remember to build your starship, software infrastructure, or computer instance in a way that security is foundational. So, while I am not mischievously working to change the standard floppy drive ๐Ÿ’พ inaccessibility message of โ€œAbort, Retry, or Failโ€ to a more sacred โ€œAdopt, Retry, or Fail,โ€ I am encouraging you to explore the security tool that might just keep your shields up when you need them. If you want to quickly and easily create a custom hardened AWS image, check out www.HardPrime.com ๐Ÿ†