Sizing up security in Star Trek

Note: In my movie reviews, I will analyze the realism of the technology and scenarios depicted. I am frequently asked to comment on how realistic movies like Untraceable, War Games, Die Hard 4 and Firewall are from the computing and, especially, the security perspectives. Clearly, most screenwriters are forced to take liberties, and people want to know what is real and what isn't. What many people don't realize is that I have not just the security chops but also the entertainment background to make these judgments, since I am a National Emmy Awards judge. But I promise that my recommendations will be based entirely on whether or not a movie is good. You will never read a comment like, "See the movie for the cinematography."

OK, I admit that Star Trek is a bit of a stretch for this column. Its technology is supposed to exist centuries in the future, so how can I judge it? But you just can't ignore Star Trek, because the original series was the inspiration for many of today's computer technologies, and it probably motivated a lot of people to enter the computer industry, or at least was one of the few bright spots in their early pathetic lives.

Please don't think I am insulting anyone. Star Trek was one of the few brights spots in my own early pathetic life. How else to explain the degree to which I am upset by the abandonment of basic Star Trek principles? Why, for example, are Klingon names no longer restricted to beginning with the letter "K"? (I mean, Worf? Please!) Why are we now seeing Vulcan males whose names don't begin with "S" and females with "T"? You perhaps never noticed these things, but I actually won a contest long ago because I knew a DJ had to be wrong in insisting that the band T'Pau was named DePow. So, I admit it: I had a pathetic preteen life.

As for this newest incarnation of the Star Trek universe? From a movie perspective, it was great. To give you an idea of how I make that judgment: I was disappointed in how boring the first Star Trek movie was, and with the exception of The Wrath of Khan and Star Trek IV (the whale one), I thought the remaining movies were basically bad or just long TV episodes. The new movie has a couple of weak moments, but it's still a great movie. It keeps the audience engaged, which is the one thing that makes a movie good in my book. There's a nearly perfect balance of action and comedy. Sure, some of the lines are going to seem funnier to you if you're familiar with the original representation of these characters, but you don't need to be a Star Trek fan to like this movie. It was one of those rare movies that I just didn't want to end.

Another salient fact regarding my personal prejudices: I hated Capt. Picard. Capt. Kirk was always cocky and reckless, which gave him his edge. Picard had no edge, being instead cautious and thoughtful. As far as I could tell, the famous "Picard Maneuver" should refer to some method of surrendering the ship at the first sign of trouble. By trying to be thoughtful and demonstrate the power of the mind over body or physical confrontation, Star Trek: The Next Generation and Picard lost what made the show fun and exciting.

But this movie has everything that made the original series great, kicked up a notch or two. Certainly, the edge is back, courtesy of Chris Pine's personification of Kirk and Zachary Quinto's re-creation of Spock. Pine's Kirk doesn't spend a lot of time pondering his motives or attempting negotiations. And Quinto's Spock portrayal is nearly perfect, even though the actor basically plays Spock the same as he plays Sylar on the TV series Heroes. It's surprising how alike psychopathic serial killers and Vulcans are.

CAUTION: From here on, this review contains spoilers. If you haven't seen Star Trek yet, do so now, then come back and read the rest of this review.

First, the makers of this prequel have managed to avoid the need to faithfully follow all the Star Trek lore that has been absorbed by the most fanatic viewers over the years. They do this with the plot device of having the Romulans come back in time. With that event, the timeline becomes corrupted, so that nothing that we know about the world of Star Trek will necessarily come to pass, and even the geekiest Trekkie can't carp over its subsequent absence. That is frankly brilliant.

Throughout the movie, I spotted things that can serve as lessons in computer security.

Start with that Romulan ship from the future. It clearly had technology that was several generations ahead of what the Federation had. Lesson: Time travel aside, computer security professionals are in an arms race. While we are not talking about centuries of advantage in technology, the fact is that security professionals need to keep their tools and systems up to date. One missed patch can render all other security efforts moot.

Early on, James Kirk becomes the only cadet to successfully pass the infamous Kobayashi Maru test at Starfleet Academy. He does so by hacking academy systems to change the test. Lesson: The biggest threat to university computers is the student body. You would like to think that college security would progress by the 23rd century to prevent insider computer attacks. At the very least, there should have been proper access controls to prevent Kirk from accessing the test files.

When the Romulans want the frequencies of Earth's defenses, they capture Capt. Pike. The Federation should have immediately assumed that everything Pike knew was compromised and changed the frequencies of the defenses. Lesson: This is directly analogous to changing shared access codes and passwords when a person leaves an organization. For example, secure organizations have cryptolocks in their facility, and the codes need to be changed. While I hope that shared passwords are rare, administrator passwords need to be changed immediately on the departure of any person with administrator access.

Kirk and Spock beam aboard the Romulan ship, and the captain isn't aware of their presence until after everyone in the engine room is dead. Lesson: You should always have an intrusion-detection system in place, as you never know what might happen.

The Enterprise voice-recognition system cannot understand Chekov's thick Russian accent when he is trying to authenticate himself. Comical, but again, you would have expected better by the 23rd century. Lesson: Take a look at your own authentication systems. In a situation more dire than the one Chekov faced, flawed authentication could result in disaster. And you don't want a system like the Enterprise's, which requires you to speak the password in front of everyone.

In the original series, whenever an extra in a red shirt beamed down to a planet with the regular cast members, they were sure to be killed off in a few minutes. In the movie, Kirk, Sulu and a red-shirted guy go on a mission, and guess which one parachutes right into an energy beam. Lesson: Never be the guy in the red shirt. Sadly, many CISOs are that guy in their company. If anything goes wrong, they get the blame, and the CIO and CEO come out unscathed. Look at the track record of a company's security personnel before you take on the job.

I have a problem with a cadet (Kirk, of course) being promoted directly to captain of the Federation flagship. It is demoralizing to the thousands of Star Fleet officers already serving and looking for their own deserved promotions. Lesson: Sadly, I think many security professionals can empathize with those bypassed Star Fleet officers, since many unqualified people end up in security management positions.

I even see a lesson in the best line of the movie. A Romulan, holding Kirk up by his neck and gloating over his helplessness, asks him what he is trying to say. Kirk's response: "I have your gun." Then he shoots him. Lesson: You need to completely stop a computer hacker or other adversary before you begin celebrating.

One more thing that has to be commented on, even without a direct security lesson: Spock getting freaky with Uhura is just wrong, and on so many different levels that it is hard to figure out where to start. From a military perspective, Spock is guilty of improper fraternization and could be court-martialed. Then, in defiance of logic, Spock gives in to Uhura's pleading and reverses his decision to assign her to another ship and so avoid the impression of favoritism. Of course, there's also basic Vulcan physiology, which the half-human Spock always adhered to -- specifically, Amok Time, which is the Vulcan seven-year mating cycle.

But Star Trek is, after all, a movie, and a great movie at that. It definitely has revived the franchise. There will be a sequel, as well there should -- although I still won't accept the Spock getting freaky with Uhura thing. Let's just hope it doesn't turn into a long episode that tries to be thought-provoking. Personally, I also hope that there is no Picard in the new Trek timeline.

Ira Winkler is president of Internet Security Advisors Group and author of the book Spies Among Us. He can be contacted through his Web site,


Copyright © 2009 IDG Communications, Inc.

It’s time to break the ChatGPT habit
Shop Tech Products at Amazon