Not the Droids You Were Looking For: A Study of Human and Cyber Vulnerabilities

Posted: March 5, 2015 by jonjeckell in Uncategorized
Tags:

Both Star Wars and Star Trek featured people with the ability to hack the human psyche. Star Trek featured many kinds of psychological manipulation, most famously with the Vulcan mind meld. Both the Jedi and Sith in Star Wars are able to manipulate and control others from a considerable distance, though we see little evidence of any other method of mind control.

Meanwhile, living beings in both the Star Wars and Star Trek universes also rely heavily upon advanced computer systems and autonomous robots in their endeavors, and their tasks would seem impossible without them. So it would seem ships and defense systems would be highly vulnerable to electronic warfare (EW) and cyber-attacks and that human vulnerabilities would be very minor given the diversity of alien cultures and biological makeups both environments exhibit.

Force users (the Jedi and the Sith) have a telepathic power that is nearly universally effective against all species and works across great distances. While Jedi and Sith contend with a far more diverse biological and psychological panorama of species than Starfleet, these species have been in contact with each other for thousands of years and have mutually intelligible languages without the aid of computer translation. The Force is allegedly a universal phenomenon that affects and permeates everything.

R2_TCG_by_Foti

Figure 1: R2D2, tappin’ that.

All combatants extensively used electronic warfare and various forms of cyber attacks. The Empire used malicious software to cripple the hyperdrive on the Millennium Falcon in The Empire Strikes Back, R2D2 routinely gained unauthorized access to many computer systems throughout his career to obtain valuable information, and gain control of critical systems for the Old Republic and the Rebellion. Unknown agents surreptitiously deleted information from the Jedi Archives about the existence of the location of a secret cloning facility. Both the Rebels and the Empire also extensively used electronic warfare to jam or spoof sensors and communications, most famously during the blockade at Naboo and at the climactic Battle of Endor.

admiral_ackbar_says_its_a_trap-590x280

Yet most of the time the damage was limited because of the manpower intensive, seat-of-the-pants manual control exerted by crews. Computers seem to be relegated to a background role in Star Wars, with manual control by humans as the norm. Certainly they still serve some important functions, like controlling hyperdrives, storing information, restricting access, and automating maintenance functions, but most functions seem to be run manually by a human. Although computers and droids play an important role, crews predominantly fight by looking out the window.

Meanwhile, on the bridge of the Super Star Destroyer Executor...

Figure 2: Never mind the trillions of dollars of RADAR, sophisticated sensors and computers, or the hundreds of crewmembers on the bridge running it all. I’M LOOKING OUT THE WINDOW AND I SEE A….oh, never mind.

So you’d expect humans would be the weak point in the system, easily swayed by known Jedi and Sith telepathic capabilities. Although Jedi and Sith were never common even in the heyday of the Old Republic, their power was inconceivably strong and known to be effective against large groups. Even so, this technique did not seem to be a prominent method for combat. This may seem odd because most battles involve large numbers of ships at relatively close range. Certainly we’ve seen Force users manipulate others on a few occasions, including at least two obvious examples with Obi Wan Kenobi and one with Luke Skywalker. This power, used subtly, constantly, and pervasively was instrumental to Palpatine’s manipulation during his rise to power. In fact, this is the leading theory explaining why the Imperial Fleet scattered upon his death. Except for two of the aforementioned occasions involving Jedi, this technique was always subtle and used for strategic effect with small nudges, not outright control. Neither the Jedi nor the Sith were ever observed to use it in combat, nor any of their other powers beyond melee range. Perhaps this indicates that Palpatine heeded the dictum “The supreme art of war is to subdue the enemy without fighting.”

Starfleet crews totally depend on computer systems to understand and interact with the situation around them. Crews in Star Trek would seem particularly vulnerable to cyber and EW since their whole view out of the ship is fed through the main viewer and computer screens. They cannot even move the ship at all, even simply going straight forward at low speed during an emergency without the main computer operational. As for social or psychological vulnerabilities, Starfleet crews are constantly bumping into new species humans had never encountered before. Paradoxically their vulnerabilities are precisely the opposite of what we’d expect.

Shimoda_plays_with_isolinear_chips

Figure 3: The Chief Engineer playing Jenga with control chips, completely immobilizing the ship as a nearby star is about to explode. Not surprisingly, you never see this guy again. Seriously, do you even remember his name?

Computers are integral to Starfleet’s ability to even see outside the ship, much less control it, target weapons, or analyze their environment. It would seem that the perfect way to attack a Starfleet vessel would be to hack the computer into opening all of their airlocks or to shut down the antimatter storage confinement. But for all the total dependence on it and the sophisticated sensors feeding it, and the commensurately high potential electronic warfare and cyber hijinks, the crew seems to be the biggest vulnerability—by far. There were certainly some examples where hostile powers jammed Starfleet transmissions and a few examples of spoofed transmissions and transponder codes (how the Enterprise was able to penetrate Klingon space to rescue Captain Kirk and Dr. McCoy from the Rura Penthe penal colony). There were also occasions where another species penetrated their computer systems and shut the ship down or ransacked their records.

But this pales in comparison to the sheer frequency at which the crew itself was the attack vector in all of the series and movies. Nine episodes of the first 14 involved the entire crew or key leadership becoming incapacitated or controlled by outside powers. The times an unauthorized power took over the computer is insignificant compared to the scope of human vulnerabilities. The sheer depth, number of incidents, and myriad ways the crew or leadership of Starfleet vessels were controlled, manipulated, tricked, addicted, drugged, gas-lighted, and turned into sock puppets through strong forms of outright mind control should cause Starfleet to rethink how these systems are managed. Although many of these situations entailed the commanding officer making dubious decisions under the influence of an outside power over the objections of the crew, there were also many instances where the entire crew was affected. The best and brightest of Starfleet naïvely picked up strange androids, devices, and objects, or were careless about letting strangers obtain physical access to computer systems. Unauthorized outsiders (and often insiders) seized control of the ship or key decision makers regularly and didn’t even have to go through the trouble of taking control of the hardware themselves. This does not even include the galling number of times Starfleet personnel misappropriated or commandeered ships or other Starfleet property for their own purposes or engaged various levels of treasonous, mutinous, or well-meaning actions.

But nearly all of these relatively small numbers of incidents boiled down to going through a vulnerability of the crew. For example, Data spoofed Captain Picard’s voice authorization code to feign granting complete computer access to the Borg Queen when they failed to gain access themselves. The Borg could not gain access even with knowledge of the systems from humans they assimilated. This incident is even more troubling since Data’s ability to do that was itself a known vulnerability in the computer’s access controls. The Binars provide another rare example where outsiders gained full control of the computer and hence the ship. But these were Starfleet’s own contractors, and were authorized physical and root access to administer upgrades. The Binars performing the upgrade used their access to cause computer systems to falsely report that the engines were going to explode. They gained complete and uncontested control of the ship when the crew evacuated. But even this was ultimately attributable to social engineering because they were completely authorized for access and were granted clearance. Even Cadet Kirk’s famous hack to beat the Kobayashi Moru scenario was possible because he was familiar with the system had some level of access to the system as a student. He probably acquired the access controls by ahem socially engineering a member of the faculty.

Even Starfleet offensive operations targeting the enemy psyche are more effective than trying to penetrate their computer systems—even with species as dependent on them as the Borg. The Enterprise crew planned to use a cognitive virus comprised of an unsolvable geometric formula to attack the Borg. This approach was inexplicably abandoned and the captured Borg they planned to use as a carrier returned to the collective. But “Hugh” developed an individual personality, which spread like a plague through the psychological side of the collective and threw them into disarray anyway.

TNGCaption129e

Figure 4: Data was going to send over this bizarre Escher-like puzzle to the Borg to keep them busy, but instead, LaForge sent over a copy of Rage Against the Machine and copies of Kierkegaard, which gave them a fatal case of existential angst and mother issues. Data still doesn’t get it.

So it appears that human factors remain the greatest vulnerability to computer security centuries from now, just as they are today. These examples did not even touch upon deliberate misuse or commandeering of Starfleet ships or equipment by Starfleet personnel for their own purposes. It seems that Starfleet still suffers with the same information security issues we face today with human vulnerabilities and insider attacks. More distributed command responsibility or checks on the commanding officer’s authority will not necessarily help, and will cause potentially deadly delays in time-sensitive decisions. Clearly Starfleet needs to rethink command and control of their vessels and organizations, and how their personnel and automated systems can work coherently to bring out the best in both while protecting the other’s vulnerabilities.


Fear of Autonomous Systems:

Perhaps the marginal role and oddly circumscribed capabilities of computers and droids in Star Wars indicates past, even multiple past tragedies with artificially intelligent systems.

There’s evidence of this with killer robot and bounty hunter IG-88, allegedly a leftover from a smoldering droid/AI uprising. Although droids are capable of complex reasoning, tasks, and even emotion, their capabilities seem strangely circumscribed in many ways. R2D2 and C3PO are capable of fully autonomous action, complex reasoning and performing wide ranges of tasks, including many they were never designed to perform. Yet the first generation of Battle Droids fielded by the Separatists were kept under tight central control. They completely shut down in the middle of battle after Anakin Skywalker destroyed the central control ship. Later generations of Separatist war droids operated independently, but demonstrated severely constrained levels of intelligence compared with even the child-like intelligence of R2D2 and C3PO.

I mean, people may own slaves on this planet, but I'll be damned if I will let a kid drink.

Figure 5: “We don’t serve your kind here!” “Oh, you mean the droids?” “No, this is a bar, you idiot. We don’t serve MINORS! This may be a hive of scum and villainy, but even we have our standards.”

There is also a palpable disdain and distrust for droids, particularly in the aftermath of the Clone Wars. Written records cryptically mention that it is standard practice to wipe droid memory regularly. We know this only because Luke Skywalker insisted on making R2D2 an exception from this practice. This may also explain the ancillary role computers are given in operating ships and reveal why ships and fighters have such abysmally poor weapons targeting despite the power of computers and sensors.

Meanwhile, Starfleet has had several brushes with dangerous artificially intelligent systems, but has so far averted a catastrophe and embraces the use of complex and powerful computers and software. But there is a shadow of fear this may occur that casts a pall over the way some treat an android named Data. Data constantly had to defend his loyalty and very existence as a person throughout his career because of his potential and superhuman abilities. Moreover, as a computer that can have its hardware and software modified, he could be easily coopted (in theory). Yet although he too succumbed to manipulation and control, he actually fell under control much less than his human colleagues. Moreover, on several occasions he was the only thing standing between his crew and complete disaster because his mind works fundamentally differently and was not vulnerable to the same attack. Data’s twin, Lore, was certainly hostile, but mostly served to highlight the hazards of programming artificial intelligence with too many of the worst qualities of human intelligence and emotion.

There are a few other potentially dangerous artificially intelligent agents in Starfleet records. This includes one of Earth’s lost Voyager probes, which returned as V’Ger, but it became benign once it began to understand humanity and its mission better. Generally, every encounter Starfleet had with an existing or emerging artificially intelligent being ended satisfactorily, with the agent taking on a benign outlook, or were rendered safe. Generally Starfleet experience seems to indicate that intelligence is an intrinsically good thing, and only computers or androids with limited degrees of intelligence or understanding were dangerous.

For example, autonomous weapons systems with very limited intelligence in “demo mode” wiped out the population of an arsenal planet that produced them, as well as anyone else who stumbled upon the planet. These, and similar systems that doggedly and unreflectively followed their instructions with limited understanding of intent clearly showed something can be dangerous without coming close to human level intelligence, much less surpassing it.


Epilogue: A Staring Contest With An Unblinking Eye

funny-pictures-captain-kirk

Even when defeating hostile computers and malevolent AI, Kirk still used a social engineering approach.

Kirk defeated malevolent AI by using illogical prompts to cause it to break down.

The opposite is demonstrably more likely to be true.

 

Advertisements
Comments
  1. […] Not the Droids You Were Looking For: A Study of Human and Cyber Vulnerabilities […]

  2. […] had the upper hand in the electronic warfare spectrum that day) [Editor’s note: or that electronic warfare just isn’t a big part of Star Wars]. Leading this charge were the T-65 X-Wing in the space superiority role, joined by fellow […]

  3. […] The Star Wars universe is full of cyber security failures. Earlier this year, Grand Blog Tarkin (full disclosure: a site the author of this post founded and runs) pointed out that, while no one in Star Wars is good at cybersecurity defense, both rebels and Imperials are good at cybersecurity attacks. Jon Jeckell writes: […]

  4. […] The Star Wars universe is full of cyber security failures. Earlier this year, Grand Blog Tarkin (full disclosure: a site the author of this post founded and runs) pointed out that, while no one in Star Wars is good at cybersecurity defense, both rebels and Imperials are good at cybersecurity attacks. Jon Jeckell writes: […]

  5. Michael says:

    Two quibbles. 1) the Rebels (and the Resistance in the new movie) was more than happy to use sensors and (as another post on here points out) droids besides. 2) R2 fixes starships, hacks computers and is generally a more effective operative than most organics–who are you calling childlike! 😉

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s