Last updated at Tue, 06 Jun 2023 16:35:01 GMT
Star Trek II: The Wrath of Khan demonstrating the very best and worst of cybersecurity in the 23rd Century
For those new to the Sci-Fi game, Star Trek II: The Wrath of Khan is a 1982 science fiction film based on the 1966-69 television series Star Trek. In the film, Admiral James T. Kirk and the crew of the starship USS Enterprise face off against a genetically engineered tyrant Khan Noonien Singh for control of the Genesis Device (a technology designed to reorganise dead matter into a habitable environment).
It is widely considered the best Star Trek film due to Khan's capabilities exceeding the Enterprise's crew and its narrative of no-win scenarios. To celebrate the 41st anniversary of its release, this blog looks at The Wrath of Khan through a cybersecurity lens.
Khan's Wrath
In the opening scene, Kirk oversees a simulator session of Captain Spock's trainees. The simulation, called the Kobayashi Maru, is a no-win scenario designed to test the character of Starfleet officers. Like in cybersecurity, a no-win scenario is a situation every commander may face. This is as true today as it was in the '80s; however, you can certainly even the odds today.
Having a clear cybersecurity mission and vision provides more precise outcomes; however, like Spock was so keen to highlight, we learn by doing, as the journey is a test of character, and maybe that was the lesson of the simulation.
We then learn how Khan seeks to escape from a 15-year exile on an uninhabitable planet and exact revenge on Kirk. Khan is genetically engineered, and his physical strength and intelligence are abnormal. As a result, he is prone to having grand visions and likely has a superiority complex. Unsurprisingly, his own failures and those of his crew reverberate around him, consuming him and giving him a single unstoppable focus.
In a cybersecurity context, Khan represents threat actors slowly descending on you and your organisation. They are driven to succeed, to inflict pain, gain an advantage, and steal technology. Most, like Khan, have a crew, a band of like-minded individuals with a common objective. If Khan, in this example, is the threat actor, Starfleet represents an organization operating in today’s threat landscape.
Ceti Alpha FAIL!
There's no other way to describe it; there are simply some forehead-slapping moments regarding basic cybersecurity practices in The Wrath of Khan. For example, the starship Reliant, a science vessel, is on a mission to search for a lifeless planet called Ceti Alpha Five to test the Genesis Device. Two Reliant officers beam down to the planet, which they believe to be uninhabited. Once there, they are captured by Khan as part of his plan to seek revenge against Kirk.
Khan implants the two crew members with indigenous eel larvae that render them susceptible to mind control (Think Insider Threat.) and uses them to capture the starship Reliant. With seemingly no quarantine procedures in place, they return to the Reliant, and quickly beam Khan and his crew aboard.
However, just like a cyber threat actor, Khan doesn’t stop there. He wants more... and since everything has gone unnoticed so far, he can press home his advantage. He learns about the Genesis project the science team supported and quickly realizes that he can use the device as a weapon.
The Hubris of the Defeated
Next, the Enterprise receives a distress call from the space station to which the Reliant is assigned. There are several examples of poor cybersecurity best practices in this scene; so the audience knows an attack is about to happen, but the Enterprise crew are completely unaware. This scenario is similar to the cybersecurity vulnerabilities many modern organisations face without completely understanding their risks.
The Enterprise, still operated by Spock’s trainees, encounters the Reliant en route to the space station. Ignorant of the forthcoming danger, Kirk approaches the Reliant with its shields down; and Khan draws them closer with false communications until they are in striking range.
The junior bridge officer, Commander Saavik, quotes General Order 12: 'When approaching a vessel with which communications has not been established, all Starfleet vessels are to maintain maximum safety precautions... but she is cut off. Kirk carries on despite having processes for just such a risky encounter AND having just received a distress call from the space station. Failing to follow security guidelines makes Khan's surprise attack even more powerful.
Going into an unknown encounter with their shields down and with the opposition having sufficient time to plan the attack, the Enterprise's critical systems are targeted. The battle begins, and chaos erupts among the inexperienced crew; people panic and leave their posts due to the shock and awe of the attack. The attack is over in just 30 seconds. Enterprise is disabled, dead in the water, and utterly vulnerable. This is reminiscent of just how fast cyber attacks can happen and the feeling of helplessness and panic that can overcome an inexperienced team in the aftermath.
Reeling from the initial battle, Kirk and Spock survey the damage on monitors. 'They knew exactly where to hit us', Spock observes. With insider knowledge, time to plan and poor security procedures, the attack was devastating. Finally, Khan appears on the display monitor, revealing he was behind the attack on the crew of the Enterprise. The mistakes of Kirk's past flash across his face.
Ol’ Comeback Kirk
If you’ve ever watched Star Trek, you know that you can never count Kirk out. The man can see himself out of a jam. Yes, he messed up; but he wasn’t about to back down. What is demonstrated over the next 2 minutes of the film is much like the very best of cybersecurity collaboration.
Khan originally intended to gain revenge for the past by destroying the Enterprise, but seeing this as an opportunity, Khan offers to spare the crew if they relinquish all material related to Genesis (think Ransomware).
Kirk stalls for time so his senior bridge officers can search their database for the Reliant's command codes. They use the five-digit code (16309, in case you're interested) to order Reliant's shields down remotely and gain access to their critical infrastructure and launch a counter attack (effectively hacking the hackers).
What's most impressive about this scene is that despite the damage and destruction that Khan inflicted, the crew kept their heads, thought logically and responded rapidly. Relying on each other's knowledge and experience to prevent further misery—they even take the time to teach and communicate what they are doing to the junior officers (learn by doing, as the journey is a test of character).
It's a satisfying moment for the audience as you see the aggressors being attacked themselves. You watch panic flood Khan's face as he struggles with the counterattack and is ultimately forced to retreat and effect repairs. Kirk’s scrappiness and the team’s quick thinking in the face of disaster makes for an exciting movie.
In the real world, however, it is critical to implement measures that enable you to avoid or quickly recover from threats. When developing (or improving upon) your cybersecurity strategy, look for tools that:
Provide visibility into external threats
- Stay ahead of threats to your organisation, employees, and customers with proactive clear, deep, and dark web monitoring.
Mitigate threats before they have an impact
- Prevent damage to your organisation with contextualised alerts that enable rapid response.
Help you make informed security decisions
- Easily prioritise mitigation efforts to shorten investigation time and speed alert triage.
To learn more about how a Rapid7 detection and response solution might fit into your cybersecurity strategy, watch our on-demand demo.
Finally, from one Enterprise to another: Live long and prosper.