How cybersecurity is like Star Trek's transporter

How cybersecurity is like Star Trek's transporter

Summary: We haven't quite figured out, even 200 hundred years after the time of Ben Franklin, how to reconcile our need for security with our need for freedom.

SHARE:
19

I want you to imagine for a moment that some bright young thing actually managed to invent a working transporter -- like the ones they have in Star Trek. Using it, you can beam from one spot on the planet to another in just a few seconds.

Now, imagine Walmart got into the act, and you could buy one of these transporters for three hundred bucks or so. Everyone would buy one. We'd beam to work. We'd beam across the country for really good Hungarian food. We'd beam down to Cancun for a dip in the ocean. And we'd beam into each others' houses, mostly just to say "Hi".

After a few years, though, the dropping in to say "Hi" thing would get old. Some of our friends just wouldn't respect our requests that they call first.

Worse, bad guys start picking up on the opportunities offered by instantly beaming in and beaming out. More and more people would be sitting on their couches, cooking in their kitchens, or standing in their showers, minding their own business -- as thieves beam in, steal valuables, and beam out.

Some people would protect their homes, erecting Faraday cages around their homes. Faraday cages block the transporter signals, but they're not cheap or easy to set up. Over time, some of the more upscale homes and offices are actually built with Faraday grids in the walls.

But most people, businesses, and even government agencies don't have Faraday cages to protect against transporting marauders.

More sophisticated criminals beam into offices and hide, sometimes staying there for days, stealing plans, access codes, and product information. Terrorist groups get into the act. At first, they try electrical power stations, but those are pretty well guarded. But old pumping stations, bridge caisons, and other less well-protected (but no less important) infrastructure elements are rapidly compromised by the terrorists. Planting a bomb is absurdly easy if you can simply beam in and beam out.

National governments get into the game. When one nation can't convince another nation to do something like, say, stop making nuclear weapons, it's easy enough to just beam in and break things up from inside. It's also easy for other nations to beam into government offices, military bases, and even inside aircraft and steal information, plant wrong information, or even fiddle with the controls of a flying vehicle.

Some people don't believe there's a problem. No one has ever beamed in on them while they're doing the nasty with their spouse, so they just don't believe it's a problem.

Many people have had their lives transformed by transporter technology. Doors have opened that were never before possible, and they're unwilling to have transporter technology regulated, just because there might be some rogue beamers out there.

Others are concerned about government intrusion. If Marge down the street can beam in when she wants a cup of sugar, couldn't a government goon beam in just because a tax return wasn't signed?

These are all valid points, but there are still bad guys out there, beaming into peoples' homes, stealing their life savings (and their stuffed animals), and beaming out. There are still bad guys out there, beaming into railroad switching facilities, and sending the train going east directly into the path of the train going west. And there are still bad guys out there, beaming into government armories, and stealing surface to air missiles that they can then sell to other bad guys, who fire them at our passenger jets.

At this point, it's too late to stop the sale of transporters. Millions of people own them. It's also hard to make laws, because a law in America won't stop, say, Russia, from beaming some Spetsnaz commandos into an American office building and stealing plans for products that cost billions of dollars to design.

But something must be done. Some government-level control must be put into place because Americans are at risk.

By now, you've probably picked up on the analogy. The transporter is like our digital technology. While Russians aren't beaming commandos into our laboratories, countries like Russia and China are penetrating our computer networks. Terrorists are attacking our companies online. Criminals are stealing the life savings of regular American citizens.

Last week, President Obama wrote an op-ed piece in the Wall Street Journal, describing the risk of cyberattack and why he thinks the newest draft of the Senate Cybersecurity Act of 2012 is worth passing.

See also: Obama: Cyber attack serious threat to economy, national security

By almost all accounts, this bill is far less heinous than previous drafts. This bill recognizes the basic rights of privacy Americans have been guaranteed since the Bill of Rights was ratified on a cold and blustery December 15th, back in 1791.

It's a better bill, because it no longer mandates (i.e., forces) businesses to implement costly and probably impractical cyberdefense strategies. It's a worse bill, because it no longer mandates (i.e., forces) businesses to implement defensive and absolutely critical cyberdefense strategies.

It's not a bad bill, and it probably should be passed into law. It's also not a good bill. It can't be, because we don't really have a good way to protect our citizens and our interests from the global threats of cyberattack, cybercrime, and cyberespionage. We also haven't quite figured out, even 200 hundred years after the time of Ben Franklin, how to reconcile our need for security with our need for freedom.

But this bill is a start. We'll need to make a number of forays into both legal and technical solutions to the problems and profound opportunities presented by the modern Internet.

A lot more needs to be done, and what we really need is a comprehensive, centralized approach to how we defend our nation. It also wouldn't hurt to have Montgomery Scott on our side.

Topics: Security, Government US

About

David Gewirtz, Distinguished Lecturer at CBS Interactive, is an author, U.S. policy advisor, and computer scientist. He is featured in the History Channel special The President's Book of Secrets and is a member of the National Press Club.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

19 comments
Log in or register to join the discussion
  • Seriously a prop from a science fiction series?

    "The transporter is like our digital technology" except the anology is a piece of science fiction, the proposed laws aren't.

    Say no to govt expansion, we can address the transponder issues when they arrive;-)
    Richard Flude
    • They call them 'metaphors'

      I don't mean to be unneccesarily rude, Richard, but it's a metaphor, you simpleton. And speaking of such, as the article says, a non centralized approach, or even, leaving people to fend for themselves will result in only the most well-off and/or knowledgeable people being protected.

      That's possibly more of the people reading this article (who are knowledgeable and able to protect themselves to a larger degree than the average person), but it's far, far less, of the general population.

      Indeed, per the author, "We also haven't quite figured out, even 200 hundred years after the time of Ben Franklin, how to reconcile our need for security with our need for freedom."
      pjnlsn
      • Sure, if he hadn't spent the first part of the article describing it

        Transponder is nothing like digital technology. One exists and has well understood and known threats, the other is imaginative.

        Drawing the analogy between the two (not using as a metaphor) is absurd.

        The centralise approach guarantees no more success, the US government completely inept at providing any protection. More legislation would protect anyone, it never has particulary given the attackers will be out of its jurisdiction.

        Security by government and liberty are mutually exclusive. I pick the later, as the former has shown to be the greatest threat historically.
        Richard Flude
        • Yes and no

          The 'transporter' concept is quite different from the internet. It operates in the way a lot of people mistakenly believe the internet operates, i.e. in allowing a thing to be 'magically' moved from one point to another. The internet is actually much closer to a road network, because all internet packets have to travel over defined network infrastructures. They cannot simply 'transport' from one point to another.

          The road network analogy is of course imperfect. Cars and other road vehicles move much more slowly than network packets, the cost is much higher, they are much more concentrated, etc. Nevertheless, the overall structure is much closer than the 'transporter' idea, and arguably close enough for legal parallels to be drawn. Countries build road links and then connect them to foreign road links, creating continental road networks. (Cars can travel off-road, but most can't do it very effectively.)

          There are two interesting points about road networks. The first is that most countries do not allow unrestricted foreign access to their road networks, except in special cases of multi-national agreements (e.g. the Schengen area in Europe). The second is that road vehicles and those who operate them are required by law to be registered with central public authorities. This does slightly increase the costs of road travel/commerce, but almost everyone understands that the alternative would be much more costly, owing to the resulting rampant crime and general chaos (a vaguely similar historical example was roads in the Middle Ages).

          The internet today is like a global road network with no vehicle or driver registration scheme, and virtually no border controls. All sensible people understand that a global road network operated in this way would be a tremendous boon to criminals and authoritarian regimes (which could protect their own borders whilst enjoying free travel outside), and a disaster for law-abiding citizens. At the same time, if the choice was falsely presented as a binary one between a global road network of this kind and no road network at all, then many would reluctantly conclude that the presence of rampant crime and general chaos was a price worth paying for the benefits of modern travel. This is approximately the situation we find ourselves in regarding the internet.
          WilErz
    • Seriously, a prop from a science fiction series.

      And David Gerwitz did an excellent job of correlating the analogy... you DID get that he was using the fictional transporter technology as an analogy for cybersecurity, right? Because I have serious concerns about your sanity if you actually believe that he was really speaking about transporter regulations.
      athynz
      • My point

        Using fictional fears to defend very real legislation is ridiculous.
        Richard Flude
      • A better SF analogy would be

        Tiger, Tiger or (The stars my destination) by Alfred Bester

        Here jaunting or teleportation is part of the society resulting in rich people ostentatiously using physical transportation and women are often locked behind mazes to prevent intruders.

        One of the best SF books of all time and something I hope I see come to film someday ;-)
        Tony_McS
  • We're muddlin' as fast as we can, cap'n

    Did you see where no one was allowed to transport in or out of Syria for 40 minutes the other day? Maybe it was a mistake. But maybe it was a test of Syria's comprehensive, centralized approach to transporter regulation. That's the trouble with comprehensive, centralized approaches to anything: any mistake becomes a really big mistake, and you have to be very careful about who you let near the control panel.

    Many people are uncomfortable with "muddle through" as the most desirable strategy for handling these sorts of things, but muddling through is in fact how humans deal with a whole host of very complicated problems like this... usually to pretty good effect.

    The alternate strategy, which involves hiring infinitely smart people to design one centralized comprehensive approach fix it all at once, breaks down when the hirees turn out not to be infinitely smart.
    Robert Hahn
  • Very good article!!

    I do not think that this is even an analogy. Today's communication is almost like teleportation. Tomorrows communcation will replace the need for teleportation! Why do I need to go any where? Ok, I went to a movie this weekend, Batman. Hard to get the same experience on my 42" TV. But.. Twenty years from now??
    Muddling is like democracy, it is slopply and inefficent until you consider the alternatives. GO SLOW. Baby steps. Yes, it will get ugly but it will turn out in the end. I say this because basically the vast majority want/need what is best for all of us.
    davidmpaul
    • 42"?

      Get bigger TV/surround sound and have a BETTER experience than the theater right now, forget about 20 years in the future.
      Kublakhanonomous
  • There is of course the alternative....negative reinforcement.

    Of course, in transporter terms, if our Faraday Cages or incoming beaming detection software (patent pending) "interrupted" and cancelled in-flight beaming attempts, a few lost "packets" of people would send a strong message: Call first.

    And, sorry about that last disconnect; we'll miss them....
    HvyMtl
    • To bits

      I know what you mean. We were watching a movie the other night when some guy materialized in the living room and said, "Hi! Do you have enough life insurance?"

      Fortunately, he's not the only one with Star Trek technology: we have a Romulan Disruptor.
      Robert Hahn
  • Set Phasers to Obliterate

    In keeping with the metaphor, the way the internet and computer networking in general now works needs to be annihilated and replaced by something that has been designed from the ground-up with security in mind. No single company or government entity can hope to combat an onslaught by the forces of governments and hackers looking for a crack in the armor, a way in to create havoc. Much of this is because security, as it stands, is a reactionary response to a detected intrusion -- sure, you can spend some resources trying to shore up your defense by looking for weak spots, but with many more enemies at the gates, they are likely to find the vulnerabilities faster and in greater quantity.

    I'm not smart enough to speculate just what might constitute a completely secure, yet highly functional system. However, currently we are in a circle-jerk pattern that offers no escape. I would hope we're currently pumping $$$ into think tanks that are exploring other avenues because getting ahead of the bad guys is like going into battle against overwhelming odds.
    jvitous
  • I fully agree

    The one key thing that's missing is a discussion of borders. Given that legal systems are national or supranational (e.g. EU law), proper enforcement requires external borders. Without borders, enforcing the law would hopeless. With borders, it is at least possible. Moreover, with sufficient co-operation (on standards, extradition, etc.), borders can even be selectively eliminated (e.g. the Schengen area in the EU).

    Many people seem to think of the internet as some sort of amorphous 'cloud', when in fact it is a collection of fairly well defined networks, some of which cross national borders. All internet traffic has a geographically defined starting point and ending point. Any traffic that crosses a border has to travel over a cross-border link (wire, air or satellite) at some point, either an internet link or a private link.

    A primary cause of the chaos on the internet is the lack of border controls, particularly between stable countries where effective rule of law is present and chaotic or authoritarian states where it is not. This is fundamentally a political and not a technical issue, in much the same way that physical borders are (despite disingenuous claims by open-border extremists that physical borders somehow can't be enforced).

    The first step towards stopping cyber-crime is to start controlling borders. In many cases they can and should be open, just as many physical borders are open for visa-free and even passport-free travel. In high-risk cases, however, they should be controlled by an 'internet visa' scheme, unless and until the high-risk country reaches a sufficient level of development and legal harmonisation.
    WilErz
    • I disagree

      with your conclusions, though I can see where that line of thought would come from. I believe that the first step towards security on the Internet would be COOPERATION, where the various nations would draft and adopt rules for Internet use that all countries would agree to and enforce. This would obviate the need for borders in cyberspace, as such, and make it much more difficult for (to return to the Star Trek analogy) anyone to "beam" into a place where they were not authorized to. However, with the current state of world tension and unrest I do not believe this is possible. Maybe later...
      Arkyn1
  • This analogy is so bad...

    This analogy is so bad that I don't know if laugh or cry (or both, they would do the same analogy):

    - First, the Internet was created by militia and universities (and the speed was so slow that it was actually faster to save the data in a physical device and walk to the other machine than wait for it to be transfered).

    - Second, the Internet was made to share information between its nodes; and for that, the nodes have to exist and be connected (nothing stops you from disconnecting yourself). The transporter needs no receptor device.

    - Third, the Internet isn't by design a mean of intrution; the transporter is.

    - Fourth, most security issues aren't fault of the Internet, but of the receptor nodes were the info resides (if something would have to be regulated, it should be the servers).

    The companies that have important information should have their services regulated and tested regularly in deep by profesional hackers; or else won't be allowed to provide access to their info online.

    The past acts had for priority to fight piratery. This was only in benefice direct to the enterprises, not to the customers and normal day users. A regulation to enterprises and governement sites and services (internal and external), would be more benefical for the security of their information and of their customers.
    gates_clone@...
  • Security

    Criminal activity is criminal activity, whether performed in person or via the Internet. If it's illegal to steal something, it matters not the manner in which it was stolen. Since thieves are getting more resourceful, we also need to be dillegent in keeping them out.
    bb_apptix
  • Comments Suck

    As usual, the people responding to the article are, except for a very few, quite dopey. Some can't even seem to figure out the difference between a transporter and a transponder. Get a grip girls. Maybe the analogy was a stretch, but it's just a way to get you to think about the Internet in a way you might not have thought about it before. Someone actually said, "Using fictional fears to defend very real legislation is ridiculous." I guess some people are just clueless. Ever read a little book called "The Jungle"? How about "Animal Farm"? "1984" maybe? Clueless, clueless, clueless. Happy Friday everyone! :D
    JoeFoerster
  • Competence matters

    Before we appoint any government agency to oversee computer security at private companies, we should identify some agency that is competent in the field of computer security. With the exception (perhaps) of the NSA, whose unsuitability for such a regulatory task is clearly manifest to all rational citizens, there is no such competent agency.

    However, if the ATF or whoever manages to "train up" for this new task, let's sic 'em on the defense contractors first. If they can manage to design a new plane or weapons system without all the plans making their way to Beijing before the first prototype rolls off the assembly line, THEN we can talk about how much help the government can be to private companies.
    mon0cular