September 25, 2017 By Christophe Veltsos 5 min read

Many people in the security industry today grew up watching “Star Trek,” from the original episodes to Next Generation, Deep Space Nine, Voyager, Enterprise and the many other series that followed. In anticipation of the upcoming “Star Trek: Discovery” series, we thought it would be a good time to remind our readers that, beyond the entertainment value, “Star Trek” also provides useful metaphors to help security professionals communicate with executives and fellow staffers.

A ‘Star Trek’ Darkly: To Boldly, Securely and Easily Go to the Cloud

Eight Cybersecurity Lessons for Your Security Starfleet

When it comes to security, the typical enterprise is really not so different from the USS Enterprise. Without proactive risk management, savvy threat identification and effective incident response, neither a business nor an intergalactic vessel can survive. Below are eight cybersecurity lessons that security professionals can take away from “Star Trek.”

1. The Warp Core

Let’s start with the Warp Core, one of the critical drive-trains of the Enterprise spaceship, without which there would be only limited travel. Instead of going boldly where no one has gone before, the Enterprise would be limited to exploring space within a few light-years of earth.

For organizations today, data is truly the equivalent to the Enterprise’s warp core. Without data, the organization is stifled and cannot accomplish its important mission objectives. However, much like the Warp Core, data, if not properly handled, can also lead to the enterprise’s destruction.

Captain’s log: You need the core, but it’s unstable. Ditch any toxic data that is no longer needed and keep a close eye on those dilithium crystals.

2. The Trouble With Engineering

It seems like in almost every episode, the captain has to call down to engineering to get an update as to what’s broken and how long the fix will take — an advanced form of mean time to repair (MTTR). “Engineering, status report,” says the captain with a tone of frustration, since his ship is stopped in enemy space with no impulse engines to maneuver. Let’s face it: Without engineering’s ability to fix things, the Enterprise is a sitting duck.

Similarly, today’s organizations depend entirely on a different kind of engineering called IT infrastructure. Without IT infrastructure, the organization may as well shut its doors and send employees home, because it won’t be able to process anything or make any kind of forward progress. Of course, IT infrastructure can break on its own when humans make honest mistakes or determined attackers infiltrate the network.

It’s important for organizations to keep their engineering department functioning well and to routinely practice responding to disruptions, whether purposeful or accidental. No captain wants to command a sitting duck of a ship.

Captain’s log: IT engineers empower the organization to move forward. Check on them often and remember to have them practice their incident response.

3. Shields Are Holding — For Now

Along with troubles in engineering, many “Star Trek” episodes saw the Enterprise’s shields go from “shields up at 100 percent” down to shields barely holding in a matter of minutes. Ships need shields to avoid being disintegrated by enemy ships, punctured by space debris or pulled apart by gravitational waves when they fly too close to large planets.

Organizations today use their technical controls as virtual shields of sorts, providing a layer of defense outside the perimeter of the ship. However, much like shields, your technical security defenses may fail and leave you exposed to the elements or, worse, to an enemy ship just waiting for a chance to take on the mighty Enterprise.

Captain’s log: Shields are necessary, but not sufficient. Shields may be here today but gone tomorrow, and they cannot guarantee total protection. Stay vigilant — you might have to declare red alert soon.

4. Sensors and Cloaking Devices

The Enterprise has a full range of sensors. Some provide close-up information while others scan deep space to detect ships and other astronomical objects of interest. In some instances, these sensors even detect the presence of alien life forms. But just when you think these sensors give the Enterprise an edge, you learn about another race of humanoids that has developed cloaking technology. Can you really trust your sensors, or is a pair of Klingon ships about to decloak in front of you?

Captain’s log: You can’t always trust what your sensors are telling you. Stay alert and monitor your internal and external environments for signs of possible intrusions.

5. Status Reports

With every encounter, the captain (be it Kirk, Picard or the many other leaders on the bridge) routinely calls for a status report. In many cases, those reports could be generated directly from the bridge with the help of the sensors and the well-trained bridge staff. Sometimes, however, the captain needs to take a hands-on look at the situation down in the bowels of the ship. Would you trust a junior Starfleet staffer to provide this report? Unlikely. Instead, you’d ask one of your trusted responders to investigate and report back.

Captain’s log: Every incident should be followed by a status report. While you’re at it, elevate the effectiveness of those reports by documenting and communicating lessons learned.

6. Doors Blocked? They’ll Use the Hatch Panels Instead

The Enterprise is boarded by enemies on several occasions throughout the “Star Trek” series. Those who gain control of the bridge cab then use the full power of the bridge’s computers and control panels to launch scans and other nefarious actions at the defending trekkies. Luckily, the defenders know the backdoors and hatch panels, through which they can disappear to behind-the-scenes areas of the ship where sensors and enemies cannot find them.

Captain’s log: Controls can look and feel sturdy, but without regularly testing your hatch panels, you might fool yourself into thinking you’re safe and all your doors are locked. In reality, all an attacker has to do is to pop open one of those panels and move about the organization undetected.

7. You Can’t Escape Gravity

On several occasions, the crew of “Star Trek” finds itself perilously close to being turned into gravitational mush. Sometimes, it is due to failed warp cores; other times, failing stabilizers or shields are to blame. Whatever the cause, the pull of gravity is strong — too strong for a ship in distress to resist with mere impulse thrusters. But gravity isn’t always an enemy: The Enterprise is often able to flee out of harm’s way by slingshotting around a planet or sun.

Organizations today cannot exist without business partners and suppliers. These entities provide much-needed resources to the organization, from raw supplies to revenue streams via business partners. However, these relationships make the continued well-being of the organization highly dependent on those partners.

Captain’s log: Third-party risks are real and should not be underestimated. Even a fully functional organization can be taken down by the cybersecurity risks present in its third-party vendors. Resilience is key. Don’t let third-party gravity bring you crashing down.

8. Mr. Spock Versus Data

Both Captain Kirk and Captain Picard rely on keen aides to help sort things out and, on occasion, to help untangle the human emotional biases of decision-making.

So who would be a better cybersecurity advisor to the CEO: Mr. Spock or Data? Both have sharp minds and are able to separate emotions from situations, even though one accomplishes this by repressing his emotions while the other simply cannot process any emotional undertones. However, as a fan commented, both “filled similar niches in being foils for humanity as a whole, as well as outside observers and commentators on our traits and history.”

Captain’s log: Every CEO needs a Spock or a Data. In this era of monthly breaches, the importance of a good cyber risk advisor cannot be overstated. The ultimate decision is yours, Captain, but at least you’ve been forewarned.

A ‘Star Trek’ Darkly: To Boldly, Securely and Easily Go to the Cloud

More from CISO

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Boardroom cyber expertise comes under scrutiny

3 min read - Why are companies concerned about cybersecurity? Some of the main drivers are data protection, compliance, risk management and ensuring business continuity. None of these are minor issues. Then why do board members frequently keep their distance when it comes to cyber concerns?A report released last year showed that just 5% of CISOs reported directly to the CEO. This was actually down from 8% in 2022 and 11% in 2021. But even if board members don’t want to get too close…

The CISO’s guide to accelerating quantum-safe readiness

3 min read - Quantum computing presents both opportunities and challenges for the modern enterprise. While quantum computers are expected to help solve some of the world’s most complex problems, they also pose a risk to traditional cryptographic systems, particularly public-key encryption. To ensure their organization’s data remains secure now and in the future, chief information security officers (CISOs) should educate themselves about quantum computing, proactively address the coming quantum risks to cybersecurity and work to establish cryptographic agility in their enterprise.A future cryptographically…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today