Cybersecurity in Star Trek: Voyager
I am watching through the first season of Star Trek: Voyager for the first time this year. It is great sci-fi, and as a physicist and cybersecurity researcher I am also noticing a lot of the space gobbledygook is actually pretty legit.
Yeah, I love to see the crew scan for neutrinos and anti-neutrinos like it’s nothing, using truly futuristically miniaturized technologies that actually only exist in real places like SNOLAB — the world’s deepest underground laboratory — where I was privileged to visit and give a talk for a conference in 2019.
I wonder where the liquid argon is stored in Voyager? Or have they discovered a new way to detect weakly interacting particles?
In any case, my own background thus far has focused on quantum information and cybersecurity, so I can speak to these topics at greater length. Voyager has certainly not disappointed in these areas either!
Setting the Stage
One thing I’ve noticed about the series is that it tends to explore themes closely in pairs of episodes. Yes, there are many themes that span several episodes, or are the focus of virtually every episode — as with the need to return the crew (or someone or something they’ve encountered) home. However, a few pairs of episodes also stand out. One such pair is “Phage” [3] and “The Cloud” [4]. In the first, the crew is horrified to be assaulted and have their organs harvested by predatory humanoid aliens. In the next, they are horrified to find that they themselves have accidentally done something similar by harvesting the parts of a cosmic entity for energy.
The first episode also leads into the second via a scaling-up of the apparent Vidiian trap (first a crewman is trapped and assaulted, then the Voyager herself). I think this was a really nice way to smoothly give abstraction to the moral dilemma that is shared between the two episodes; which in the first is almost totally unforgivable and in the second is an almost totally understandable error. This sets the stage for a deep consideration of the moral dilemma presented in both a personal and practical as well as general and metaphysical sense.
Another such pair of episodes is “Heroes and Demons” [5] and “Cathexis” [6]. The first takes place in a holonovel version of Beowulf, and the second during a harrowing encounter with the Komar, who present a fundamental threat to the security of Voyager and her crew. On its own, “Cathexis” is a great — seriously great — case study in cybersecurity. Paired with the context of “Heroes and Demons”, these episodes invite us to consider the bigger picture — of why we have a need for cybersecurity and for trust — as a part of our humanity.
Cathexis
At one point in this episode, I wanted to pause and write down the situation facing the Voyager and her crew — it sounded just like a question I might put on an exam in a cybersecurity course if I ever taught one, or helped create the exam material.
Here was the situation in broad strokes: the Komar were an alien species that could superimpose their own brain waves on those of human crew members for brief periods of time, in which the crew members would act according to the alien’s desires instead of their own. Yes, a lot like the popular game ‘Among Us’ but worse!
The first strategy that Captain Janeway posed to combat these alien invaders was to entrust her command codes to the holographic doctor who would act as an automated sanity check for the human members of the crew, who could in theory be compromised — including Janeway herself.
This was making the following assumption:
A computer can be trusted more than humans can trust each other, and themselves.
Is this a justified assumption? Before we simply spoil the episode by jumping ahead to what happens, let’s think about this in the way that the episode suggests to us. A problem statement was given to us by the holographic doctor:
“I’ve found something and you’re not going to like it. This is Mr. Paris’ memory engram for the last 24 hours. As you can see, it has a very consistent and distinctive modulation except at 1350 hours. For one minute fourty seven seconds, a different memory pattern appeared. 1350 hours is also the exact moment when Mr. Paris presumably tampered with navigational control. It gets worse. In addition to that, there is another disruption at 1202 hours, the moment when he allegedly entered the new course at the helm. I also found there’s an identical disruption in Lieutenant Torres’ pattern at the moment she shut down warp power. I should point out that this is a neural electrical signature — what I believe to be another brain wave that was superimposed on their own.”
— Cathexis by Brannon Braga and Joe Menosky [6]
Wow! How could we combat that kind of a threat? Well, I believe this episode is actually a commentary on a real issue we have been dealing with together as humans since time immemorial. On a personal note I think (as the holographic doctor hints in the episode) that psycho-spiritual beliefs often express common human experiences in their own unique dialects. Often these dialects evolved before we fully understood what they described. Star Trek isn’t a psycho-spiritual belief, but it does also use metaphor to explore human experience — and the issue being described in “Cathexis” sounds too much like a classic trigger.
When a person is triggered, they will find themselves experiencing the present through the lens of a past experience that lives on in their mind as a memory. Often, the remembered event is a traumatic one and therefore tagged as important learning material by the brain; hence its readiness to be recalled.
If Voyager had a counselor aboard (which it really ought to have!), I wonder if counseling may have been sufficient for the crew to ward off the Komar? As a side note, counselors really deal with Star Trek level problems on a daily basis and are basically super heroes.
Another cue as to what the episode is trying to address is the episode’s proximity to “Heroes and Demons”, the previous episode. In “Heroes and Demons” the crew has to face the monster Grendel, who is rightly attributed with representing the Danes’ fears and depravity (the absence of laughter and light).
“Repelled by light and laughter, the beast waits until we slumber. Then, bereft of remorse, Grendel comes in murderous rage to my hall to take my people and there is nothing anyone can do to stop it. if you are wise, you will forego your vengeance and return home. Death lives here now.”
— Heroes and Demons by Naren Shankar [5]
In “Heroes and Demons”, Grendel turns out to be an alien that can be taught to learn to trust the crew and then ceases hostilities. In “Cathexis”, the aliens in question are not so approachable but literally want to enslave the crew and harvest their neural energy!
In the absence of a counselor ( / the ability to reason with the Komar), the crew takes an approach that consists of trying to manage rather than address the fundamental issue at hand. This is where we find them entering the field of theoretical cybersecurity. In theoretical cybersecurity, problems are understood from a distance by theoreticians whose job it is to make things easier, one structural level removed from “bare metal”.
Star Trek presents an interesting synthesis of the fundamental goal of restoring hope to people with a technical, high-level approach that looks a lot like scientific research. It is first presented in the pair of episodes by Tuvok’s stated purpose for dealing with Grendel.
“To what purpose? To raise false hope again in his majesty as did your kinsmen? Leave us alone in our misery.”
“If you would allow us to assist you, perhaps we could help alleviate your terror…We have no intention of slaying anyone. We simply wish to examine the creature.”
— Heroes and Demons by Naren Shankar [5]
In both episodes, there is hope for the crew and for their holographic friends, and through both the intellectual approach taken by Tuvok in “Heroes and Demons” and by the crew in “Cathexis”, hope is realized.
Spoiler alert: the computer is not the crew’s only or final hope!
The crew starts trying to combat their own minds’ vulnerabilities by creating a hybrid human-computer authentication system, wherein command codes may be used by Captain Janeway, but her commands must each be vetted by the holographic doctor. This is a fun variation on the type of hybrid system we more often see in reality. If you have ever worked in a software development role, you are likely familiar with code reviews. In order to have your code (pull / merge request) accepted, a human must first vet it. You must also have a password, secret, etc. handy (say in a password keeper) to create the request in the first place.
I am not sure whether it is just adding to the hype or worthwhile to note that projects like GitHub Copilot bring us closer to the possibility of automating quality assurance steps like code reviews, using AI that can understand code in context.
Whether we will actually get there remains to be seen, but imagine a CI / CD pipeline with a “visit to the holographic doctor’s” as a step after test execution, and before automatic deployment! As a former QA Specialist, and having written a chapter of my Masters thesis [9] on test automation, this makes me very excited!
It is also worth introducing an approach to gating code execution from blockchain at this point [10]. In Ethereum based blockchains, a “smart contract” is essentially a piece of code that defines a virtual agent’s method of interacting with other entities. In order for a contract’s source code — its modus operandi — to actually be executed and run, it must be powered by “gas”. It must be paid for its services. This is an abstract, virtual and financial way of voting that mimics traditional economics which essentially serve the same purpose. Only, people and businesses are not being “voted” into continued financial existence. Instead, abstract algorithms are.
There are three main conceptual components to cybersecurity: confidentiality (keeping secrets secret), availability (quality of service (QOS)), integrity (reliability); and three main technical components to cybersecurity: authentication (identifying users), authorization (allowing users access to particular data) and non-repudiation (making sure events cannot be misrepresented) [15]. Blockchain technologies innovate in each of these areas, but most notably in the traceability and verifiability of events and / or transactions on the blockchain through encryption / decryption algorithms. Since blockchain systems are decentralized (meaning data is shared between participating nodes), the nodes need a method to reach consensus on all of the events that have occurred in the network.
Many voting and consensus algorithms exist, which I write about in my QIP article, which also goes more into depth on blockchain technology [10]. I have spent a lot of time thinking about better (healthier) consensus algorithms as well. For example, many consensus mechanisms do not depend on wealth and are not biased towards those with abundant resources. In this sense, I see blockchain as an experiment ground for models of interaction that could one day help us achieve the money and hunger free Earth depicted in Star Trek.
However, as I learned at Ryerson’s Cybersecurity Research Lab and the crew of the Voyager quickly realizes: computer security is based on a hardness assumption.
In cryptographic approaches to computer security, excepting certain quantum cryptographic protocols, security is based on a hardness assumption.
With enough of the right kind of resources (time, FLOPS or quantum computers), even the hard problems on which modern — and presumably future — computer security is based can be cracked.
When Janeway calls on the doctor, his program has been terminated and the crew is unable to bring him back online. This may be evidence that in the (fictional) future of Star Trek there is still secure boot!
After system integrity has been ensured by an authentication mechanism, secure boot addresses data integrity by checking that nothing has changed on the computer since the last time it was properly accessed by an authenticated user [11]. The computer will refuse to boot if it finds anything has been changed. In the case of “Cathexis”, this means the doctor is effectively compromised.
This illustrates one advantage of decentralization over the holographic doctor: there is no single point of failure in a sufficiently protected decentralized computer system when it comes to security. On the other hand, the decentralized information has to be suitable for decentralization i.e. not too sensitive to be shared in some form (this can get fancy with obfuscation, symmetric / asymmetric encryption, pseudonyms, etc.).
“It’s too dangerous for one person to retain the command codes at this point. I suggest we divide my command protocols into two code groupings.”
“A sensible precaution.”
— Cathexis by Brannon Braga and Joe Menosky [6]
What it comes down to in any organization where humans interact with one another in a healthy manner (conducive to trust and collaboration) is some sharing of responsibility. People need to support one another, in every situation — from undergoing an attack by metaphysical mind-eating aliens in space, to running a country, to learning to get along at work.
“The alien could occupy either one of us at any time. But, presumably not both of us at the same time. I’ll tell the bridge crew the plan. We’ll all have to act as checks and balances for each other.”
— Cathexis by Brannon Braga and Joe Menosky [6]
That’s why I wrote this piece [12] on the possibility of improving on the trend towards trustless infrastructure. As Alicia Townsend has also pointed out [13], ‘Trust and Verify’ is a lesson that Star Trek does indeed teach!
Unfortunately, what occurs next in the episode is an escalation of the conflict. Because the Komar realize that security is tightening up, they begin to attack.
This attack involves one target at a time, but is nonetheless successful since each crew member is vulnerable to the Komar. When one crew member is no longer useful for the Komar, they simply exploit another. With sufficient coordination between the compromised crew members’ actions, it is as if the single Komar outnumbers the rest of the crew.
A cyberattack on an organization often proceeds from a successful attack against just one individual. And if that person has not been trained to identify the key indicators of a cyberattack, they may unwittingly open the back door, or front door, to an intruder.
— Cybersecurity by Duane C. Wilson [11]
We can learn a somewhat similar lesson applicable to computer networks. We form a sort of network when we work together, and so do our computers when they are networked.
A network, however, is typically only as strong as its weakest link.
— Cybersecurity by Duane C. Wilson [11]
The way the Komar attempt to overcome the crew is basically via manipulating those under their control to collude (i.e. work together against the others on the basis of shared knowledge and goals). Note that it is a very bad idea to use information to manipulate anyone. This is a very bad idea in the view of many intelligent and accomplished people, including Warren Buffett.
If you’re smart you don’t need leverage; if you’re dumb, it will ruin you.
— Warren Buffett [14]
However, the crew’s response proves lacking since they are not ready for this kind of collusion, and begin to stun individuals who are momentarily under the influence of the Komar. They fail to combat the whole because their training has not prepared them for this kind of situation. As Duance C. Wilson points out in his book, training is very important in a cybersecurity climate that has only become more intense with time [11].
An interesting direction of research in cybersecurity is the intelligent recognition of malicious behaviour, which is in its early stages [15]. It is certainly a complex task for theoretical researchers that will span a large variety of scenarios which will each require particular solutions. It is however becoming more important as cyberattacks also become more sophisticated.
This type of adaptive intelligent behaviour is characteristic of a Web 4.0 innovation. Web 4.0 is the next step in the advancement of the web as a whole, which aims to introduce more nuanced — or symbiotic — relationships between users and the web.
“Heroes and Demons” and “Cathexis” make a very fine point of how important it is for symbiotic interactions with technology (and / or aliens!) to be characterized by integrity.
Once again, Star Trek was ahead of its time.
In today’s literature, Integrity is defined differently in the regular world and the “cyber world”, as evidenced by this excerpt from Duane C. Wilson’s MIT Essential Knowledge Series book, ‘Cybersecurity’:
Integrity is formally defined as “the quality of being honest and having strong moral principles; moral uprightness.” In the cyber world, integrity refers to the trustworthiness and reliability of data and systems.
— Cybersecurity by Duane C. Wilson [11]
This will need to change as software developers create more nuanced interactions for users. Software developers working on Web 4.0 technologies will increasingly need to be educated, or to educate themselves on a broad range of topics, especially Human Computer Interaction (HCI) and computer ethics.
We need to adopt a more robust definition of integrity with the advent of Web 4.0.
I highly recommend that students and practitioners alike in Canada are educated on Canada’s Tri-Council Policy Statement: Ethical Conduct for Research Involving Humans, at least, before working on Web 4.0 technologies. Thankfully, most universities require this training for students to work in labs and various research-oriented courses.
I believe it is very important that we continue to create a more symbiotic and friendly experience for everyone— in person and online — regardless of each person’s race, colour, creed, sexual orientation, identity, etc. As Artificial Intelligence becomes increasingly embedded in web interactions, even more categories of people will be recognized and interacted with, in partially if not wholly automated systems. It is important that these programs are implemented with a caring and genuine concern for people and that we do our best to respect, dignify and protect every one.
The episode “Cathexis” concludes when the crew learns to trust Chakotay as he tries to lead them out of their predicament and helps them to pilot the USS Voyager out of the nebula where the Komar reside. In a similar sense, trust is central to integrity.
A successful realization of Web 4.0 technologies will require adopting both types of integrity: both as humans working together and trusting one another, and in our design of technologies that users can trust.
References
[1] David R. George III and Eric A. Stillwell. “Prime Factors.” Star Trek: Voyager, season 1, episode 10, 1995.
[2] “Status of the DEAP-3600 experiment”, Kuźniak, M., arXiv e-prints, 2021, https://arxiv.org/abs/2111.03161
[3] Timothy DeHaas. “Phage.” Star Trek: Voyager, season 1, episode 5, 1995.
[4] Brannon Braga. “The Cloud.” Star Trek: Voyager, season 1, episode 6, 1995.
[5] Naren Shankar. “Heroes and Demons.” Star Trek: Voyager, season 1, episode 12, 1995.
[6] Brannon Braga and Joe Menosky. “Cathexis.” Star Trek: Voyager, season 1, episode 13, 1995.
[7] “Among Us Feature.” Digital Image. Google Images. Nov. 14, 2021. https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fd1lss44hh2trtw.cloudfront.net%2Fassets%2Farticle%2F2020%2F11%2F04%2Famong-us_feature.jpg&f=1&nofb=1
[8] “Deanna Troi.” Digital Image. Google Images. November 14, 2021. https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fvignette.wikia.nocookie.net%2Fmemoryalpha%2Fimages%2Fe%2Fe0%2FDeanna_Troi%252C_2365.jpg%2Frevision%2Flatest%3Fcb%3D20121209022154%26path-prefix%3Den&f=1&nofb=1
[9] “Towards Practical Hybrid Quantum / Classical Computing.” Marcus Edwards. UWSpace. 2020. http://hdl.handle.net/10012/16383
[10] “A review of quantum and hybrid quantum/classical blockchain protocols.” Edwards, M., Mashatan, A. & Ghose, S. Quantum Inf Process 19, 184 (2020). https://doi.org/10.1007/s11128-020-02672-y
[11] “Cybersecurity.” Duane C. Wilson. The MIT Press. 2021. https://doi.org/10.7551/mitpress/11656.001.0001
[12] “Quantum Blockchain: Opening the Door to New Risks and Opportunities.” Marcus Edwards. Nov. 20, 2020. https://medium.com/r/?url=https%3A%2F%2Fmarcusedwards-20301.medium.com%2Fquantum-blockchain-opening-the-door-to-new-risks-and-opportunities-d6a34a83efd5
[13] “Cybersecurity Lessons We Should Have Learned from Star Trek.” Alicia Townsend. OneLogin. May 13 2021. https://www.onelogin.com/blog/cybersecurity-lessons-star-trek.
[14] “Four Essential Quotes on Investing.” James Berman. Forbes, Nov. 3, 2019. https://www.forbes.com/sites/jamesberman/2019/11/03/four-essential-quotes-on-investing/?sh=7e11bf75705e
[15] “Researchers Trick Cylance Antivirus Into Thinking Malware Is Trusted Software.” CPO Magazine. April 13, 2020. Accessed November 15, 2021. https://www.cpomagazine.com/cyber-security/researchers-trick-cylance-antivirus-into-thinking-malware-is-trusted-software/