Connect with us

The Conversation

Lessons from ‘Star Trek: Picard’ – a cybersecurity expert explains how a sci-fi series illuminates today’s threats

Published

on

Lessons from ‘Star Trek: Picard’ – a cybersecurity expert explains how a sci-fi series illuminates today’s threats

Richard Forno, University of Maryland, Baltimore County

Editor’s note: This article contains plot spoilers.

Society’s understanding of technology and cybersecurity often is based on simple stereotypes and sensational portrayals in the entertainment media. I’ve written about how certain scenarios are entertaining but misleading. Think of black-clad teenage hackers prowling megacities challenging corporate villains. Or think of counterintelligence specialists repositioning a satellite from the back of a surveillance van via a phone call.

But sometimes Hollywood gets it right by depicting reality in ways that both entertain and educate. And that’s important, because whether it’s a large company, government or your personal information, we all share many of the same cybersecurity threats and vulnerabilities. As a former cybersecurity industry practitioner and current cybersecurity researcher, I believe the final season of “Star Trek: Picard” is the latest example of entertainment media providing useful lessons about cybersecurity and the nature of the modern world.

So how does “Star Trek: Picard” relate to cybersecurity?

The nature of the threat

The show’s protagonist is Jean-Luc Picard, a retired Starfleet admiral who commanded the starship Enterprise-D in a previous series. Starfleet is the military wing of the United Federation of Planets, of which Earth is a member. In Season 3, the final season, Picard’s ultimate enemy, the Borg, returns to try conquering humanity again. The Borg is a cybernetic collective of half-human, half-machine “drones” led by a cyborg queen.

The Borg has partnered with other villains and worked for over a decade to deploy hidden agents able to compromise the DNA data contained in the software underpinning the transporter – a teleportation device used regularly by Starfleet personnel. Over many years, a certain subgroup of Starfleet personnel had their DNA altered by using the transporter.

Thus, in launching their final attack, the Borg is able to instantly activate thousands of “drones” to do its bidding in the form of altered, compromised Starfleet personnel. As Geordi La Forge, the Enterprise-D’s engineer, notes, “They’ve been assimilating the entire fleet this whole time, without anyone ever knowing it.”

Instead of malicious software taking over computers, the plot involves malicious genetic code taking over humans.

The Borg’s prolonged, stealthy infiltration of the federation is indicative of how today’s most effective cyberattackers work. While it’s relatively easy to detect when hackers attempt to breach a system from the outside, experts worry about the effects of an enemy infiltrating critical systems from within. Attackers can put malicious code in software during manufacturing or in software updates, both of which are avenues of attack that do not arouse suspicion until the compromised systems are activated or targeted.

This underscores the importance of ensuring the security and integrity of digital supply chains from product development at the vendor through product deployment at client sites to ensure no silent “drones,” such as malware, are waiting to be activated by an adversary.

Equally important, “Star Trek: Picard” presents the very real and insidious nature of the insider threat faced by today’s organizations. While not infected with a cybernetic virus, recently arrested Massachusetts Air National Guard airman Jack Teixeira shows the damage that can occur when a trusted employee has malicious intent or becomes co-opted and inflicts significant damage on an employer.

In some cases, these compromised or malicious individuals can remain undiscovered for years. And some global adversaries of the U.S., such as China and Russia, are known for taking a long-term perspective when it comes to planning and conducting espionage activities – or cyberattacks.

Humans remain the weakest link

“Synchronistic technology that allows every ship in Starfleet to operate as one. An impenetrable armada. Unity and defense. The ultimate safeguard.”

With these words, humanity’s military defenders activated a feature that linked every Starfleet vessel together under one unified automated command system. While intended to serve as an emergency capability, this system – called Fleet Formation – was quickly hijacked by the Borg as part of its attack on Earth. In essence, Starfleet created a Borg-like defense system that the Borg itself used to attack the federation.

Here, the most well-intentioned plans for security were thwarted by enemies who used humanity’s own technologies against them. In the real world, capabilities such as on-demand real-time software updates, ChatGPT and centrally administered systems sound enticing and offer conveniences, cost savings or new capabilities. However, the lesson here is that organizations should not put them into widespread use without carefully considering as many of the potential risks or vulnerabilities as practical.

But even then, technology alone can’t protect humans from ourselves – after all, it’s people who develop, design, select, administer and use technology, which means human flaws are present in these systems, too. Such failings frequently lead to a stream of high-profile cybersecurity incidents.

Resiliency is not futile

To counter the Borg’s final assault on Earth, Picard’s crew borrows its old starship, Enterprise-D, from a fleet museum. The rationale is that its ship is the only major combat vessel not connected to the Borg collective via Starfleet’s compromised Fleet Formation protocol and therefore is able to operate independently during the crisis. As La Forge notes, “Something older, analog. Offline from the others.”

When a network has been compromised, it’s important to be able to use systems that aren’t connected to the network.

From a cybersecurity perspective, ensuring the availability of information resources is one of the industry’s guiding principles. Here, the Enterprise-D represents defenders in response to a cyber incident using assets that are outside of an adversary’s reach. Perhaps more important, the vessel symbolizes the need to think carefully before embracing a completely networked computing environment or relying on any single company or provider of services and connectivity for daily operations.

From natural disasters to cyberattack, what’s your plan if your IT environment becomes corrupted or inaccessible? Can your organization stay operational and still provide necessary services? For critical public messaging, do governments and corporations have their own uncorruptible Enterprise-D capabilities to fall back on, such as the fediverse, the decentralized microblogging platform that is immune to the impulsive manipulations of Twitter’s ownership?

Prepare for the unknown

The “Star Trek” universe explores the unknown in both the universe and contemporary society. How the crews deal with these experiences relies on their training, the appreciation of broad perspectives and ability to devise innovative solutions to the crisis of the week. Often, such solutions are derived from characters’ interests in music, painting, archaeology, history, sports and other nontechnical areas of study, recreation or expertise.

Similarly, as modern digital defenders, to successfully confront our own cyber unknowns we need a broad appreciation of things beyond just cybersecurity and technology. It’s one thing to understand at a technical level how a cyberattack occurs and how to respond. But it’s another thing to understand the broader, perhaps more systemic, nuanced, organizational or international factors that may be causes or solutions, too.

Lessons from literature, history, psychology, philosophy, law, management and other nontechnical disciplines can inform how organizations plan for and respond to cybersecurity challenges of all types. Balancing solid technical knowledge with foundations in the liberal arts and humanities allows people to adapt comfortably to constantly evolving technologies and shifting threats.

Dystopic metaphors in fiction often reflect current social concerns, and the “Star Trek” universe is no different. Although rooted in a science fiction fantasy, “Star Trek: Picard” provides some accurate, practical and understandable cybersecurity reminders for today.

Season 3, in particular, offers viewers both entertainment and education – indeed, the best of both worlds.The Conversation

Richard Forno, Principal Lecturer in Computer Science and Electrical Engineering, University of Maryland, Baltimore County

This article is republished from The Conversation under a Creative Commons license. Read the original article.

The Conversation

In Disney’s ‘Moana,’ the characters navigate using the stars, just like real Polynesian explorers − an astronomer explains how these methods work

Published

on

theconversation.com – Christopher Palma, Teaching Professor, Department of Astronomy & Astrophysics, Penn State – 2024-12-20 07:17:00

Wayfarers around the world have used the stars to navigate the sea.
Wirestock/iStock via Getty Images Plus

Christopher Palma, Penn State

If you have visited an island like one of the Hawaiian Islands, Tahiti or Easter Island, also known as Rapa Nui, you may have noticed how small these land masses appear against the vast Pacific Ocean. If you’re on Hawaii, the nearest island to you is more than 1,000 miles (1,600 kilometers) away, and the coast of the continental United States is more than 2,000 miles (3,200 kilometers) away. To say these islands are secluded is an understatement.

For me, watching the movie “Moana” in 2016 was eye-opening. I knew that Polynesian people traveled between a number of Pacific islands, but seeing Moana set sail on a canoe made me realize exactly how small those boats are compared with what must have seemed like an endless ocean. Yet our fictional hero went on this journey anyway, like the countless real-life Polynesian voyagers upon which she is based.

Oceania as shown from the ISS
Islands in Polynesia can be thousands of miles apart.
NASA

As an astronomer, I have been teaching college students and visitors to our planetarium how to find stars in our sky for more than 20 years. As part of teaching appreciation for the beauty of the sky and the stars, I want to help people understand that if you know the stars well, you can never get lost.

U.S. Navy veterans learned the stars in their navigation courses, and European cultures used the stars to navigate, but the techniques of Polynesian wayfinding shown in Moana brought these ideas to a very wide audience.

The movie Moana gave me a new hook – pun not intended – for my planetarium shows and lessons on how to locate objects in the night sky. With “Moana 2” out now, I am excited to see even more astronomy on the big screen and to figure out how I can build new lessons using the ideas in the movie.

The North Star

Have you ever found the North Star, Polaris, in your sky? I try to spot it every time I am out observing, and I teach visitors at my shows to use the “pointer stars” in the bowl of the Big Dipper to find it. These two stars in the Big Dipper point you directly to Polaris.

If you are facing Polaris, then you know you are facing north. Polaris is special because it is almost directly above Earth’s North Pole, and so everyone north of the equator can see it year-round in exactly the same spot in their sky.

It’s a key star for navigation because if you measure its height above your horizon, that tells you how far you are north of Earth’s equator. For the large number of people who live near 40 degrees north of the equator, you will see Polaris about 40 degrees above your horizon.

If you live in northern Canada, Polaris will appear higher in your sky, and if you live closer to the equator, Polaris will appear closer to the horizon. The other stars and constellations come and go with the seasons, though, so what you see opposite Polaris in the sky will change every month.

Look for the Big Dipper to find the North Star, Polaris.

You can use all of the stars to navigate, but to do that you need to know where to find them on every night of the year and at every hour of the night. So, navigating with stars other than Polaris is more complicated to learn.

Maui’s fishhook

At the end of June, around 11 p.m., a bright red star might catch your eye if you look directly opposite from Polaris. This is the star Antares, and it is the brightest star in the constellation Scorpius, the Scorpion.

If you are a “Moana” fan like me and the others in my family, though, you may know this group of stars by a different name – Maui’s fishhook.

If you are in the Northern Hemisphere, Scorpius may not fully appear above your horizon, but if you are on a Polynesian island, you should see all of the constellation rising in the southeast, hitting its highest point in the sky when it is due south, and setting in the southwest.

Astronomers and navigators can measure latitude using the height of the stars, which Maui and Moana did in the movie using their hands as measuring tools.

The easiest way to do this is to figure out how high Polaris is above your horizon. If you can’t see it at all, you must be south of the equator, but if you see Polaris 5 degrees (the width of three fingers at arm’s length) or 10 degrees above your horizon (the width of your full fist held at arm’s length), then you are 5 degrees or 10 degrees north of the equator.

The other stars, like those in Maui’s fishhook, will appear to rise, set and hit their highest point at different locations in the sky depending on where you are on the Earth.

Polynesian navigators memorized where these stars would appear in the sky from the different islands they sailed between, and so by looking for those stars in the sky at night, they could determine which direction to sail and for how long to travel across the ocean.

Today, most people just pull out their phones and use the built-in GPS as a guide. Ever since “Moana” was in theaters, I see a completely different reaction to my planetarium talks about using the stars for navigation. By accurately showing how Polynesian navigators used the stars to sail across the ocean, Moana helps even those of us who have never sailed at night to understand the methods of celestial navigation.

The first “Moana” movie came out when my son was 3 years old, and he took an instant liking to the songs, the story and the scenery. There are many jokes about parents who dread having to watch a child’s favorite over and over again, but in my case, I fell in love with the movie too.

Since then, I have wanted to thank the storytellers who made this movie for being so careful to show the astronomy of navigation correctly. I also appreciated that they showed how Polynesian voyagers used the stars and other clues, such as ocean currents, to sail across the huge Pacific Ocean and land safely on a very small island thousands of miles from their home.The Conversation

Christopher Palma, Teaching Professor, Department of Astronomy & Astrophysics, Penn State

This article is republished from The Conversation under a Creative Commons license. Read the original article.

Read More

The post In Disney’s ‘Moana,’ the characters navigate using the stars, just like real Polynesian explorers − an astronomer explains how these methods work appeared first on theconversation.com

Continue Reading

The Conversation

Listening for the right radio signals could be an effective way to track small drones

Published

on

theconversation.com – Iain Boyd, Director of the Center for National Security Initiatives and Professor of Aerospace Engineering Sciences, University of Colorado Boulder – 2024-12-17 17:28:00

Small drones can be hard to track at night.
Kevin Carter/Getty Images

Iain Boyd, University of Colorado Boulder

The recent spate of unidentified drone sightings in the U.S., including some near sensitive locations such as airports and military installations, has caused significant public concern.

Some of this recent increase in activity may be related to a September 2023 change in U.S. Federal Aviation Administration regulations that now allow drone operators to fly at night. But most of the sightings are likely airplanes or helicopters rather than drones.

The inability of the U.S. government to definitively identify the aircraft in the recent incidents, however, has some people wondering, why can’t they?

I am an engineer who studies defense systems. I see radio frequency sensors as a promising approach to detecting, tracking and identifying drones, not least because drone detectors based on the technology are already available. But I also see challenges to using the detectors to comprehensively spot drones flying over American communities.

How drones are controlled

Operators communicate with drones from a distance using radio frequency signals. Radio frequency signals are widely used in everyday life such as in garage door openers, car key fobs and, of course, radios. Because the radio spectrum is used for so many different purposes, it is carefully regulated by the Federal Communications Commission.

Drone communications are only allowed in narrow bands around specific frequencies such as at 5 gigahertz. Each make and model of a drone uses unique communication protocols coded within the radio frequency signals to interpret instructions from an operator and to send data back to them. In this way, a drone pilot can instruct the drone to execute a flight maneuver, and the drone can inform the pilot where it is and how fast it is flying.

Identifying drones by radio signals

Radio frequency sensors can listen in to the well-known drone frequencies to detect communication protocols that are specific to each particular drone model. In a sense, these radio frequency signals represent a unique fingerprint of each type of drone.

In the best-case scenario, authorities can use the radio frequency signals to determine the drone’s location, range, speed and flight direction. These radio frequency devices are called passive sensors because they simply listen out for and receive signals without taking any active steps. The typical range limit for detecting signals is about 3 miles (4.8 kilometers) from the source.

These sensors do not represent advanced technology, and they are readily available. So, why haven’t authorities made wider use of them?

Drones were all the buzz in the Northeast at the end of 2024.

Challenges to using radio frequency sensors

While the monitoring of radio frequency signals is a promising approach to detecting and identifying drones, there are several challenges to doing so.

First, it’s only possible for a sensor to obtain detailed information on drones that the sensor knows the communication protocols for. Getting sensors that can detect a wide range of drones will require coordination between all drone manufacturers and some central registration entity.

In the absence of information that makes it possible to decode the radio frequency signals, all that can be inferred about a drone is a rough idea of its location and direction. This situation can be improved by deploying multiple sensors and coordinating their information.

Second, the detection approach works best in “quiet” radio frequency environments where there are no buildings, machinery or people. It’s not easy to confidently attribute the unique source of a radio frequency signal in urban settings and other cluttered environments. Radio frequency signals bounce off all solid surfaces, making it difficult to be sure where the original signal came from. Again, the use of multiple sensors around a particular location, and careful placement of those sensors, can help to alleviate this issue.

Third, a major part of the concern over the inability to detect and identify drones is that they may be operated by criminals or terrorists. If drone operators with malicious intent know that an area targeted for a drone operation is being monitored by radio frequency sensors, they may develop effective countermeasures. For example, they may use signal frequencies that lie outside the FCC-regulated parameters, and communication protocols that have not been registered. An even more effective countermeasure is to preprogram the flight path of a drone to completely avoid the use of any radio frequency communications between the operator and the drone.

Finally, widespread deployment of radio frequency sensors for tracking drones would be logistically complicated and financially expensive. There are likely thousands of locations in the U.S. alone that might require protection from hostile drone attacks. The cost of deploying a fully effective drone detection system would be significant.

There are other means of detecting drones, including radar systems and networks of acoustic sensors, which listen for the unique sounds drones generate. But radar systems are relatively expensive, and acoustic drone detection is a new technology.

The way forward

It was almost guaranteed that at some point the problem of unidentified drones would arise. People are operating drones more and more in regions of the airspace that have previously been very sparsely populated.

Perhaps the recent concerns over drone sightings are a wake-up call. The airspace is only going to become much more congested in the coming years as more consumers buy drones, drones are used for more commercial purposes, and air-taxis come into use. There’s only so much that drone detection technologies can do, and it might become necessary for the FAA to tighten regulation of the nation’s airspace by, for example, requiring drone operators to submit detailed flight plans.

In the meantime, don’t be too quick to assume those blinking lights you see in the night sky are drones.The Conversation

Iain Boyd, Director of the Center for National Security Initiatives and Professor of Aerospace Engineering Sciences, University of Colorado Boulder

This article is republished from The Conversation under a Creative Commons license. Read the original article.

Read More

The post Listening for the right radio signals could be an effective way to track small drones appeared first on theconversation.com

Continue Reading

The Conversation

Vaccine misinformation distorts science – a biochemist explains how RFK Jr. and his lawyer’s claims threaten public health

Published

on

theconversation.com – Mark R. O’Brian, Professor and Chair of Biochemistry, University at Buffalo – 2024-12-17 07:01:00

Many fatal childhood illnesses can be prevented with vaccination.
Westend61/Getty Images

Mark R. O’Brian, University at Buffalo

Vaccinations provide significant protection for the public against infectious diseases and substantially reduce health care costs. Therefore, it is noteworthy that President-elect Donald Trump wants Robert F. Kennedy Jr., a leading critic of childhood vaccination, to be secretary of Health and Human Services.

Doctors, scientists and public health researchers have expressed concerns that Kennedy would turn his views into policies that could undermine public health. As a case in point, news reports have highlighted how Kennedy’s lawyer, Aaron Siri, has in recent years petitioned the Food and Drug Administration to withdraw or suspend approval of numerous vaccines over alleged safety concerns.

I am a biochemist and molecular biologist studying the roles microbes play in health and disease. I also teach medical students and am interested in how the public understands science.

Here are some facts about vaccines that Kennedy and Siri get wrong:

Vaccines are effective and safe

Public health data from 1974 to the present conclude that vaccines have saved at least 154 million lives worldwide over the past 50 years. Vaccines are also continually monitored for safety in the U.S.

Nevertheless, the false claim that vaccines cause autism persists despite study after study of large populations throughout the world showing no causal link between them.

Claims about the dangers of vaccines often come from misrepresenting scientific research papers. In an interview with podcaster Joe Rogan, Kennedy incorrectly cited studies allegedly showing vaccines cause massive brain inflammation in laboratory monkeys, and that the hepatitis B vaccine increases autism rates in children by over 1,000-fold compared with unvaccinated kids. Those studies make no such claims.

In the same interview, Kennedy also made the unusual claim that a 2002 vaccine study included a control group of children 6 months of age and younger who were fed mercury-contaminated tuna sandwiches. No sandwiches are mentioned in that study.

Similarly, Siri filed a petition in 2022 to withdraw approval of a polio vaccine based on alleged safety concerns. The vaccine in question is made from an inactivated form of the polio virus, which is safer than the previously used live attenuated vaccine. The inactivated vaccine is made from polio virus cultured in the Vero cell line, a type of cell that researchers have been safely using for various medical applications since 1962. While the petition uses provocative language comparing this cell line to cancer cells, it does not claim that it causes cancer.

Gloved hands of clinician placing band-aid on child's arm, a syringe and vaccine vial beside them
Vaccines are continuously monitored for safety before and long after they’re made available to the general public.
Elena Zaretskaya/Moment via Getty Images

Vaccines undergo the same approval process as other drugs

Clinical trials for vaccines and other drugs are blinded, randomized and placebo-controlled studies. For a vaccine trial, this means that participants are randomly divided into one group that receives the vaccine and a second group that receives a placebo saline solution. The researchers carrying out the study, and sometimes the participants themselves, do not know who has received the vaccine or the placebo until the study has finished. This eliminates bias.

Results are published in the public domain. For example, vaccine trial data for COVID-19, human papilloma virus, rotavirus and hepatitis B are available for anyone to access.

Aluminum adjuvants help boost immunity

Kennedy is co-counsel with a law firm that is suing the pharmaceutical company Merck based in part on the unfounded assertion that the aluminum in one of its vaccines causes neurological disease. Aluminum is added to many vaccines as an adjuvant to strengthen the body’s immune response to the vaccine, thereby enhancing the body’s defense against the targeted microbe.

The law firm’s claim is based on a 2020 report showing that brain tissue from some patients with Alzheimer’s disease, autism and multiple sclerosis have elevated levels of aluminum. The authors of that study do not assert that vaccines are the source of the aluminum, and vaccines are unlikely to be the culprit.

Notably, the brain samples analyzed in that study were from 47- to 105-year-old patients. Most people are exposed to aluminum primarily through their diets, and aluminum is eliminated from the body within days. Therefore, aluminum exposure from childhood vaccines is not expected to persist in those patients.

Ironically, Kennedy’s lawyer, Siri, wants the FDA to withdraw some vaccines for containing less aluminum than stated by the manufacturer.

Vaccine manufacturers are liable for injury or death

Kennedy’s lawsuit against Merck contradicts his insistence that vaccine manufacturers are fully immune from litigation.

His claim is based on an incorrect interpretation of the National Vaccine Injury Compensation Program, or VICP. The VICP is a no-fault federal program created to reduce frivolous lawsuits against vaccine manufacturers, which threaten to cause vaccine shortages and a resurgence of vaccine-preventable disease.

A person claiming injury from a vaccine can petition the U.S. Court of Federal Claims through the VICP for monetary compensation. If the VICP petition is denied, the claimant can then sue the vaccine manufacturer.

Gloved hand picking up vaccine vial among a tray of vaccine vials
Drug manufacturers are liable for any vaccine-related death or injury.
Andreas Ren Photography Germany/Image Source via Getty Images

The majority of cases resolved under the VICP end in a negotiated settlement between parties without establishing that a vaccine was the cause of the claimed injury. Kennedy and his law firm have incorrectly used the payouts under the VICP to assert that vaccines are unsafe.

The VICP gets the vaccine manufacturer off the hook only if it has complied with all requirements of the Federal Food, Drug and Cosmetic Act and exercised due care. It does not protect the vaccine maker from claims of fraud or withholding information regarding the safety or efficacy of the vaccine during its development or after approval.

Good nutrition and sanitation are not substitutes for vaccination

Kennedy asserts that populations with adequate nutrition do not need vaccines to avoid infectious diseases. While it is clear that improvements in nutrition, sanitation, water treatment, food safety and public health measures have played important roles in reducing deaths and severe complications from infectious diseases, these factors do not eliminate the need for vaccines.

After World War II, the U.S. was a wealthy nation with substantial health-related infrastructure. Yet, Americans reported an average of 1 million cases per year of now-preventable infectious diseases.

Vaccines introduced or expanded in the 1950s and 1960s against diseases like diphtheria, pertussis, tetanus, measles, polio, mumps, rubella and Haemophilus influenza B have resulted in the near or complete eradication of those diseases.

It’s easy to forget why many infectious diseases are rarely encountered today: The success of vaccines does not always tell its own story. RFK Jr.’s potential ascent to the role of secretary of Health and Human Services will offer up ample opportunities to retell this story and counter misinformation.

This is an updated version of an article originally published on July 26, 2024.The Conversation

Mark R. O’Brian, Professor and Chair of Biochemistry, University at Buffalo

This article is republished from The Conversation under a Creative Commons license. Read the original article.

Read More

The post Vaccine misinformation distorts science – a biochemist explains how RFK Jr. and his lawyer’s claims threaten public health appeared first on theconversation.com

Continue Reading

Trending