Awakening from the dream: The security flaws of Westworld
The season finale of聽聽hit the Home Box Office crowd, drawing in 2.2 million viewers.
For those unfamiliar with the premise: this new HBO series was inspired by聽聽of the same title (written by Michael Crichton) about a futuristic theme park populated by artificial beings and set in the old West.
If you have ever dreamed of being a white hat cowboy or cowgirl rushing in to save the day, or a black hatted scoundrel with no moral compass, then this is your dream vacation destination.聽Similar to how gamers interacted with Grand Theft Auto in the 90s, visitors鈥 actions inside the park said more about you as a person than perhaps it did about the robots or narratives found in Westworld.聽
As one would expect from an HBO project, the series is filled with a multitude of characters: some good, some bad, some ugly. Whether human or host (i.e. the term used to describe an artificial being in the park), the characters focus heavily on what constitutes humanity and at what stage A.I. reaches consciousness.聽
As the closing credits rolled, I鈥檓 sure many rushed to a variety of聽聽to see if they were a聽, a William, a Maeve or (ugh), a Teddy. However, we are not here to question the journey you would take once entering the park. Instead, we want to look at what security threats were on display during the series and what real lessons enterprises need to take away from this fictional theme park.
The terms the show was abuzz with included聽聽that dominated our speaker submissions this year, ranging from securing mobile devices and IoT, to聽. to deception and uncertainty. Don鈥檛 worry, this post will not go 鈥榝ull Skynet鈥 as聽聽have already looked to聽聽the rise of the machines. Instead, the true threats to the park fell not at the steel beings but those carbon-based life forms鈥
From the outside looking in, the park had聽聽of a strong security program. Physical security teams were in place to alleviate attendee fears of host malfunctions or attacks, mobile devices could be placed on lockdown and disabled quickly, hosts received constant checks for issues in code, and security checks were in place to keep physical assets from leaving the premises with guests or employees.聽
However, this heavily 鈥減rotected鈥 park did have some major vulnerabilities we know also impact many enterprises across the globe:
-
Small staff, not fully trained or properly educated: This large facility actually had a much smaller core team in place than what was needed. If one person was missing, out sick, fired, etc. someone else had to pick up that role whether they were formally trained in it or not.
厂别肠耻谤颈迟测听, and it certainly cannot be a secondary thought.
- Lack of communication/intelligence sharing: The only thing worse than being short on resources in terms of staff is to silo that staff. Throughout the season, we were able to see host code and behavior change, corporate assets destroyed and potential customer safety risked due to a lack of communication among teams.聽Quality Assurance, security, product/behavior and executive groups (C-suite and board) all acted on information they discovered and did not alert the other teams to the findings or the next steps.
-
Multiple insider threats: This show represented most enterprises worst fears. A company can spend a lot of time (and money) protecting product and customers from outside threats but often the one that slips through the radar is an insider.
Westworld鈥檚 fictional set up showed low-level technicians abusing power and access to hosts, showed multiple internal teams trying to remove data/IP from the park and higher-level executives abusing power through hostile threats (physical, emotional, financial) to gain advantage.
-
Big brother collecting聽: The true gem of this park wasn鈥檛 the hosts or even the IP behind their A.I. No, the item that was up for grabs and why so many insiders could stand to make a profit was the user data.
With a 40K a day price tag, the park鈥檚 attendance was clearly an elite group of individuals. In the park鈥檚 systems, you would have access to names, number of visits, number of kills, love interests or perversions, and more.
You may disagree with these as the primary flaws.聽Some people choose to see the ugliness in this world. The disarray. I choose to see the beauty.聽(Couldn鈥檛 resist.)
Now the question to you the fans within our community: how would you have designed the security system within Westworld to combat these flaws? Until we solve that mystery or until next season, I鈥檒l be where the mountains meet the sea, awaiting the next narrative and hoping I don鈥檛 wake up on that train next to Teddy鈥
鈥⑩赌⑩赌
RSA庐 聽Conference, happening Feb. 13 - 17 in San Francisco, drives the information security agenda worldwide. It has consistently attracted the best and brightest in the field and created invaluable opportunities for first-hand interactions with peers, luminaries, and emerging and established companies.聽Use promo code聽5U7CSMPFD聽for $100 off聽admission for Passcode readers.聽
