Information security
Information security is the intentional process of protecting stored information from unauthorized viewing or use. Proper information security procedures protect the following properties of information stores or sources:
- Availability: authorized users are able to access the information when they need it.
- Confidentiality: unauthorized users can not gain access to the information.
- Integrity: the information is not altered or destroyed in an unauthorized manner.
Proper information security involves all of the following considerations:
- Environment controls: Physical protection of information stores from intruders, natural disasters, etc.
- Interface controls: Limiting the means of connecting to the computer network and its data stores to known, guarded pathways
- Authentication controls: Identifying users attempting to gain access to information. There are three major methods.
- Tokens: The user possesses a physical object that identifies him or her to the system.
- Passwords: The user knows a secret word or phrase for identification.
- Biometrics: The system recognizes a physical attribute of the user, such as a fingerprint.
- Authorization controls: Verifying that users have the appropriate permission before granting access
Information security in Star Trek
Federation starships store virtually all information in a central computer system. This system relies primarily on voice-recognition to authenticate users, although users may also set personal passwords to further control access to sensitive data or computer functions.
The Federation has repeatedly demonstrated poor information security protocols.
- In TNG "The Hunted", for example, Roga Danar was able to disable a security force field by disabling one of the ship's security personnel and using his communicator to order the computer to drop the force field. He was also able to access consoles in the ship's engineering section to reroute power to transporters and to determine where to plant a bomb to disable the Enterprise-D's sensor network.
- The Enterprise's computer has downloaded and executed untrusted code on multiple occasions (examples: TNG "Contagion" and TNG "Masks").
- In TNG "Brothers", Commander Data was able to seize control of all of the Enterprise's command functions by mimicking the voice of Captain Picard.
- In TNG "Conundrum", an alien Satarran was able to alter the content of the ship's database to mislead the crew into attacking the Lysians.
- Federation starships are known to allow remote access to their command functions via a prefix code that can be transmitted from other starships, and remote commands can actually override orders issued from the target starship's bridge. Why the Federation would include such a dangerous feature in their warships is unclear.
Collectively, these failures indicate poor interface controls and inadequate authentication controls. The Federation's authorization controls have generally been successful.
Many of the Federation's neighbors have similarly shown incompetent security measures.
- In Star Trek: Nemesis, Data is able to try several different codes on a secured door on the Scimitar and it allows him to continue trying codes, no matter how many wrong ones he enters. On most real life security systems, Data would have been locked out of the system after the third wrong attempt.
- In TNG "Sins of the Fathers" Geordi accidentally breaks into the Klingon government security network in minutes.
- In TNG "Unification pt 2" Spock is able to perform a similar feat with the Romulan security network. Data is also able to piggy-back signals to the Enterprise on Romulan signals.
Information security in Star Wars
The access protocols for Republic and Imperial computers are not clear, but their primary weakness seems to be inadequate authorization controls for low priority systems.
- The astromech droid R2-D2 was granted access to the Death Star's computer network without legitimate credentials, but he was denied access to some information. For instance, he could remotely deactivate the station's garbage compactors, but he could not remotely cut the power to the station's tractor beams (although he could determine where to disable them manually).
- Similarly, R2-D2 was able to determine that Leia Organa was a prisoner on the station and where she was being held, but he could not locate an exit from her cell block other than the main entrance, and he admitted that much of the information he sought was restricted.
It may be worth noting that R2-D2 has been allowed to operate for decades without a memory erasure. This may have allowed the droid to accumulate an exceptionally large store of cracking tools and techniques, something that his various owners (Padmé Amidala, Anakin Skywalker, Bail Organa, Leia Organa, and Luke Skywalker) have probably encouraged.
In short, Imperial networks appear to have "guest" accounts that provide unnecessary access to some systems, and a proficient hacker can exploit these.