January 13, 2009
Television Department
24: Tech Review
Spoiler Alert: Spoilers for all episodes broadcast so far this season.
Well, we're 4 hours into Jack's busy day. He's only killed one person, and it wasn't anyone important, but other than that, this season isn't too bad. It has much more of a thriller feel to it this year, especially compared to last season when it just kind of went through the motions.
Still, the standard building blocks of a 24 plot keep coming: The perimeters, the protocols, the malignant cylinders circuit board that everybody wants, the bizarre Presidential involvement in the details, the inevitable CTU FBI mole, the confused notion that intelligence analysts and computer experts are the same thing, and of course the "good guys" are still torturing people.
As I've said, I'm not real happy about the whitewash of torture in the series, but I can usually overlook it on the grounds that, within the context of the show, it might be the least bad thing to do.
I'm having trouble maintaining that willing suspension of repulsion, however, because the terrorist threat doesn't seem worth the trouble. I'm not a computer security expert, but I know enough about the subject that the characters sound positively unhinged when they talk about the threat.
To summarize: On 24, the computers controlling many of the United States' important infrastructure systems are protected by the CIP (Classified Infrastructure Portal) firewall. However, the bad guys have obtained or built a "CIP module" which is capable of penetrating the CIP firewall so they can sabatoge air traffic control, the power grid, or the water supply. They are using that capability to blackmail the United States into withdrawing troops from a foreign country.
This makes no sense to me.
First of all, whatever the CIP module is doing, it's the software on it that's important, not the module itself. The only way the module makes sense is if the bad guys are using a modified version of the software that implements the CIP firewall, and they have to run it on the same kind of embedded platform that the firewall itself runs on.
Second, most network security systems depend on some kind of digital key or certificate which you have to possess to gain access. It's possible that the bad guys have obtained those keys somehow, but network security systems are designed with that possibility in mind. The CIP security center would just have to revoke the old keys and distribute new keys to all authorized client systems. They should be doing this on a regular basis anyway.
(This is not advanced, super-secret security technology. Some variation of it is probably installed on the computer you're using to read this. Using it is slightly cumbersome, so you probably have some of it disabled, but it should all be there. If you were doing something more important than reading my blog---managing critical national infrastructure, say---you'd flip it on.)
Third, even if the CIP module is some sort of magic box that hacks through the firewall instantly, there's a simple solution for restoring security. A network firewall is used when you want to secure a computer network from the world at large while still allowing certain strictly defined communications to occur. For example, you would use a firewall if you want the world to have access to your web site, but not to your internal email.
If you think your firewall has been penetrated, and some hackers are poking around in your network, all you have to do is disconnect the firewall. This shuts off everything from the outside world. If you're running an e-commerce site like Amazon, this is a disaster because your customers can't get in. But if you're running a critical piece of our national infrastructure, you ought to be prepared to operate for a little while through for a network outage. After all, shutting down communications is a pretty obvious terrorist attack. It also happens when squirrels chew through the phone lines.
Fourth, even if the terrorists somehow have created a magic unclosable hole in the firewall, there's going to be more security. There are probably additional internal firewalls, and they're probably off-the-shelf components from a reputable networking company like Cisco. (Cisco strangely continues to be a sponsor of 24, even though this means associating their name with the technological incompetence on display in every episode.) In addition, the servers they're accessing probably have their own username-and-password security.
Finally, even if we hand-wave away the other problems, getting through the firewall is only part of the problem. The terrorists would still need to understand the software interfaces to all the infrastructure systems, and they'd have to have software that can talk to those interfaces. It's like installing a new printer: Connecting it is not enough. You also have to have the right printer drivers.
If the terrorists want to sabotage air traffic control, they need to have "air traffic control drivers." You can't just download stuff like that. Besides, the off-the-shelf control software probably doesn't support API calls like FakeAirTrafficControl() or PoisonWaterSupply(). They've got a lot of software development to do.
(And one more thing: The subversion of the air traffic control system consists entirely of knocking the air traffic control tower off the air and having a terrorist transmit new instructions to the planes in the air. Minutes go by as tower personnel watch the plane follow the dangerously wrong instruction, and no one tries to use one of the many other radios that would be available in reality, such as local non-digital backup radios, handheld radios sitting on the shelves, radios used by the airlines to talk to their pilots, or the radios located in every single airplane at the airport.)
I could ignore all these problems if 24 was an out-and-out science fiction show---Stargate or Battlestar Galactica---but I'm having a hard time ignoring the fact that people are being tortured and killed over whether or not power and water plants are going to have operate without networking for a few days until a security patch is released.
.
Leave a comment