Skip to footer
Passcode
Modern field guide to security and privacy

Awakening from the dream: The security flaws of Westworld

*This post or embedded links within the post may contain spoilers.

|
Matt Orlando/The Christian Science Monitor
  • By RSA Conference

The season finale of Westworld hit the Home Box Office crowd, drawing in 2.2 million viewers.

For those unfamiliar with the premise: this new HBO series was inspired by the 1973 film of the same title (written by Michael Crichton) about a futuristic theme park populated by artificial beings and set in the old West.

If you have ever dreamed of being a white hat cowboy or cowgirl rushing in to save the day, or a black hatted scoundrel with no moral compass, then this is your dream vacation destination. Similar to how gamers interacted with Grand Theft Auto in the 90s, visitors’ actions inside the park said more about you as a person than perhaps it did about the robots or narratives found in Westworld. 

As one would expect from an HBO project, the series is filled with a multitude of characters: some good, some bad, some ugly. Whether human or host (i.e. the term used to describe an artificial being in the park), the characters focus heavily on what constitutes humanity and at what stage A.I. reaches consciousness. 

As the closing credits rolled, I’m sure many rushed to a variety of BuzzFeed quizzes to see if they were a Dolores, a William, a Maeve or (ugh), a Teddy. However, we are not here to question the journey you would take once entering the park. Instead, we want to look at what security threats were on display during the series and what real lessons enterprises need to take away from this fictional theme park.

The terms the show was abuzz with included many of the topics that dominated our speaker submissions this year, ranging from securing mobile devices and IoT, to machine learning and A.I. to deception and uncertainty. Don’t worry, this post will not go ‘full Skynet’ as many have already looked to debunk the rise of the machines. Instead, the true threats to the park fell not at the steel beings but those carbon-based life forms…

From the outside looking in, the park had most of the trappings of a strong security program. Physical security teams were in place to alleviate attendee fears of host malfunctions or attacks, mobile devices could be placed on lockdown and disabled quickly, hosts received constant checks for issues in code, and security checks were in place to keep physical assets from leaving the premises with guests or employees. 

However, this heavily “protected” park did have some major vulnerabilities we know also impact many enterprises across the globe:

  • Small staff, not fully trained or properly educated: This large facility actually had a much smaller core team in place than what was needed. If one person was missing, out sick, fired, etc. someone else had to pick up that role whether they were formally trained in it or not.

    Security does not take a day off, and it certainly cannot be a secondary thought.

  • Lack of communication/intelligence sharing: The only thing worse than being short on resources in terms of staff is to silo that staff. Throughout the season, we were able to see host code and behavior change, corporate assets destroyed and potential customer safety risked due to a lack of communication among teams. Quality Assurance, security, product/behavior and executive groups (C-suite and board) all acted on information they discovered and did not alert the other teams to the findings or the next steps.

  • Multiple insider threats: This show represented most enterprises worst fears. A company can spend a lot of time (and money) protecting product and customers from outside threats but often the one that slips through the radar is an insider.

    Westworld’s fictional set up showed low-level technicians abusing power and access to hosts, showed multiple internal teams trying to remove data/IP from the park and higher-level executives abusing power through hostile threats (physical, emotional, financial) to gain advantage.

  • Big brother collecting too much data: The true gem of this park wasn’t the hosts or even the IP behind their A.I. No, the item that was up for grabs and why so many insiders could stand to make a profit was the user data.

    With a 40K a day price tag, the park’s attendance was clearly an elite group of individuals. In the park’s systems, you would have access to names, number of visits, number of kills, love interests or perversions, and more.

You may disagree with these as the primary flaws. Some people choose to see the ugliness in this world. The disarray. I choose to see the beauty. (Couldn’t resist.)

Now the question to you the fans within our community: how would you have designed the security system within Westworld to combat these flaws? Until we solve that mystery or until next season, I’ll be where the mountains meet the sea, awaiting the next narrative and hoping I don’t wake up on that train next to Teddy…

•••

RSA®  Conference, happening Feb. 13 - 17 in San Francisco, drives the information security agenda worldwide. It has consistently attracted the best and brightest in the field and created invaluable opportunities for first-hand interactions with peers, luminaries, and emerging and established companies. Use promo code 5U7CSMPFD for $100 off admission for Passcode readers. Register here

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.
editor@csmonitor.com
Subscribe
Mark Sappenfield
Editor

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

Subscribe to insightful journalism

QR Code to Awakening from the dream: The security flaws of Westworld
Read this article in
https://www.csmonitor.com/World/Passcode/2017/0130/Awakening-from-the-dream-The-security-flaws-of-Westworld
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe