In Elysium, if there is anything stretched thinner than the transparent political message in this movie, it’s the security loopholes that serve as critical plot devices.
One of the summer’s big screen blockbusters, Elysium a science-fiction movie depicting the year 2154 in which the world’s richest class (say, oh, about the top one per cent) live in luxury on an enormous space station that orbits the Earth below, in which the other 99 per cent of the population lives in squalor. If you haven’t seen it and are keen on having an unspoiled theatre experience, then I must warn you that this article contains several spoilers.
But after sitting through the two-hour spectacle in which Matt Damon takes on the role of a poor man’s Robocop, I couldn’t abide by the shoddy security practices of the Elysium government. They’re in serious need of a thorough IT audit to close down some access gaps, and they can start with these three (plot) holes:
1. Add “what you know” security to “what you have” on medical beds
The uber-rich residents of Elysium must be fairly clumsy, as each home has a futuristic medical bed that cures all ills or wounds with the wave of a magic wand. Even though there’s plenty of these cure-all machines on the space station, there’s not even one single one available on all of Earth. So it’s no surprise that a lot of the illegal immigrant business is motivated by the need to get to one of these medical beds.
The opening scene of a movie shows a mother and her young daughter survive an illegal run from Earth to the surface of Elysium, where they crash land. The mother has just enough time to break into a home and use the medical bed there to heal her daughter’s broken legs. The machine grants access for their use after scanning a counterfeit bar code on the girl’s arm that instructs the machine an Elysium citizen is the user.
Why not just add a simple voice password on top of this bar code scanning system? By requiring people to both “know” a password and “have” the bar code tattoo, Elysium would be adhering to a simplistic and effective IT security practice and great reduce the desire of illegal refugee runs.
2. Have a multi-layered defence against incoming attacks
The first illegal refugee run to Elysium also reveals the space station has a pretty paltry defence against unwanted vessels. The Elysium security system seems promising at first when it recognizes clearance codes used by the three incoming smuggler ships as stolen, but there it doesn’t seem it can do much about it. A sleeper agent on Earth is called upon to use an over-the-shoulder RPG-style missile to shoot them down and is only successful at hitting two out of three.
Why doesn’t Elysium have a defence shield installed on the station to shoot down or detain these ships? Relying on one layer of security to intercept all threats is a well-known IT security mistake. Obviously the Elysium designers haven’t considered a multi-vector attack – in this case, a coordinated effort of dozens of ships coming at different origin points from Earth.
3. Make sure the “poison pill” triggers before the data breach, not after
I mentioned the spoiler warning already right?
When an over-zealous Elysium defense secretary, played by Jodie Foster, hatches a plot to launch a military coup and seize power on the space station, she asks a trusted insider to keep a critical reboot program that will be key to the plot stored on a digital file in his brain. (Yes, in the future your brain will have optional expansion with solid state disc storage). That insider wisely decides to protect this information with a so-called “poison pill” that will in this case literally kill any potential thief. You might compare it to the security feature on Intel Corp.’s chips with vPro – a remote command can kill the laptop and make its contents irretrievable if its lost or stolen.
But as we find out later in the movie, this poison pill defence isn’t very effective because for one, there’s no remote trigger capability, and it doesn’t actually kill the data thief until after the protected data has already been copied from their own brain. That sort of misses the point of the security measure, doesn’t it?
If there’s a movie sequel featuring a new and improved Elysium, the creators of the new and improved luxury space colony should consider bringing over a few IT security administrators to make sure things like this don’t happen again.