The summer blockbuster season officially kicked off last Friday with Iron Man 2, an action-packed superhero flick that had the fifth-highest-grossing opening weekend in Hollywood’s history. Whether you like the movie or not, at least one thing about it rings true — the plot and the characters provide a striking reflection of today’s tech security industry.
Spoiler alert: We do discuss major plot points in this article. If you haven’t seen the movie, keep reading at your own risk.
Marvel’s metallic superhero was first portrayed on the silver screen by Robert Downey Jr. in 2008’s Iron Man. In that film, playboy industrialist Tony Stark has a crisis of conscience and brings the manufacture of weapons at his defense company to a halt. To chase down terrorists who have misappropriated his munitions, Stark builds himself an armored, weaponized exoskeleton suit (that can fly!) and becomes Iron Man, making his invention an object of desire to military profiteers.
The sequel is much the same, with more villains, more conniving and more suits. A montage catches us up on what’s happened since the previous movie: With no country’s military able to match Iron Man’s technological superiority, Stark’s vigilante action and deterrent policy have brought about a worldwide détente.
Since Stark is the only person who knows what makes Iron Man tick, the world’s security rests entirely in his hands. Not surprisingly, the U.S. government wants to reproduce the Iron Man suit for its own militaristic purposes; the debate over private vs. public security forms one of the movie’s core conflicts.
Meet the villains: Hacker, security vendor
The scarier of Iron Man 2’s two major villains, Ivan Vanko (Mickey Rourke) vows on his father’s deathbed to kill Tony Stark for the sins of Tony’s father, Howard Stark, who didn’t share credit with the elder Vanko for inventing the “arc reactor” power generator. In many ways, Ivan Vanko is Tony Stark’s evil twin: a brilliant engineer able to craft the most wondrous of devices from the most rudimentary of materials.
Described as a physicist, Vanko also demonstrates a mastery of computer programming, mechanical engineering and martial arts. His creativity under captivity closely parallels that of Tony Stark’s in the first film, though their motivations and values set the two apart.
From an IT security perspective, it’s easy see the Russian Vanko as a symbol of today’s cybercriminals, many of whom are former Soviet computer code writers who now write malware for criminal organizations for fast cash. Vanko’s motives are different from those of the typical cyber bad guy, but the comparison is hard to resist.
Vanko’s partner in crime is Justin Hammer (Sam Rockwell), who, in contrast, shows no aptitude for even basic technology. A rival defense contractor whose products are notoriously unreliable, Hammer will do anything to run Stark Industries into bankruptcy. His petulant, demanding conduct is a caricature of spoiled billionaire behavior, making us wonder how he ever built Hammer Industries.
His social awkwardness also fits the negative stereotype of geeks: In a scene where he takes the stage at an expo, dancing awkwardly and using strangled metaphors, we couldn’t help but imagine him bounding across the theater shouting, “Developers! Developers! Developers!”
Hammer’s overconfidence is symbolic of the security vendor community. To be fair, many vendors do develop technologies that have made a huge difference in the security fight. But many more have been slammed by security practitioners for claiming that their technologies solve all of a company’s defensive challenges. It’s fun to watch Hammer show off his cigar-sized Ex-Wife Missile, which turns out to be a dud later in the film, and think of antivirus vendors whose signature updates can’t keep up with fast-evolving malware.
Balancing the appearance of two new villains is a partner for Iron Man. The trailers have made no secret of this film’s debut of War Machine: U.S. Air Force Lt. Colonel James Rhodes (Don Cheadle) in a suit comparable to Iron Man’s.
Even though Stark insists, “I am the armor,” he must have anticipated Rhodes’ new role, as the War Machine suit comes equipped with its own power source. (Stark’s suit, on the other hand, is powered by the arc reactor that Stark inserts into his own chest to keep his damaged heart working, indirectly making Stark the power source for his own armor.) And when Rhodes first appears as War Machine, he seems at ease with the suit’s functions and interface, suggesting that this isn’t his virgin flight.
Rounding out the cast is Gwyneth Paltrow as the frazzled Pepper Potts, personal-assistant-turned-CEO of Stark Industries, and Scarlett Johansson as Potts’ replacement, the versatile Natalie Rushman. More than just eye candy, Johansson pulls jaw-dropping moves in Iron Man 2 that will come as a surprise to anyone who still thinks of her as the rather mousy Charlotte from 2003’s Lost in Translation.
From the get-go, Stark is a man with cutting-edge IT, even when he’s not playing superhero. At the Senate Armed Services Committee’s Weaponized Suit Defense Program hearings, Stark whips out an impressive see-through smartphone-like device and in a matter of seconds hacks into the room’s digital display screen, to which he then wirelessly streams his own video.
The digital interfaces with which Stark’s laboratory was equipped in the first film have evolved even more fantastic capabilities. Instead of projecting a 3D interface above a Microsoft Surface-like display, Stark’s computers now project into and accept input from the entire room, much like Star Trek’s holo-emitters. With gesture-based commands, Stark can expand and collapse images on all three axes or even toss files into the trash as easily as an NBA star makes a hook shot.
Jarvis, the voice-recognition-equipped AI assistant, has been excised from Iron Man’s suit and is restricted to the laboratory, where he performs three-dimensional scans of physical objects to produce wireframe digital representations, much as Microsoft’s Project Natal promises to do.
Iron Man 2 isn’t the first film to portray futuristic technology in today’s world, but with the possible exception of the suit itself (and perhaps the particle accelerator Stark builds in his basement), there is little in Stark’s repertoire that defies credulity. The movie takes existing concepts and extends them along their logical evolution, while offering some subtle commentary on the IT celebrities who may someday bring this technology to life.
Art reflects reality
One of the more interesting threads of the Stark story is his personal growth. When he appears before the Senate committee early in the movie, he mocks the proceedings throughout. Not only does he hack the video feed, he also refuses to share his technology with the government.
Stark tells the senators “you’re welcome” because he has “privatized world peace” and insists that no one else in the world is anywhere close to duplicating his technology. Of course, he’s proven wrong in short order, and as the film progresses he comes to realize he can’t act alone.
This is an ongoing theme in the security industry. White House Cybersecurity Coordinator Howard Schmidt constantly pushes the view that public-private partnerships are essential if we’re to have any chance at achieving meaningful security.
Schmidt says the information security community is right to be spooked by massive, coordinated attacks that targeted Google and other large corporations in December 2009, and he believes the best defense against this sort of thing remains in the hands of the private sector — with help from the government.
“You guys have been carrying the water,” Schmidt told attendees at CSO Perspectives 2010 in April. The government can do a lot to improve the nation’s cyberdefenses, he said, but ultimately, the key to warding off attacks like the one Google experienced remains private-sector vigilance. That doesn’t mean the private sector can go it alone, which is why Schmidt’s cybersecurity coordinator position was created last year.
Looking at this in reverse, the private sector needs to help save government from itself much of the time. Government agencies still make plenty of mistakes in their own IT security, just as the military in Iron Man 2 made a mess of things by doing business with a hack (pun intended) like Hammer.
Now, we’re not suggesting that the producers of Iron Man 2 set out to make a mockumentary about the security industry as it exists today. But for anyone in the security business watching the film, it’s impossible to avoid the comparisons.
On the positive side, if these comparisons are to be taken literally, the movie suggests that there’s hope for the security industry. Stark learns that he can’t act alone and must treat the government as more of a partner — or at least there’s a suggestion of this newfound attitude. And the message of the Hammer story line is that if you push junky security technology on the buyer, you will pay the price.