Security Trends/Attacks, SOCs and SIEMs
Louis Evans

Blade Runner is Coming. Is Your Network Ready for Replicants?

With the upcoming release of Blade Runner 2049, it’s a good time to reflect back on the first film and its grim vision of the future. The original Blade Runner came out in 1982, set in the then-distant year of 2019. And many elements of its distinctive vision—off-world colonies, flying cars, giant residential pyramids—have not come to pass. Even the weather is off: LA’s smog has gotten much better, not much (much!) worse, and as a Californian living through the past few years of drought, I’m offended and envious in equal measure of the absolute buckets of rain that pour down on Harrison Ford in the streets of his Los Angeles.

But I can’t help but see some big parallels as well.

Blade Runner is a story of conflict between replicants (artificial life forms that pass for human) and “blade runners”, the humans who hunt them down for “retirement”.

The film revolves around the questions raised by the struggle to hunt replicants: how can we tell the difference between hostile technology and innocent humans? What do we do when the next generation of technology is sophisticated enough to beat all our old tests? How do we deal with a diverse set of hostile actors, each with their own skills, strategies, and mission?

Today’s Malware: Replicants of the Net

In cybersecurity, we deal with replicant-style problems every day. Companies today face constant probes and attacks from criminals. And such attacks are always disguised as legitimate interaction—human interaction. Phishing, brute-force login attempts, Trojans and other malware are all examples of a hostile computer imitating a human being.

And just as with Blade Runner’s replicants, cyberattacks are constantly growing more sophisticated. In Blade Runner, Rachael represents the next generation of replicants. She has more advanced physiology, more sophisticated fake emotions, built from the transplanted memories of a human girl. And this increased sophistication means that she can elude the Voight-Kampff replicant test for longer.

In reality, we find that for every published exploit, hackers are out there working on a new day-zero attack. Security isn’t simply a question of implementing long-established best practices. Instead, it’s a matter of continuous updating, so that the good guys can keep up with the bad ones. Constant vigilance! (But that’s a different movie.)

In Blade Runner, even though the Replicants share some overarching similarities, they each have their own skills and diverse motives. And in the reality of cybersecurity, we find that the rogues gallery of malicious actors is growing more varied by the day. In the earliest days of malware, pretty much the only threat model was a prank-minded CS student with too much time on their hands. But now, threats include targeted criminal attacks, wide-bore criminal scams, ideologically motivated groups, hacktivists, hostile nation-states, and the ubiquitous trolls.

So what do we do when we’re faced with a dizzying array of attackers, constantly updating their strategies and disguising their intent? In reality or fantasy, the answer is the same: we send in the blade runner.