Yes, I know we’re a ways out from May 4th, but that doesn’t change the fact that I adore Star Wars and hypothetical security scenarios. So, how do those two loves interact you ask?
Well, if you’ve watched Star Wars, then you know that just before the events of the original trilogy, a small group of rebels infiltrated a high security Imperial facility to steal the plans for the first Death Star, the terrifying, planet-destroying superweapon. This event would go on to be the basis for the first one-off prequel movie, Rogue One, although hardcore Star Wars nerds probably take umbrage with the lack of Bothan spies in that movie, but I digress.
p0wned by the Rebel Alliance: The Empire Needed Better Security
So why am I talking about this at all? Well, the Empire was an intergalactic powerhouse, rolling down any opposition with the mighty fist of a legion of stormtroopers flown in on a fleet of Star Destroyers. How could such a near-omnipotent force be compromised by a ragtag group of insurrectionists?
The answer is security best practices. Despite all of their pomp and circumstance, the Empire was severely lacking in some core areas of security that today’s enterprises can take note of when thinking about how to protect themselves from capital attacks against their most critical proprietary data/secrets/superweapon plans.
In her article celebrating May 4th, independent security analyst Gina Rosenthal for the 24×7 IT Connection blog dives into the security ramifications behind the Rebel attack on Scariff, and how the Empire’s lacking protocols led to the compromise of their biggest secret. Rosenthal writes:
The first place the empire needed better security was with the owners of the engineering plans. Sure, Galen Erso was the most obvious scientific expert to get to lead the project. He was the undeniable expert on using kyber crystals for power, and the Death Star needed to harness and control incredible power if it was going to be a planet killer.
The problem with Erso was that he was a human.
She goes on to describe the other areas where the Empire simply wasn’t prepared enough to prevent a full-scale security breach. I won’t spoil it for you though, so you can read the rest of p0wned by the Rebel Alliance: The Empire needed better security at 24×7 IT Connection.
What I will say though, just as an aside, is that, for a supermassive organization known to be sticklers for protocol, the Empire sure could have used a better password rotation policy and perhaps, a better visibility tool. Oh well, as they say, the rest is history from a long, long time ago in a galaxy far, far away.