Incident Response, Network Security, TDR, Vulnerability Management

Better cybersecurity might have saved the Death Star

A company should have excellent cybersecurity, always.

That according to a blog at WeLiveSecurity, which studied the Empire's data security measures and found that the emperor and Darth Vader allowed several oversights that led to Luke being able to fire into the crucial and vulnerable two-meter wide exhaust port and detonate the Death Star at the culmination of the first movie.

But how could an advanced organization such as the Empire have weak security?

The first point the WeLiveSecurity editors noted was the Empire's ignorance, and Rebel Alliance understanding, of the importance of end-to-end encryption.

“Leia understands that if R2-D2 is captured, she can feel somewhat confident that the sensitive data will remain secure –  in other words, while it might now be in the hands of the bad guys, it's still unreadable. Only Obi-Wan has the key needed to decrypt the message, meaning the princess' secret plea for his assistance can only ever be unlocked by the Jedi Master,” the blog said.

Grasping the importance of social engineering and being able to defend against it was another issue for the Empire. Obi-Wan used The Force to fool the storm troopers into letting them pass while in Mos Eisley. If the Empire had instituted a better security protocol and training for its front-line workers this may have never happened with Luke and Obi-Wan being arrested.

“Had they been aware of social engineering techniques, like Jabba the Hutt in Return of the Jedi, then Obi-Wan may have had to have resorted to bypassing security in another way,” WeLiveSecurity said.

The other problem common today, and a long time ago for the Empire, is underestimating the threat being faced. This is seen in the movie when Vader and several officers are discussing the possible damage that could take place if the Rebels obtain the Death Star's plans, with one Imperial officer downplaying the danger claiming the station is safe no matter what technical information gets into the wrong hands. However, a colleague with a better understanding of what a data breach could cause and tries to warn the others is ignored.

The lesson, according to WeLiveSecurity, is if even the smallest gap (ie exhaust port) is left open it could be “game over.”

Finally, a better understanding of the danger Trojans pose along with having two-factor authentication (2FA) passwords could have save the Empire the loss of the original Death Star not to mention the cost and trouble of building a second planet destroyer.

The Death Star happily locked onto the Millennium Falcon with a tractor beam and brought it aboard having no idea the ship contained the implements of its destruction, just like any computer Trojan that is allowed to enter a company network.

In the end all of the security errors incurred by the Empire could would have led to nothing if the Death Star's servers had a better password. Luckily for the rebels R2D2 was able to quickly gain access to the computer and help the heroes escape with the plans.

“If you don't invest in strong passwords and 2FA solutions, then, coupled with an open access policy to your network – as opposed to only senior employees possessing the rights to this – you're likely to experience some sort of data breach, big or small and intentionally or otherwise,” the blog concluded.

As of this writing there is no word if cyber security plays a major role in the latest installment in the Star Wars series, The Force Awakens.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.