Key lessons for the Galactic Empire on cyber security and authentication

Last updated: 13 October 2014

The internet has been abuzz with Star Wars chat – with the launch of Star Wars Rebels, the new action-adventure cartoon spin-off and spoilers about the plot of Episode VII building.

However, galaxy-spanning civilization it may have had, but the Empire could stand to take some advice on its cyber security policies. Here are my top tips for Emperor Palpatine (we never did actually see him die…) or his successor a.k.a the Empire’s CEO:

  1.  Equip your storm troopers with multiple levels authentication – Remember that time that Han Solo and Luke Skywalker disguised themselves as stormtroopers to rescue Princess Leia from the Death Star? They got through countless security doors to take over the hangar’s control room and kill several officers All this “rebel in a stormtrooper outfit” embarrassment could have been neatly avoided with multiple levels of authenticationg. a strong password to be used in conjunction with a smart card, token or reader.
  2.  Access controls: Related, but surely a lesser minion stormtrooper (if they were all clones, how did military hierarchy work?) shouldn’t have ‘access all areas’ credentials. Of course, the more senior Death-Star-staffers would need greater security (not that I’d want to be the guy caught shoulder surfing Lord Vader) to protect the doubtless more sensitive data they had access to – #DeathStarblueprintfail.
  3.  Ensure your army of workers have strong passwords – So you’ve spent years developing and building an army of identical, genetically-modified clones to serve you during full-scale intergalatic conflict. But would your clones all have the same password to access your systems, software and confidential data? It’d be pretty embarrassing and easy to hack into your system, if every single member of your military used the password ‘jangofett’ or the dreaded ‘1234’ combination. Encourage your clones to change their password every month and to base it on something totally random, rather than a memorable date or name of a loved one. Alternatively, Mister Acacia has written a very detailed guide on how to create a good strong password here.
  4.  Train your staff to cope with social engineering attacks: It’s important to equip your staff to cope with those pesky Jedi mind tricks. Working with an ethical hacker to run penetration testing and identify weak links in the chain before problems happen can save an empire millions, plus help you find the Droids you’re looking for. The cost of breaches is rising every year. According to a study by Ponemon and Symantec, the cost of a breach in the US can be as high as $199 per record lost. Considering that the number of records lost in breaches is going up, it adds up quickly.
  5. Plan for redundancy…and total death star destruction – It’s been much commented, but we can’t leave it un-noted that a single point of vulnerability caused the death of the, erm, Death Star; and that total chaos ensued. Whilst every empire should hope for the best, it should also plan for the worst and ensure that critical components or systems are backed up to prevent a total melt down.

Do you have any tips for the new Galactic Emperor in Episode VII? Have we missed any other notable Star Wars cyber fails? Let us know in the comments.