By Deborah Haralson
Faculty, College of Science, Engineering and Technology
This summer, we had a great opportunity to host a Phoenix Comicon panel on “Cyber Security in Star Wars.” While researching for the topic, we began to realize that the Empire provides numerous examples of what can go wrong (and how) here on earth when implementing business-class, enterprise-caliber security policy. Examples include:
“These Aren’t the Droids You’re Looking For” (A New Hope)
This is a great example of identity management gone awry. The Empire is searching for technical plans for the Death Star before the missing data leads to mayhem. Those plans are stored on R2-D2. While R2-D2 falls within easy reach of the Empire, reliance upon human frailty rather than technology allows the critical information to reach those gnarly mayhem-generating rebels. Additionally, we examined the challenges associated with data-synchronization and updates across a complex, light-year-diverse system.
“It’s an Older Code, Sir, But It Checks Out” (Return of the Jedi)
It’s amazing how seldom technology is utilized for security purposes within the Star Wars universe. This particular example occurs when the Rebels commandeer an Empire shuttle to infiltrate a secure facility. Basically, we’re talking about the classic Trojan Horse story here. While the Empire does query the Trojan shuttle for an authentication code, additional safety features could (and should) be easily implemented.
The first thing that comes to mind is called multi-factor authentication. In the business world, multi-factor authentication is implemented when multiple pre-arranged sources are called to verify (authenticate) the identity of an account. Google, Facebook, Apple and Microsoft all support this technology, yet the Empire doesn’t seem to do so. Think about this for a moment: With such technology available, multi-factor authentication can and should be in place for the shuttle itself, as well as every living body on board. As it stands, the Empire only implements single authentication for the shuttle device, without a secondary source that could alert to the stolen nature of the vehicle. Similarly, personal IDs (PINs) and live-body biometrics for flight and passenger personnel should be implemented to further protect the intellectual and physical property of a recognized high-profile target. Shame on you, Darth Vader.
“According to the Log, the Crew Abandoned Ship Right After Takeoff.” (A New Hope)
This scene occurs when the spaceship Millennium Falcon is towed aboard an Empire Destroyer. The aforementioned droids, as well as other persons-of-interest, again fall through the cracks due to numerous reasons, the first being evident in this specific location – the Millennium Falcon has not been abandoned, but rather the occupants are hiding within the flooring of the ship itself. In order to allay suspicion, the Falcon’s captain, Han Solo, tampered with the ship’s logs to reflect inaccurate data. While it’s great that the ship, admittedly containing numerous computing devices, contains activity logs, the fact that these bits of data are tamper-capable indicates one of two problems: The ship has subpar security safeguards and is therefore highly hackable or the technician is inadequately trained and incapable of locating tamper evidence.
While the Comicon panel discussion was an hour long, we had the opportunity to discuss other security-related factors such as encryption, physical access, data storage devices and anticipating the unlikely. In all scenarios, we found one common factor that is quite prevalent here on earth: The weakest link in any security chain is always the human. These and other scenarios throughout the Star Wars universe highlight human frailty woven through all phases of technology: design, development, engineering, training and implementation.
GCU’s College of Science, Engineering and Technology offers a Bachelor of Science in Information Technology with an Emphasis in Cyber Security that helps students prepare for dynamic and in-demand careers. Learn more about our college and degree programs by visiting our website or contacting us using the Request More Information form.
More About Deborah:
Deborah Haralson has been a computer geek since elementary school, learning BASIC programming on her father’s Commodore VIC20. High school brought the technological bleeding edge, learning GWBASIC programming on an 8086 AT&T backplaned box with no hard disk drive. While going to school for engineering, she discovered that her true passion was for IT and began working on Windows, DOS and Macintosh network clients, quickly graduating to network servers and WAN technologies. In over 20 years of experience in the IT field, she has worked for companies such as Honeywell, MicroAge and many others. Along the way, she has become proficient in a wide array of hardware, software and operating systems, along with an occasional stint as a PBX & ACD admin, DBA, trainer, webmaster and application programmer. Deborah has worked with Microsoft server products since the original NT 3.1 beta and has enjoyed the experience ever since then. Deborah is a published author and has authored/co-authored several technology books dedicated toward helping others navigate the jungles of the computing world. Having earned her bachelor’s degree in information technology and her master’s in adult education, Deborah enjoys finding creative ways to teach and learn.