Zero Trust

What Star Wars can teach us about zero trust

Aug 18, 2022
Start Wars Zero Trust

Much has been written, most of it circa early May, about the state of cybersecurity in the Star Wars universe. The franchise has even been the cause of some lively back-and-forth among respected journals and think tanks about problems endemic to the “cybersecurity culture” of that galaxy far far away. 

This has sparked a sort of sub-genre of infosec interpretations of Star Wars that pop up with each new release, whether it’s on the silver screen or a streaming release. After watching Disney’s Obi-Wan Kenobi miniseries recently, which traces the Jedi's life between episodes three and four, I felt compelled to contribute to that canon. 

George Lucas and the rest of the writing team have proven quite prophetic with the Empire's bumblings. The planetary scale of the cybersecurity challenges and the Empire’s failure to learn from its past mistakes bears more than a passing resemblance to our own reality. After all, on our own planet, cyber weapons are being used as tools of war, critical infrastructure has come under attack, and we’re even beginning to grapple with the implications of cybersecurity for our own spacefaring endeavors

So, what can the latest Star Wars release (continue to) teach us about cybersecurity? Let's explore some of the highlights in the order of events.

Episodes 1-3: The "prequel trilogy" movies

There isn't much in terms of security featured here. Darth Sidious is effectively building a startup in the shadows to take over the galaxy and, like most other startups, there’s not much centered around security to ensure things just "happen." Later, we’ll see the Empire grow too large to approach its security this way.

Darth Sidious, aka the Emperor, gets lucky, takes over the galaxy, and destroys most of the Jedi in the process. Maybe if the Galactic Federation had been monitoring all communications through some inline data loss prevention (DLP) tool, somebody would have discovered the Emperor's plans.

The Obi-Wan miniseries

This is where we see the Empire's most significant failings, and I'm going to focus on a scene where 10-year-old Princess Leia is kidnapped by the Empire in an attempt to lure Obi-Wan Kenobi out of hiding. While little Leia is held in a fortress, Obi-Wan and Tala, an Imperial officer working for the Rebels, hatch a plan to rescue her. 

Here’s how it unfolds: 

Storyline

Security Problems

The Rebel spy Tala and Jedi Obi-wan fly an Imperial ship into the fortress. They enter directly, without being questioned or having radio contact established.

In the real world, this is the equivalent of having no posture control over the device or inspection of the contents before a “connection” is established. The fortress is exposed directly to the outside world, with no termination of traffic prior to allowing foreign traffic into the fortress to protect against risk. Translated to the castle-and-moat metaphor we often employ, this is the equivalent of leaving the draw bridge down and the portcullis wide open. 

Tala is stopped and asked for identification. When questioned about not being from the fortress's sector, Tala pulls rank, intimidates the lead security officer, and is promptly granted access to the fortress.

The empire has authentication (biometric, even!) but poor authorization policies enforced within its DMZ-equivalent room. There was not an appropriate escalation procedure or workflows for the resource request and approval policy. At best, henchmen from the Empire enacted a “conditional block” policy that was quickly overcome by a determined adversary. 

Upon entry, Tala is able to move freely through the fortress until she finds an administration console while talking to Obi-Wan on a communication device. From this console, Tala is able to open schematics for the base, allowing her to open an external door and sneak Obi-wan in. Obi-Wan then neutralizes a loan stormtrooper guarding the room.

The security problems here are many and significant. They begin with unauthorized communication between channels inside the fortress. Tala then takes advantage of an unprotected admin console to access highly sensitive information, effectively undermining the fortress’s entire security system. Her opening of a “backdoor” triggers no alerts or warnings to Empire security staff. A single guard is easily dispatched.  

Obi-wan is now able to move freely throughout the fortress as Tala guides him toward Leia. He hides in corridors, deceiving stormtroopers and droids as they pass. Tala then neutralizes a security officer who questions her.

This is a good illustration of the dangers of lateral movement even for evil organizations. Once he has bypassed the fortress’s initial defenses with assistance from Tala, Obi-Wan is able to amble around the facility unfettered. If he wasn’t preoccupied with saving Leia, Obi-Wan could use this time to search for data that would be useful for the rebellion, calculate how to cause maximum damage to the fortress, or conduct acts of sabotage while inside.

 

We also see how the Empire is struggling with ineffective security agents who lack complete visibility over their environment and the challenges that result from their activities not being monitored from a central location. 

At last, Obi-wan finds Leia's holding area and opens it with a stolen key. Tala distracts the Sith Inquisitor while Obi-wan rescues Leia from the stormtroopers guarding her. 

Seriously? The Empire is keeping high-value political prisoners in cells that can be unlocked with just a key? Single-factor authentication is already a relic at most major organizations, but most also still fail at implementing true multi-factor authentication (MFA). Clearly, the Empire is no different.

Obi-Wan, Tala, and Leia escape in disguises without much resistance as the Rebels fire upon Imperial ships in pursuit of the jailbroken princess.

Once it’s discovered that the fortress has been compromised and a key asset stolen, the Empire is still unable to mount an effective defense. If outbound traffic was being inspected, they may have discovered that sensitive cargo was being exfiltrated from the base. Instead, a barrage of Rebel fire acted like a DDoS attack Imperial troops were unable to overcome.

 

Now that we’ve outlined the Empire’s failures, let’s explore how it might have played out if it had only had a zero trust strategy in place.

  1. An Empire with complete knowledge of its devices (ships) would know there was malware (unauthorized personnel) inside the managed device (fortress). With zero trust, the Empire could have simply not allowed the ship to land at the fortress. 
  2. The fortress (with its sensitive contents) was exposed directly to the outside world. The Empire should have had a policy enforcement point (PEP) or some other type of checkpoint off-world for inspection, authentication, and authorization for all inbound traffic (much like the planet shield depicted in the Rogue One film). Perhaps the docking bay was meant to be this checkpoint but, if that's the case, it should have been more thoroughly isolated from the inside of the fortress.
  3. With strict authorization policies, Tala would not have been allowed inside the fortress. She was known to be from a different sector, and her justification for entering the fortress was dubious. A formal authorization request workflow would have nullified the intimidation tactics and procedural failure that ultimately allowed her to gain entry.
  4. Sensitive administrative consoles should only be exposed to those authorized to access them. Even if Tala's clearance gave her access, that exemplifies the authorization failure. Role-based access controls within the fortress' administrative consoles would have prevented the actions she took. (Why would an off-worlder need access to open doors and schematics, anyway?) The Empire also needs an effective logging and alerting tool to flag such unusual events.
  5. Gaining access through an unmonitored backdoor should be impossible. All traffic should be funneled through the PEP.
  6. A key feature of zero trust architecture is the inability to move laterally throughout an infrastructure. Several failures eased the discovery of Leia: Unrestricted admin console access, no authorization linked to door access, and the single-factor authentication used to enter the secure area where Leia was being held.
  7. Inspection of outgoing traffic (in the form of disguised Rebels) from inside the fortress would have caught the escapees.
  8. Again, the fortress being directly exposed to the outside world allowed the rebels to perform a "DDOS" attack on the entrance, allowing the rebels to escape.  The planetary shield/checkpoint/Zero Trust exchange in between the fortress and space would have prevented this rescue attack.

The parallels between the Empire's security shortcomings and the trouble with traditional network perimeter security are long and well documented on the internet. It suffered similar breaches during the Rogue One and a New Hope films, including notable incidents like using stolen ships with old access codes to gain access to imperial assets and R2D2 being able to just plug into any old access port to assist the heroes.

After a breach like that, most enterprises would perform an incident review and implement security improvements to stop repeat offenses. Many would even begin performing tabletop exercises to solidify incident response plans.

Unfortunately, it seems that did not happen. Or, if it did and the Empire addressed its glaring security gaps, perhaps time and heavy turnover in the ranks of its galactic henchman reintroduced complacency, inexperience, or apathy back into its ranks. 

Maybe the Empire simply thought it was too difficult or unimportant to overhaul its security. Luckily, zero trust transformations don’t have to happen with a big bang. They happen iteratively over time, often operating side-by-side with the current environment.

What to read next

Fortifying cybersecurity in a time of war

Basic principles in designing an education and upskilling strategy