Identifying the Rogue One
First of all, a very happy Star Wars Day to you, from all at Cisco. May the fourth be with you all as we celebrate the greatest movie franchise of all time.
As stories go, it doesn’t get much better than the one that began a long long time ago in a galaxy far far away. An intergalactic war breaks out due to some very sensitive inter-family issues, and lasts for decades.
It has spectacle, it has heart, and its killer twist set the benchmark for popular culture for 40 years.
Often copied; never bettered.
However, just as Oasis once claimed, true perfection has to be imperfect. There are a lot of hard to explain, yet very amusing, plot holes in Star Wars. Here are some of my favourites:
- Vader has no idea that he has a daughter. He can sense Luke’s presence from several parsecs away, but he can’t tell his own offspring when she’s standing in front of him, threatening him with Imperial Senate sanctions. What’s that about?
- Ben Kenobi dedicates his later years to making sure Vader never finds out about Luke…but for some reason he didn’t think that giving Luke the surname ‘Skywalker’, or having him live with his aunt and uncle in the same house that Vader grew up in, would give the game away at all.
- The Ewoks, the much maligned pint sized inhabitants of Endor, have a women’s dress that just so happens to fit Leah perfectly.
For me, this is all part of what makes Star Wars great. We the fans embrace the nitpicky mistakes and love the movies all the more for them. Remember when George Lucas added the ‘clunk’ sound for the DVD release, on the moment a storm trooper accidentally whacked his head on an opening door?
When it comes to movies, I believe we have to allow filmmakers a certain degree of creative freedom. If we don’t, we will be forever imposing limits on their imagination.
Yes, Frodo could have hopped on one of the giant eagles, dropped the one ring off in the fires of Mount Doom and then be back home again for second breakfast…but where’s the fun in that?
I make an exception however, when it comes to the topic of cybersecurity. Call me capricious, but I just think that if you overlook the basics of cybersecurity when you’re planning a galactic project that will change the course for everyone that exists in the expanded universe, then you’re asking to fail.
I’m talking, of course, about the capturing of the Death Star plans in the latest Star Wars story, Rogue One.
If you haven’t seen this film yet, then beware as there are a few spoilers ahead…
I gleefully took my young niece and nephew to the cinema to see Rogue One when it first came out, and then I went to see it a few times more by myself.
I loved it. It had a great deal of heart, some wonderful risk taking scenarios, and enough tension to power a tie-fighter.
However, the Death Star plans were relatively easy to retrieve once they were located (as long as you could jump), and for me this just didn’t seem like the kind of oversight that the otherwise cunning and strategic nature of the Empire would make.
For one, the physical security guarding this highly sensitive information was minimal, and in the end Jyn, Cassian and the dry humoured K-2SO didn’t have to do much more than dress in disguise.
For another, why would you store all your important information all in one place? You could have had a field day with the amount of information stored there, even if you weren’t after something specific.
Then there’s the main shield, which was designed to act as the ‘goalkeeper’ and stop information from being transmitted if necessary. It worked to a certain extent, but unfortunately, the shield had another, just as important purpose; it lets ships pass in and out.
So, when the shield was open to let a ship in, anyone was free to transmit any signal they wanted to. That just doesn’t make sense. Your crucial cybersecurity product working only when it’s convenient? That’s a ‘trap’ waiting to happen…
However, the real crux of it came down to the big reveal that the ‘vulnerability’ in the Death star (later exposed by Luke and his fellow fighter pilots at the Battle of Yavin), wasn’t an oversight. It was put there deliberately by scientist Galen Erso.
Whilst a brilliant mind, Galen was never a supporter of the Imperial Empire. Orson Krennic used him for his kyber research abilities, never telling him it was actually being used for weaponised purposes. When he found out, courtesy of his wife Lyra, Galen escaped the Empire and sought to protect his family from their reaches on the remote planet of Lah’mu.
Someone like Galen hardly seems like the ideal candidate to force back to the Empire to help them finish their biggest project; the Death Star. Yet that’s exactly what Krennic did.
Whilst Galen tried to pretend his memory was ‘not as it used to be,’ he was forced to accept his fate after his wife was caught in a crossfire. Jyn, then a young girl, escaped and was brought up by resistance fighter Saw Gerrerra, and ultimately became a soldier in her own right.
Galen meanwhile spent his formative years trying to stall the Death Star’s completion as much as possible, unbeknown to Krennic who must have thought his bullying tactics had worked.
Galen built in the fatal flaw, made sure it was hidden, and then produced a holographic intended to be viewed by his daughter Jyn, revealing that the Death Star plans were hidden on the planet Scariff.
Jyn took the information to the Rebellion, who initially didn’t believe her, forcing Jyn and her newly formed crew to ‘go rogue’.
The Empire seemed to make the same mistake that catches many businesses out these days from a cybersecurity point of view; underestimating the importance of people.
In our 2017 Annual Cybersecurity Report, we revealed that 27% of third party cloud applications introduced by employees into enterprise environments in 2016 posed a high security risk.
This is Shadow IT – the practice of employees using any applications they fancy, without getting the IT department’s approval, and the problem is increasing:
- 80% of end users use software which isn’t cleared by IT
- 83% of IT staff admit to using unsanctioned software or services
- Only 8% of all enterprises actually know the scope of shadow IT within their organisation.
Even if the person introducing the Shadow IT doesn’t have any malicious intent (more often than not it comes from a good place, albeit a naïve one), it can still create huge security vulnerabilities.
Especially if you don’t know how far the problem extends…
Then there are those employees who do have malicious intent. It’s surprising how many companies let their employees walk out the door with their most sensitive information, and don’t change the passwords on whatever programs they had access to.
It all comes down to visibility.
That vulnerability stayed buried in the Death Star for years. Perhaps the Empire was so focussed on their plans for destruction that they didn’t think it necessary to look for problems within. That oversight meant that many stormtroopers didn’t make it back home the night that Luke and his Rebel fighters put a fire in the hole.
I still count Rogue One as a tremendous movie. It’s certainly in my top 4 Star Wars films. I just would have liked to have seen Jyn and her crew facing a bit more of challenge getting hold of the Death Star plans, once they knew where to look for them, and less time on the whole shield/signalling thing. That just didn’t make sense to me…but feel free to tell me your thoughts!
- Could you identify the rogue elements in your business that could cause a cybersecurity breach? If not, find out how to improve your visibility and find your security weak points at www.cisco.co.uk/security.
- If you’d like to know more about the current business threats, and how to protect yourself against them, download our 2017 Annual Cybersecurity Report.