The weekend Rogue One: A Star Wars Story was released a conversation started on Twitter discussing the missteps made by the Empire which inevitably lead to the theft of the Death Star plans. To avoid spoiling the movie for everyone, Wolf Goerlich (@jwgoerlich) and I moved the conversation to direct messages. He has since posted two great videos, "Rogue One and InfoSec" Part 1 & Part 2. You can find them on his informative YouTube series, Stuck In Traffic with Wolf Goerlich
What follows are my thoughts on the controls the Empire could have implemented to thwart the Rebellion.
The construction of the Death Star was a massive undertaking, one executed with military precision. This should have included extensive reviews of the initial design as well as architectural, electrical, mechanical (and crystalic?) inspections during construction. Appropriate checks and balances would have prevented this flaw from being introduced.
Asset Management and Clearance Code Revocation
During the escape from Eadu the rebels steal an Imperial cargo shuttle. This ship contains clearance codes that allow them to pass through the shield gate and land on Scarif. Chronologically this may be the first time this tactic was used, but as we have seen in Return of the Jedi, the Rebel Alliance would later steal a shuttle in order to bypass the deflector shield and land on the forest moon of Endor. Had the Empire implemented better asset management they would have known these shuttles were stolen and could have revoked the clearance codes. The Empire may have even gone one step further by implementing a system that would allow them to remotely disable the engines on stolen star ships.
What follows are my thoughts on the controls the Empire could have implemented to thwart the Rebellion.
*** WARNING: SPOILERS AHEAD ***
Prohibit BYOD (Bring Your Own Droid)
From R2-D2 to BB-8 it seems everyone has their own personal droids in the Star Wars universe. Most are designed with a specific task (Astro Mechs, Protocol Droids, etc.) but all are capable of storing large quantities of data and many are equipped with universal Scomp Links or computer interface arms that allow them to access any computer terminal. Had the Empire prohibited BYOD and implemented network access controls then unauthorized assets (droids) would be unable to connect to computer terminals in the first place.Design Review
In Rogue One, Galen Erso is the unwilling head of the Kyber Crystal Research Team working on the Death Star. In this role he was able to architect a flaw in the reactor that would lead to its destruction during the Battle of Yavin. In the movie, a holo-recording of Erso recounted how he had made himself indispensable, "all the while laying the groundwork for revenge." He accomplished this by, "placing a weakness deep within the system, a flaw so small and powerful that they will never find it."The construction of the Death Star was a massive undertaking, one executed with military precision. This should have included extensive reviews of the initial design as well as architectural, electrical, mechanical (and crystalic?) inspections during construction. Appropriate checks and balances would have prevented this flaw from being introduced.
Asset Management and Clearance Code Revocation
During the escape from Eadu the rebels steal an Imperial cargo shuttle. This ship contains clearance codes that allow them to pass through the shield gate and land on Scarif. Chronologically this may be the first time this tactic was used, but as we have seen in Return of the Jedi, the Rebel Alliance would later steal a shuttle in order to bypass the deflector shield and land on the forest moon of Endor. Had the Empire implemented better asset management they would have known these shuttles were stolen and could have revoked the clearance codes. The Empire may have even gone one step further by implementing a system that would allow them to remotely disable the engines on stolen star ships.