Cybersecurity in Season 2 of the Mandalorian
Original Article Courtesy of Kaspersky Daily
You may remember that the Galactic Empire’s cybersecurity situation was far from healthy. The theft of the Death Star plans from a highly classified storage facility and a failure of oversight causing the loss of a critical infrastructure facility are just some of the recorded incidents.
Season 2 of The Mandalorian is a great example of whether the Empire had learned from its prior mistakes — for that seemed to be the subject of the new season — and because, after all, we think of Moff Gideon, the story’s main antagonist and a former officer of the Imperial Security Bureau (ISB), as a colleague of sorts.
Chapter 11. The Heiress
Incident: Raid on Imperial cargo ship at takeoff
This incident is more relevant to physical security than to information security, but being a computer-controlled vehicle, any spaceship qualifies as a cyberphysical system. The one in question used to haul arms but still lacked the most obvious safety feature: locking doors and elevators from the cockpit. As a result, the Mandalorians penetrated the security like a hot knife through butter, quickly taking the ship’s controls. The professional competence of the defending party deserves a mention, too, managing to lock the assailants in the cargo compartment’s control room — the very one with the controls to unlock the doors or even depressurize the compartment. Furthermore, those critical systems are accessible without any authentication. These guys could really use a modern cybersecurity awareness class.
Chapter 12. The Siege
Incident: Raid on the Imperial research base on Nevarro
Nevarro’s Imperial facility looks like any other half-derelict forward operating base, but it is a research lab. Whether the defenders relied too heavily on the deserted look or no decent security pros remained with the Empire is anyone’s guess. The Mandalorian and his comrades neutralize security and penetrate the base without raising any alarm. Moreover, they surge into the control room and take possession of the code cylinder, which appears to be the master key for all the doors.
Using it, they open the doors to the base’s power reactor room, conveniently located in the same place as the reactor’s cooling system shutoff. In theory, equipping the base with an specialized security solution made to monitor industrial sensors and alert engineers or operators of overheating, might have averted the resulting explosion.
In the labs, the Empire subjects demonstrate sparks of reason, hastening to delete data to keep it from being captured in the attack. Yet they lack time to delete everything before being put to sudden death; the Mandalorian steals a look at Dr. Pershing’s secret video report, which is addressed to Moff Gideon. That’s a simple enough demonstration of how lacking a quality data encryption solution affects security. If the lab’s data were encrypted, the defenders would be able to focus on evacuation instead of having to delete files in a panic, and the Mandalorian would not learn that Moff Gideon was still alive.
Chapter 15. The Believer
Incident: Raid on the Empire’s secret refinery on the planet Morak
The Mandalorian is after the coordinates of Moff Gideon’s ship, so he sets free Migs Mayfeld, a former Imperial soldier turned prisoner who may still remember the Imperial protocols. To acquire the coordinates, he needs to find his way to a terminal on a secret base used by the Empire for mining and processing of rhydonium, a highly unstable and explosive mineral.
Former officers of the Imperial Security Bureau manage the facility, and they take security seriously. Thus, according to Mayfeld, the base is equipped with a biometric system that checks genetic signatures against databases. As a result, former rebel fighter Cara Dune cannot raid the base, and neither can wanted criminal Fennec Shand or Boba Fett, who is wearing the face of an Imperial clone.
Some issues remain unclear. Does the system control access to the information terminal alone or check the identity of everyone arriving at the base? In the former case, it is unclear why none of the persons mentioned above can accompany Mayfeld (they do not have to meddle with the terminal). If it’s the latter, then why would the systems let runaway soldier Mayfeld pass? For that matter, what about the Mandalorian, who does not appear in any database? A system like that should operate in default deny mode. And the key question is, why is this third-rate mining facility the only one equipped with such an advanced system?
The Mandalorian and Mayfeld end up hijacking a cargo vehicle (by jumping aboard in flight). That done, they change into Stormtroopers’ outfits, fend off a ship from some local enemies of the Empire, and arrive at the base as heroes. Well, there is no question about the arrival part — who would deny their own cargo ship entry when it under enemy fire? But why didn’t the much-praised biometric system figure out that the signatures of the pilots back from the mission didn’t match those of the original crew? Letting arriving staff move about the base freely without any further authentication is a big mistake.
The information terminal’s protection system also seems a bit weird. Accessing the data requires a face-scan, but the face not being in the database seems not to matter. What is the point? Is the scanning not followed by a database check? Or is the scanner, too, set up to operate in default allow mode?
Chapter 16. The Rescue
Incident: Attack on Moff Gideon’s cruiser
The Mandalorian and his friends attack Dr. Pershing’s shuttle, take his code cylinder, and obtain the secret info about Gideon’s ship compartments. Next, they pull off an attack using a method based essentially on social engineering: Posing as the shuttle being chased by Boba Fett’s ship, they request an emergency landing on the cruiser. The cruiser’s garrison does not give them clearance to land, but, having fallen for the emergency trick, also doesn’t open fire on the shuttle.
With the help of Pershing’s code cylinder, the Mandalorian opens the airlock of a compartment containing Imperial combat droids (Dark Troopers) and kicks them out into open space. What does that tell us? Nothing except that the Empire set up staff rights management badly. Why would a doctor and a clone specialist be authorized to operate the combat droids’ compartment airlock? In a critical infrastructure facility (and Moff Gideon’s cruiser certainly falls into that category), staff access rights must follow a policy of Least Privilege Access policy, granting only the permissions needed for the tasks at hand.
But there is still hope! The ship’s doors are finally lockable from the captain’s bridge! Not that that helped the struggling bits of the Empire; it’s the Mandalorian’s friends who captured the bridge, not the Imperials protecting it, who used the function.
The remnants of the Empire have inherited a lot of cybersecurity problems, and all of their innovations — such as the biometric system — are very poorly set up. Learn from the Empire’s mistakes – shorten the interval between security system audits, implement physical security measures, enforce encryption protocols, conduct regular updates and patch management, and limit access permissions.
May the Force Be With You!
Helping Your Business Grow