Rogue One: A Case Study in Cybersecurity

Dec. 15, 2016

A University of Arizona cybersecurity expert has some words of wisdom for the Empire.

The upcoming film, “Rogue One: A Star Wars Story,” details how the Rebel Alliance steals architectural plans for the Death Star in order to eventually destroy it—but according to one University of Arizona cybersecurity expert, there are real-life lessons to learn from the downfall of the Empire.

Hsinchun Chen, professor of management information systems at the University of Arizona, has spent 27 years researching cybersecurity and leads a $5.4 million National Science Foundation project called “Hacker Web” to explore international hacker communities, including those in Russia, China, and the United States.

Chen says the theft of architectural plans isn’t just the stuff of fiction and, in fact, “Probably the most obvious case for why countries hack each other is intellectual property, or IP. Deliberately stealing information about your drawings or your engineering designs or your scientific instruments, that’s all intellectual property.”

In government, he adds, this kind of theft is virtually inevitable. “There are only two types of organizations: Those who’ve lost their data and know it, and those who’ve lost their data but don’t know it,” says Chen.

While we don’t yet know how the Rebel Alliance was able to succeed in its efforts, Chen knows exactly what he would have told the Empire to avoid theft of their IP.


You’re only as strong as your weakest link.

Within companies, governments, and universities, all it takes is one person to allow a breach. “In a big organization with thousands of employees or more, like a government, you will be breached, and you’re only as strong as your weakest link,” says Chen. How could the Empire rid itself of weak links? “Education and rigorous information assurance practices help,” says Chen.

Know their strengths, and your weaknesses.

“Unfortunately, the adversaries are getting more sophisticated and more interconnected. They’re always exchanging information,” says Chen. “You have to be very diligent in collecting information about your vulnerabilities and your adversaries.” The Empire should have invested a significant amount of time, money, and effort to understand their enemy’s strengths, and their own weaknesses.

Protect what matters most.

The Empire may have had masses of data, but not all data is created equal. Chen believes that dedicating your best security resources to your most valuable data—like the Death Star plans—is paramount. “Protect your most important, critical assets,” he says.

Don’t just defend—prevent. 

“Cybersecurity has changed from a very defensive mentality to a more holistic and more preventative mentality,” says Chen. While the Empire ends up fighting to protect the Death Star (and losing), Chen recommends taking stronger preventative security measures from the start.