Kevin Wilkins – Chief Technology Officer
Us folks in Cybersecurity have been using the Target breach as our kicking toy for years. The weaknesses in so many defensive layers could contribute to entire books on the topic.
But now there is something much more epic to talk about – and I don’t mean Yahoo. I’m talking about the Rebel Assault on Scarif!
If you haven’t seen the movie you have missed a very detailed clinic on BAD SECURITY.
The first serious issue was that the Scarif Imperial Security Complex received a delivery from a stolen cargo shuttle that had no landing schedule. The pilot was a known defector. They were allowed through the main defense perimeter and directed to land instead of held and boarded in space, or summarily blasted by TIE fighters. Long live the Empire!
They WERE asked for a manifest on landing but security was so thin by that point it was simply an administrative exercise. Regardless of what they did to the inspection team, an entire platoon of Rebel troops disembarked unobserved and dispersed through the facility.
In terms of military tactics, diversionary strikes were able to pull Scarif’s entire garrison of troops away from the inner security rings to engage in skirmishes around the landing pads. No reserve was left to protect the actual objective of any strike – the Data Vault!
Once the entry team arrived at the vault some hot wiring and a cold dead hand was all required to obtain access. Again, the only defenses had been circumvented leaving nothing more than an administrative check in the way. Isn’t it great how droids – even stolen ones with bad OS checksums and an inaccessible supervisor password – can jack into the Imperial data net and do whatever they want?
Also of note – after Jyn and Cassian sealed the vault door behind them Krennic was able to pop a maintenance hatch to attack them. The ventilation hatch at the top seemed an easy match for someone with a lifetime of playing Mario games.
In the final climatic moments our fearless Jyn bypassed any last data security like firewalls and DLP by dropping into WAN subnet and obtained a Carrier issued IP address. She had direct access to transport media. Welcome to the internet! Would you like to exfiltrate some data?
Unencrypted data. Full engineering readouts of the most powerful weapon yet devised carrying a cost of billions of credits were archived without encryption. Because this is the most secure facility in the Empire, right?