In celebration of Star Wars Day on May Fourth (“May the Fourth Be With You”) we present to you the obligatory Star Wars themed blog post. I know it’s controversial to not be writing about the OT (original trilogy), and instead refer to the ST (sequel trilogy). But there are already so many cybersecurity blogs on the original 3, so I’ll be referring to Episode IX: The Rise of Skywalker for the most part here.
Spoiler alert: Although this movie did come almost four years ago, there are spoilers in this blog. Proceed with caution!
In The Rise of Skywalker, it is revealed that Emperor Palpatine – who was supposed to have died in the previous episode – is alive and hiding on the planet of Exegol. C-3PO says:
“Exegol does not appear on any star chart. But legend describes it as the hidden world of the Sith.”
The Resistance's mission to confront Palpatine hinges on locating Exegol, which is only possible with a Sith Wayfinder. Rey, our Jedi heroine of the sequels, finds clues left by Luke Skywalker that lead her on a quest to find the Wayfinder along with Finn, Poe, Chewbacca, C-3PO, and BB-8.
Ok, so why are we talking about Exegol on our PrOTect OT blog? (By the way, all uses of OT going forward will refer to “operational technology” not “original trilogy.”) Well, not long ago, in a power plant or factory floor not too far away, lie unidentified, unmonitored or forgotten OT assets that present cyber and operational risks. These systems, which we term “Shadow OT,” should not exist in your OT environment. OT assets and cyber systems should be accounted for in an asset inventory and monitored for any change or risk.
Security teams need an effective approach to identify, monitor and manage every asset and document appropriate changes. Having a single source of truth for your asset base that includes configuration and change management enables a centralized cybersecurity program that can include vulnerability and patch management, version control, security baselines, risk assessments, incident response and compliance reporting.
Exegol is like a system in your operational environment that ridden with vulnerabilities and threats waiting to spread and impact your operations. Just as Exegol is a hidden base for the Sith, shadow OT can harbor cyber threats, serving as easy targets for attackers to exploit and remain undetected.
In Episode IX, there are only two Wayfinders in existence that can be used to navigate to Exegol. These are ancient devices that store coordinates and serves as a guide through otherwise unnavigable space.
In the OT environment, discovering and communicating with certain OT systems and devices can be as difficult as reaching Exegol. Without the right approach, attempts to communicate with a device can disrupt devices and cause downtime. On the other end of the spectrum, other means of monitoring OT assets can result in incomplete or inaccurate information. Just as you need a Wayfinder to find Exegol, you need the right approach to discovering and gathering data from certain OT systems.
The Unknown Regions, where Exegol is located, are filled with unpredictable gravitational shifts, solar flares, and other hazardous conditions that make exploration and mapping extremely risky and difficult.
But just as the Wayfinder can navigate through these challenges, the right data collection approach can safely and effectively manage even the hardest to reach assets.
Rey eventually gets her hands on a Wayfinder and heads toward Exegol. Meanwhile, at the base, the others plan their attack. They discover that their latest droid, D-O, previously served Sith assassin Ochi and therefore possesses critical insights into Exegol. While D-O cannot provide Exegol's location, he offers valuable context and history related to Ochi's quest for the Wayfinder, rather than Exegol itself. This indicates that D-O’s value lies in his ability to fill in gaps in the narrative or history that the Resistance has been piecing together. They upload his data into another workstation to assist in planning their attack, spurred by their ability to track Rey’s progress toward Exegol.
Similarly, in operational technology environments, historical and contextual data are crucial for hardening systems. By accessing deeper OT asset details—like software versions, vulnerabilities, and patches—specific risks can be addressed. Historical configuration data enables teams to understand whether changes are "good" or "bad" and how they have affected security postures. This includes details of who made each change, when, and where, guiding preventative measures against system outages or data breaches. Change and configuration management capabilities also allow for measuring the extent of configuration drift across the environment. Establishing a baseline for what a secure and stable system should look like helps identify any deviations from this “good” configuration and enables actions to mitigate potential risks to the system’s security and reliability.
Let there be no "Exegols" or "Unknown Regions" in your OT environment. Every asset should be thoroughly documented in your inventory, capturing the necessary configuration details to identify and mitigate risks. An OT Asset Management platform can automate this data management, delivering detailed insights such as software versions, vulnerabilities, configuration specifics, open ports, and services, ensuring a secure and efficient operation.
If you’re having trouble efficiently and accurately keeping tabs on cyber systems in your OT environment, Industrial Defender would love to help! Read our OT asset management solution brief and contact us to learn more.
OT Asset Management for Critical Infrastructure: https://www.industrialdefender.com/solutions/ot-asset-management
This wouldn’t be a cybersecurity blog without mentioning Babu Frik. There are plenty of notable hackers throughout the Star Wars saga, and Babu Frik in The Rise of Skywalker might be the most beloved. He doesn’t quite fit the theme of asset inventory and management, but as our hacker hero, he deserves a highlight.
In their quest, Rey and her team discover a Sith dagger with inscriptions in the Sith language, essential for locating a Sith Wayfinder. Although C-3PO is programmed to translate many languages, including Sith, he is explicitly forbidden from translating Sith text—a safeguard against the dangers such knowledge could pose.
Faced with this obstacle, the group turns to Babu Frik, a skilled droidsmith renowned for his ability to hack and reprogram droids—a talent that extends beyond regular maintenance into the realms of the unorthodox or even the illicit. Babu Frik's expertise allows him to override the restrictions on C-3PO, enabling the translation of the Sith inscriptions.
The hacking process, however, is fraught with risk. It requires a temporary memory wipe of C-3PO, threatening to erase all his accumulated memories and reset him to his original factory settings, potentially erasing decades of friendships and experiences.
Despite the risks, Babu Frik successfully bypasses the programming safeguards. C-3PO translates the Sith text but, as predicted, loses his memory in the process. Fortunately, later in the film, R2-D2 manages to restore some of C-3PO’s memories from a backup, sparing some of his cherished recollections.
Taking C-3PO to Babu Frik illustrates a critical moment where the Resistance must weigh the costs of losing a friend’s memory against the necessity of progressing their mission to stop the Sith and save the galaxy. Babu's role not only underscores the hacking capabilities within the Star Wars universe but also highlights the emotional and ethical aspects of hacking for "good."
