Post Incident Security Audit Report
To: The Supreme Commander of the Imperial Forces Lord Vader, Vader Castle, Planet Mustafar
CC: Management of Imperial Security Services Ltd
Audit Timeframe: One week after a long time ago
Auditors: Alyne Audit Services - Manuel Reil, Matthias Danner, Sri Hari Raju Penmatsa, Karl Viertel
Overall significant and entirely avoidable security weaknesses were identified in the areas of backup management, authentication processes, access de-provisioning and employee background checks, leading to a breach of highly classified information and threatening the lasting peace Imperial forces are seeking to bring to the galaxy.
1. Severe Finding: Backup Management
During the audit we identified severe issues with backup and archiving processes. Highly critical information is stored on individual storage media in one central location and with no encryption. There is no apparent redundancy of data storage and one single point of failure in the citadel on planet Scarif. This weakness allowed terrorists to gain access to and transmit highly sensitive information to their terror cell.
Recommendation: Move to a distributed and highly redundant storage solution with strong encryption. Access should be provided on a highly restrictive need to know basis with mandatory two factor authentication. Consider "Cloud Storage" offered by Lando Calrissian on Bespin.
2. Severe Finding: Authentication Processes
Access through the Scarif Shield Gate into highly restricted airspace is granted through a shared secret across all Imperial spacecraft. The shared secret is not updated regularly and cannot be revoked from specific devices - a common IoT risk. This enabled a known stolen vessel piloted by an Imperial defector to pass through the gate, which consequently provided the terror cell access to the citadel.
Recommendation: Implement device / spacecraft specific access control and require two factor based authentication from the crew before allowing ships to pass through the Shield Gate.
3. Major Finding: De-provisioning Access
While related to finding 2, we would like to call out a major flaw in de-provisioning processes separately. The defection of the shuttle pilot Bodhi Rook was known to top management, yet access to key Imperial systems and spacecraft registered to this pilot were not immediately revoked. This weakness aided the security breach to Scarif airspace.
Recommendation: Implement a central identity management system to allow the immediate revocation of access and permissions linked to a specific identity upon someone "leaving" the Empire.
4. Major Finding: Employee Background Checks
Employee background checks on Galen Erso, a scientist with highest security clearances, were unsuccessful in identifying his true loyalties or sufficiently maintaining surveillance over his daughter and her radicalisation. As many incidents in this galaxy have proven, daddy issues are at the core of all political events between the so called rebel terrorists and the Empire.
Recommendation: Setup a stringent background checking process for high risk resources. Invest more into intelligence gathering rather than relying on security through poorly trained storm troopers.
5. Medium Finding: No guard rails
Many Imperial facilities feature free-standing platforms with no guard rails preventing people from plummeting to their death in the deep abyss below. Based on files received from Imperial human resources, dozens of employees lost their lives in the "rogue one" incident alone by falling or being pushed off one of the multiple platforms.
Recommendation: Define a health and safety policy, add guard rails to all dangerous platforms and implement a mandatory health and safety training educating the imperial workforce on workplace safety.
Image Credit: https://www.flickr.com/photos/muskar/