Here’s How the Galactic Empire Fails at Cybersecurity in ‘Star Wars’

"Rogue One: A Star Wars Story" Actor Mads Mikkelsen Visits Walt Disney World Resort
LAKE BUENA VISTA, FL - DECEMBER 05: In this handout photo provided by Disney Parks, to celebrate the upcoming release of "Rogue One: A Star Wars Story," the iconic Spaceship Earth at Walt Disney World Resort transforms into the dreaded Death Star from Star Wars on December 5, 2016 in Lake Buena Vista, Florida. The spectacular moment included the announcement of new Star Wars experiences coming to Walt Disney World this month and throughout 2017. Mads Mikkelsen, who plays Galen Erso in "Rogue One," made a jump to hyperspace, arriving just in time for the special event. (Photo by Kent Phillips/Walt Disney Co. via Getty Images)
Kent Phillips—Walt Disney Co. via Getty Images

After rewatching the early Star Wars films in anticipation of the latest theatrical release, I have reached a conclusion: the Galactic Empire fails at cybersecurity. (Don’t worry; I haven’t seen Rogue One: A Star Wars Story yet, so no spoilers.)

Fran Brown, a managing partner at the cybersecurity firm Bishop Fox, tipped me off in a whimsical blog post on his company’s website. His assessment points out a glaring oversight in the architecture of the Death Star’s software environment. In his view, the ultimate destruction of the doomsday device is attributable to poor network segmentation. Yes, really.

Get Data Sheet, Fortune’s technology newsletter, where this essay originated.

Consider the design of the Death Star’s IT systems. R2-D2, the franchise’s inquisitive bleep-blooping droid, repeatedly connects to the weapon’s open and unsecured ports and gains unrestricted access to sensitive data and operations. The robot runs amok, gleaning critical information about the station’s technology and secrets, like how to kill a pesky tractor beam’s power generator or the whereabouts of certain political prisoners (i.e. Princess Leia). R2’s work eventually allows the band of rebels—the same ones that later blow up the Death Star—to escape.

There are no firewalls, no authorization requirements, no security policies to speak of. “Plug in,” Jedi master Obi-Wan Kenobi orders the wheeled hacker inside a control room in Episode IV: A New Hope, “we should be able to interpret the entire imperial network!” Emphasis mine.

For more on Star Wars, watch:

Either R2-D2 is the most sophisticated code-cracker in the galaxy, or the Empire failed to properly secure its computer network. Given how many organizations make similarly ruinous mistakes—look no further than Yahoo (YHOO), which this week revealed that it suffered the largest data breach on record—I will hazard a guess that ordinary carelessness is to blame.

In the words of another Jedi master: Do, or do not. There is no try.

Subscribe to Well Adjusted, our newsletter full of simple strategies to work smarter and live better, from the Fortune Well team. Sign up today.

Read More

Artificial IntelligenceCryptocurrencyMetaverseCybersecurityTech Forward