OT Infrastructure Spotted in the Star Wars Universe

Jori VanAntwerp

CEO and Founder at EmberOT || Web

For over two decades, Jori has enabled industrial and IT organizations to be successful in reducing risk, increasing compliance, and improving their overall security efforts. He has had the pleasure of working with companies such as Gravwell, Dragos, CrowdStrike, FireEye, McAfee, and is now CEO & Founder at EmberOT, a cybersecurity startup focused on making security a reality for critical infrastructure.

There’s a Venn diagram of Star Wars fans and operational technology (OT) geeks. I am a proud member of the middle section in which the two demographics overlap.🤓 To prepare for May the Fourth, my wife and I recently rewatched Star Wars: Episode IV – A New Hope. All the films in the original Star Wars trilogy have been somewhat of a “wooby” for me.

Every time I rewatch these movies, I discover new layers of meaning and unique lessons I can apply to both my life and my career.

OT Infrastructure in Star Wars

This time around I honed in on the scenes and systems within Episode IV that can be considered part of the Stars Wars universe’s OT infrastructure. From the moisture farm on Tatooine to the garbage compactor on the Death Star, and even the Death Star itself… so many of these moments included elements of operational technology!

I was amazed by the multitude of examples I found in this episode alone. And not only were there tons of OT systems, but for all their fictional existence, they offered plenty of real-life lessons in OT security. Naturally, I’m throwing in a few memes for good measure.

Moisture Farming Ain’t Easy

Toward the beginning of the film, we’re introduced to our hero, Luke Skywalker (well, not my personal favorite hero, but we’ll get to that later).

His journey has just begun, and it is destined to be packed with non-stop action, peril, and excitement.

Luke helps his aunt and uncle on their moisture farm in Tatooine, which includes a number of prime operational technology examples. The farm includes devices called vaporators, which extract moisture from the air.

Droids can connect to a vaporator and act as a sort of human-machine interface (HMI). Some of the higher-end vaporator models even included computers to help adjust ionization and refrigeration.

Since the farms produce water, which is vital for survival on the desert planet, the moisture farm can easily be classified as part of the universe’s critical infrastructure.

💡 Security Lesson / Connection – Visibility into the moisture farm’s systems and processes is extremely important. Indeed, this is why Uncle Owen and Aunt Beru need a droid like C-3PO — it can interface with the vaporators in their native binary language. Not only is visibility important, but for the moisture farm to remain viable, its operators — Uncle Owen and Aunt Beru — must be empowered to make key decisions and maintain a degree of direct control.

My favorite hero in the Star Wars universe is R2-D2, so I especially enjoy the trash compactor scene in Episode IV as its when he really gets a chance to shine (no pun intended).

While many Star Wars fans hotly debate the efficiency of the Death Star’s garbage compactor, it remains a great example of operational technology (even if it isn’t the most efficient example). The scene offers a glimpse into a number of processes and connected systems. Our heroes escape the detention center through the garbage chute, wrestle the vicious Dianoga (who would have been compacted anyway? 🤷), and then face certain death from the closing walls of the compactor.

Enter R2-D2, the ethical hacker (with a brief social engineering assist from C-3PO)! R2-D2 hacks into the Death Star’s system in order to SHUT DOWN ALL THE GARBAGE MASHERS ON THE DETENTION LEVEL. Once again, the droids have saved the day.

💡 Security Lesson / Connection – This scene illustrates why physical security alone is not enough and why the need for comprehensive security measures exists. An entire level of operation was completely shut down due to hacking and infiltration, albeit by our white hat hacker hero R2-D2. The architect of this garbage compactor has some serious explainin’ to do.

Vital Technology with a Single Point of Failure

One of the most iconic OT infrastructures in the Star Wars universe is the Death Star itself. The Death Star is no moon – it’s a massive, planet-sized battle station that the Galactic Empire uses to exert control over the galaxy.

In addition to the garbage compactor, the Death Star appears to be equipped with a variety of other OT systems, including a superlaser, tractor beams, and energy shields. These systems allow the Death Star to destroy planets, capture ships, and defend itself against attack.

The Death Star is a marvel of engineering and science fiction… with a critical vulnerability in its thermal exhaust port.

💡 Security Lesson / Connection – Monitor your infrastructure for critical vulnerabilities and maintain physical security at all times. In the Star Wars universe, the Death Star was the ultimate symbol of power for the Galactic Empire. So it’s pretty embarrassing that the Death Star’s downfall came from a critical weakness in its physical design (though in later films we discover the vulnerability was purposefully architected via insider threat — so still the result of a security breach).

The small exhaust port that led directly to the station’s reactor was ultimately exploited by the Rebel Alliance, leading to the Death Star’s destruction. This scene highlights the importance of physical security measures in protecting critical infrastructure. Adequate barriers, surveillance, and access control are essential to prevent unauthorized access and potential sabotage.

OT Infrastructure is the Force that Surrounds Us

Rewatching Episode IV through an OT infrastructure lens was both entertaining and enlightening. It was another reminder that no matter where you are or what you’re doing, chances are something nearby is running on or impacted by operational technology.

In addition to the examples above, Episode IV offers many additional security connections and lessons today’s operators should take note of, including:

• Get visibility into your systems
• Protect and fight for your operators (RIP Uncle Owen and Aunt Beru)
• Implement comprehensive security measures
• Understand risks and remediate vulnerabilities
• Maintain physical security
• Beware of force-wielding wizards.

P.S. – While it’s more focused on the IT side of the house, if you enjoy reading about the intersection between Star Wars and cybersecurity, check out Threats: What Every Engineer Should Learn from Star Wars by Adam Shostack.

And to all the OT Jedi out there, May the Fourth Be With You!

~Jori 🤘🔥