The Preparis Blog

Preparation Is Not An Accident

‹ GO BACK
Posted on January 5, 2016 by

Darth Vader Needed a Business Continuity Program to Save the Death Star

As a huge Star Wars fan, I can’t wait to see The Force Awakens.   In anticipation of the big event, I re-watched the three first Star Wars films from 30+ years ago.  In the first film, A New Hope, the Galactic Empire built the Death Star to rule the galaxy.  The size of a small planet, it was impenetrable.  It could move, it could blow up planets, and it had a protective force field.  The defining moment in the movie was when Luke Skywalker, piloting a small X-wing fighter, blew up the entire Death Star with one shot.  If Darth Vader and the Imperial Army had performed the following business continuity steps, the Death Star would still be ruling the galaxy.  Likewise, if you follow these steps, you can protect your company from any business disruption.

Vulnerability assessment

Understanding what could shut down/destroy the Death Star is an important first step in building a best-in-class business continuity program.  A vulnerability assessment answers the question, “If someone wanted to shut us down, how could they do it?”  Clearly, the Imperial Army did not conduct a vulnerability assessment.  If they had, they would have determined that a single shot delivered down an air shaft could completely destroy the Death Star.  They would have determined that someone (like Obi Wan Kenobi) could have turned off their tractor beam by simply sneaking in and pulling down a couple of levers.  If Darth Vader had known these things were even possible, he would have implemented protective measures to prevent this risk.  But, like a lot of leaders, Darth Vader believed “The Death Star can never be destroyed!”  Or, put another way, “This will never happen to us.”  Sound familiar?

Have a business continuity plan

A business continuity plan documents availability objectives, requirements, strategies, resource requirements, and procedures necessary to recover critical business and technology operations.  Darth Vader was clearly calling the shots from the hip during the rebel attack.  If he had well thought out, easily accessible plans in his body computer (or iPhone), he could have pulled them up quickly and scrolled through checklists in real time on how to recover from the event.   The Death Star’s business continuity plan should have covered things like clear roles and responsibilities, recovery requirements by time period for each business function, alternative work space, and documented the key technologies and suppliers required for restoring operations.

Conduct a table top exercise

Vader should have conducted a table top exercise with leadership to practice responding to different crisis events based on the plans created.  A table top exercise brings leadership together to run through a mock disaster and forces them to make decisions quickly based on how the incident unfolds.  For example, how many TIE fighters would we need to respond to an attack? What are the roles and responsibilities for leadership and what alternate locations could everyone go to if the Death Star became inoperable or incapacitated? Table tops create muscle memory – “We’ve been here before, we’ve practiced, and we know exactly what to do.”

Perform a Security Assessment & Penetration Test  

Back to what Obi Wan Kenobi pulled off.  He snuck into the Death Star and was able to disable the tractor beam technology by pulling down a couple of levers.  There were no locks, no two-factor authentications, and no biometrics.  By disabling the tractor beam, the plans for the Death Star made it into rebel hands, and well, you know what happened next.  Think about your organization’s sensitive information and what a hacker or outsider could do if they had it.  A security assessment and penetration test will find operational security weaknesses and vulnerabilities within external and internal computer systems.   Vader also should have performed a social engineering test by sending a phishing email to determine who would respond to emails with malicious links or requests for information.  I’ll bet even Grand Moff Tarkin would have clicked an email link with the subject line, “Spring Break Pics From Tatooine.”

Culture 

The Death Star, like most businesses, must recognize that a disruption can occur at a moment’s notice and without any warning.  For organizations to quickly mobilize and take action, it must be ingrained into the culture with updated plans, roles, practicing, and vulnerabilities known in advance.  Let employees (or Storm Troopers) know regularly about the things you have in place to protect their lives and their business.  While total galactic domination or simply hitting your organization sales numbers may be core to your mission, so too should be resiliency in the face of completely unexpected events.

Whether you favor The Dark Side or The Rebellion, Darth Vader clearly could have done much more as a leader to keep the Death Star operational.

If you implement these five things, the force will be with you always.

About Armistead Whitney

As CEO, Armistead leads the strategic direction for Preparis with a passion for implementing innovative sales, marketing and partnership models in industries ripe for change. He has over 20 years of experience leading software, web services and digital media companies at organizations including iXL, Sekani and Nexedia which includes raising over $50 million in venture capital and a successful IPO. He was inspired to start Preparis following his experiences in New York City during 9/11 where he saw firsthand the inability for companies to protect their people, operations, revenue and brand during a crisis event. Armistead holds a B.A. in Broadcast Journalism from the University of Georgia and has been featured in numerous media outlets including CNN, ABC News, NBC, The Wall Street Journal, New York Times, and USA Today and is a frequent speaker at industry conferences around the world.

Business Continuity Resources

Find business continuity resources, including free webinars, whitepapers, checklists, and tabletop exercises. Visit: Preparis Resources