My initial thought upon learning that a television drama on cybersecurity was in the works was that it was a daring thing to attempt. Making what we do into televisual content is notoriously challenging. There isn’t much to see; all you can see are people staring at screens and tapping on keyboards, with most of the action taking place within their brains. The Undeclared War on Channel 4 by Peter Kosminsky has thus delightfully surprised me (whose second episode airs tonight). I watched it all in a single weekend binge.
Episode 1’s cyberattack on the UK was all too plausible. The script went on to explain how the BT infrastructure, which does operate a significant amount of web traffic in the UK, had been taken offline. At first, I thought they were going to be vague and histrionic – “The internet’s gone down!” They described how the attack, which was skillfully timed to be disruptive rather than a catastrophic one with planes falling out of the sky, had resulted in the loss of 55 percent of web access. Any of these “Tier 1 networks” can be taken down without much trouble. Given that Facebook accidentally deleted itself in October, it is very conceivable that an attacker could pull off the same feat.
We have also witnessed it occur on purpose. An attack was launched against Dyn, a supplier of the Domain Name System, or “phonebook of the internet,” in 2016. For half a day, it brought down websites including Amazon, Netflix, gaming platforms, social networks, and news organizations. That’s an eternity in internet time. Network management software called SolarWinds, which is utilized by numerous government agencies, was breached two years ago. Someone installed a backdoor ingeniously, and it went unnoticed for months. Although it seemed like espionage, the data may have been utilized for more disruptive purposes than simply stealing information.
Of course, the timing of the program is also fortunate. Russia started its offensive cyber assault an hour after it invaded Ukraine. Many of Ukraine’s internet connections are provided by a communications corporation named Viasat. Russia was able to freeze it, rendering it useless. It may not seem like much, but consider how engrossed the younger generation is with their iPhones. It stopped people from getting online. If they lose wifi for 10 seconds, there is a screech. Consider a 12-hour period without internet. That is a significant interruption.
The Undeclared War opened with the main character Saara Parvin (Hannah Khalique-Brown) successfully completing a virtual Capture the Flag game. This was a wonderful depiction of her mental process. Cybersecurity experts frequently have strong problem-solving skills. Newspapers would run cryptic riddles during the war, and Bletchley Park would hire those who solved them the quickest.
I was thrilled to see characters using actual tools until it got down to the technical details. Using an IDA, analysts disassembled a piece of malware (interactive disassembler). Instead of being nonsense, the code you saw on the screen was actually machine language. Saara discovered a second virus that was nestled inside of another, using a well-known approach somewhat akin to Russian dolls. My original field of study was steganography, the art of concealing objects from view. Although malware is increasingly using it as well, covert communications still dominate its use. Make people turn their heads in one way before the payload unexpectedly explodes in an unexpected location.
Saara demonstrated how to breach a firewall using real security flaws, which was remarkably authentic. The virus was also tested by loading it into a computer in a “sandbox,” which is how you test malicious software. Unfortunately, this piece of malware was able to spread, but that is also happening more frequently. Today’s malware is made to recognize when it is inside a sandbox and find ways to get out. The Undeclared War clearly represents far more thought than your typical Bruce Willis “bombs and bullets” film.
I found it interesting how the ministers’ demands and GCHQ’s recommendations were put side by side during the Cobra meeting. Politicians frequently experience “do-something-itis”; they want to appear to be acting decisively. Hacking back is never a good idea in our line of work because it only leads to more conflict. Danny Patrick (Simon Pegg) and David Neal (Alex Jennings), the GCHQ representatives, accurately noted that tit-for-tat can go catastrophically wrong. An online conflict could turn into military reprisal if you’re not careful. In fact, according to NATO’s Tallinn document, the organization reserves the ability to retaliate “kinetically,” which is code for using missiles and bombs, if a significant enough cyberattack is launched against it.
The story also brought to light the serious issue of retaliation. Attacks carried out online allow for believable denial, and attribution is extremely challenging. Nobody is certain, although there is speculation that it was the Russians. You know exactly where a missile is coming from if it is launched at you. It can be difficult to determine who created the code and where they were in the cyberattacks. It is very simple to include fake flags there; for example, make it appear North Korean or timestamp files to match Moscow timezones. The bits and pieces acquired from electronic warfare data are insufficient, thus you need auxiliary intelligence.
The show depicts a malicious British hacker named Jolly Roger making Putin’s office lights blink on and off in response to the Russian attack. These vigilantes are real. The “Ukrainian IT army” is a large group on the messaging app Telegram that tries to launch attacks against Russian targets. Another time in the program, GCHQ makes mention of hijacking Putin’s jumbo jet. That’s a joke about cybersecurity expert Chris Roberts, who admitted to hacking into airplanes and taking control of a United Airlines flight to the FBI in 2015. You might be able to get into the in-flight entertainment system or the galley system, but not the engine management or the autopilot, so don’t worry.
How the drama portrays GCHQ in a favorable light is refreshing. THESE PEOPLE CONTINUALLY ASSIST IN OUR DEFENSE.
The GCHQ setting seems really precise as well. The previous location was very compartmentalized and had many small, independent offices with locking doors. Since “the Doughnut” was constructed in 2003, it resembles a college campus more. Open-plan workplaces and coffee cafes are available once you pass through the doors. You share the same level of security clearance as the baristas serving the coffee. Kosminsky’s depiction of individuals in uniform moving about was acceptable to me because GCHQ does support military activities. Some employees perform crucial work while wearing flak jackets or behind armored glass. The drama’s good portrayal of GCHQ is welcome. These people provide ongoing defense of us while receiving little to no recognition.
There are issues, of course. The briefing rooms at the cabinet office are not dingy enough and are too gloomy. There is too much connectivity to the outside world from the Doughnut. The world is always saved by six people in these dramas, while in reality, it takes a thousand. It was also unrealistic to expect Saara, a student on placement, to decipher the code. On the other hand, it’s amazing how frequently people discover things in locations where no one else thought to look.
Given that Saara’s partner is an environmental activist, several people have questioned whether she would receive approval, but a lot has changed. In the twenty-first century, GCHQ welcomes everyone. When I joined, the inquiries were about “moral turpitude,” but now they are about your loyalty. The procedure seeks to determine whether you are concealing something. It doesn’t matter what kind of sex you have or whether you’ve used drugs in the past as long as you’re upfront and honest about it. Problems emerge if you withhold information that could be used to blackmail or exert pressure on you.
Today’s security services are staffed with individuals who would not have been let in thirty years ago. A shocking number of recruits during the cold war era were white, male, Russian-speaking public schoolboys because we were primarily focused on the Soviet Union at the time. Threats are much more pervasive now. Countries like China, Iran, and North Korea are causing us concern. To accurately reflect the threats we are facing, your personnel must be diverse.
Peter Kosminsky’s three years of research are clearly visible. He must have had a lot of help because many of the scenarios, resources, and methods he used aligned with my own knowledge. I can certainly trust Kosminsky when he claims that what he described has either occurred or been a “war game” conducted by security agencies. The Center for the Protection of National Infrastructure is one of our organizations. Identifying important sites of failure and practicing what can happen is part of their job. For example, “What will the impact be if specific telecom towers are taken out?” and “What if someone cut through the transatlantic data cables off the coast of Cornwall?”
We’re a conservative bunch in cybersecurity, but other than a few things that were inserted for dramatic effect, I have a strong feeling that the show is realistic. People will find flaws in the technical details, just like in any other sector. The Undeclared War, though, is really striking as a whole. I sincerely hope it gets a second season. That might represent another rogue state, like North Korea, China, or something coming out of the Middle East, like ransomware. Put another way, there is undoubtedly material for another season.
informed Michael Hogan
Computer scientist and adjunct professor Alan Woodward works at the Surrey Centre for Cyber Security. He has worked in business and academics as well as for the UK government’s signals intelligence and information security.