WWhen I heard there was going to be a TV drama about cybersecurity, my first reaction was that it would be a bold attempt to try. Trying to get what we do on TV is notoriously difficult. There’s very little to see – just people typing on keyboards and staring at screens, with most of the action happening in their heads. I was pleasantly surprised by Peter Kosminsky’s Channel 4 series The Undeclared War (the second episode of which airs tonight). I checked out the whole thing over a weekend.
The cyber attack on Britain in episode one was all too believable. At first I thought they were going to be vague and melodramatic – “The internet is down!” – but the script went on to explain how the BT infrastructure, which drives a large chunk of web traffic in the UK, was taken offline. They stated that 55% of internet access had been lost and it was a wise timing to mount a disruptive attack rather than a catastrophic attack with falling planes. You can cause a lot of havoc by taking down any of these “Tier 1 Networks”. We’ve seen it happen by accident – last October Facebook managed to accidentally delete itself – so it’s entirely plausible that an attacker could do the same.
We’ve also seen it happen through design. In 2016, there was an attack on a company called Dyn, a domain name system (essentially the phone book for the internet) provider. Amazon, Netflix, gaming platforms, social networks and news agencies were paralyzed for half a day. In internet time, that’s eons. Two years ago, SolarWinds — a network management software used by all sorts of government agencies — was hacked. Someone cleverly installed a back door that went undetected for months. It appeared to be espionage, but instead of stealing data, it could have been used for something more disruptive.
Of course, the program is also randomly timed. An hour after invading Ukraine, Russia launched an offensive cyber action. A communications company called Viasat provides much of the internet connectivity in Ukraine. Russia managed to freeze it, so nothing worked. It has stopped people from getting online, which might not sound like much, but look at the younger generation who are tied to their smartphones. A squeak will sound if they lose WiFi for 10 seconds. Imagine no internet for 12 hours. That’s a pretty big disruption.
From the start, The Undeclared War visually represented the protagonist, Saara Parvin (Hannah Khalique-Brown), who was completing a digital capture-the-flag exercise. This illustrated her thought process beautifully. People who excel at cybersecurity are usually good at problem solving. At Bletchley Park, during the war, they printed cryptic puzzles in newspapers and recruited the people who could solve them the fastest.
When it came to the technological details, I was delighted to see characters using real tools. Analysts unpacked a malware using an IDA (Interactive Disassembler). The code you saw on the screen was real machine language, not gibberish. Saara found a second virus nested inside another — a bit like Russian dolls — which is a well-known technique. My own original discipline was steganography, the art of hiding things from view. It is mainly used for covert communications, but increasingly in malware as well. Make people look in one direction, then the payload suddenly goes off in an unexpected place.
We saw Saara exploit real vulnerabilities and breach a firewall, which was pretty authentic. That means putting the virus in a “sandbox,” which is what you do to test malicious software: load it onto an isolated computer. This malware came out by accident – but that too is becoming more and more common. Malware is now designed to recognize when it’s in a sandbox and find ways to escape. I can say that a lot more thought went into The Undeclared War than your average Bruce Willis “Bombs and Bullets” film.
I enjoyed the juxtaposition of what Ministers were asking for and what GCHQ recommended at the Cobra meeting. Politicians often suffer from “do-something-itis” – they want to be seen to act decisively. No one in our industry would think hacking back is a good idea as it leads to escalation. GCHQ reps – Danny Patrick (Simon Pegg) and David Neal (Alex Jennings) – rightly pointed out that tit-for-tat can go horribly wrong. If you’re not careful, a conflict in cyberspace can escalate into military retaliation. In fact, the Tallinn document says NATO reserves the right to react “kinetically” if it is the victim of a cyber attack of sufficient magnitude, that is, with rockets and bombs.
The drama also highlighted the big issue with retaliation. Cyber attacks allow for plausible denial, and attribution is incredibly difficult. People suspect it was the Russians, but no one knows for sure. If someone fires a rocket at you, you pretty much know where it came from. With cyberattacks, it’s hard to tell who wrote the code and where they were. It’s also easy to put false flags in there — for example, making it look North Korean, or timestamping files that match Moscow’s time zones. They need supplemental intelligence because the bits and pieces gleaned from electronic warfare data are not enough.
On the show, a renegade British hacker named Jolly Roger responds to the Russian attack by turning the lights on and off in Putin’s office. You get these vigilantes. There is a whole group on the Telegram chat app called the “Ukrainian IT Army” that is trying to launch attacks on Russian targets. Elsewhere in the show, GCHQ mentions taking control of Putin’s presidential jet. This is a hoax about cybersecurity adviser Chris Roberts, who told the FBI in 2015 that he hacked into planes and inspected a United Airlines flight. Don’t worry: you may be able to hack into the galley system or inflight entertainment system, but not the engine management or autopilot.
The GCHQ setting also feels very accurate. The old location consisted of many small individual offices with locked doors and a high degree of fragmentation. Ever since the Donut was built in 2003, it’s more like a university campus. Once through the doors there are open plan offices and cafes. The baristas serving the coffee have the same security clearance as you. I liked how Kosminsky showed people walking around in uniform because GCHQ also supports military operations. Some employees work in flak jackets or behind bulletproof glass – courageous people do important work. It’s refreshing how the drama shows GCHQ in a positive light. These people help us every day with little or no credit.
Of course there are little things. The meeting rooms of the cabinet offices are too dark and not shabby enough. There’s too much external connectivity inside the donut. These dramas always boil down to six people saving the world, when in reality there are a thousand doing the work. And getting Saara, an intern, to crack the code was a challenge. On the other hand, it’s surprising how often people find something in places no one else would have thought to look.
Some viewers have asked if Saara would get a permit given her partner is a climate change activist, but things have changed a lot. In the 21st century, GCHQ welcomes everyone. It’s not about “moral depravity” like when I started, but about whether you remain faithful. The process is trying to determine if you are hiding something. It doesn’t matter what your sex life entails or if you’ve ever used drugs, as long as you’re open and honest about it. If you hold back something that you could be blackmailed or coerced into doing, problems will arise.
Security today is staffed with people who wouldn’t have gotten in 30 years ago. In the Cold War era, we mostly looked at the Soviet Union, so a lot of the recruits were white, male, Russian-speaking public school boys. Now the threats are much more widespread. We worry about countries like China, Iran and North Korea. You need a diverse workforce to reflect the threats we face.
You can absolutely tell that Peter Kosminsky has been doing research for three years. I’d bet he was pretty cooperative as well because many of the scenarios, tools, and techniques matched my own experience. Kosminsky says everything he portrays either happened or was “war-driven” by security services, which I have good faith in. We have an organization called the Center for the Protection of National Infrastructure. Part of their job is identifying critical vulnerabilities – “What would be the implications if certain telecoms towers go down?”, “What if someone cuts the transatlantic data cables off the coast of Cornwall?” – and rehearsing what might happen.
We’re cautious about cybersecurity, but aside from a few elements added for dramatic effect, I’m very positive about the realism of the show. The security industry is like any other in that people drill holes in the technical details. Overall, however, The Undeclared War is very impressive. I would love to extend it for a second run. That could represent another rogue state — maybe North Korean ransomware, Chinese data-gathering, or something escalating from the Middle East. There’s definitely fodder for another series, to say the least.
As I said to Michael Hogan
Alan Woodward is a Computer scientist and guest professor at the Surrey Center for Cyber security. He has worked for the UK Government in the fields of signals intelligence and information security, as well as in business and science