WWhen I heard that there was going to be a cybersecurity TV drama, my first reaction was that it was brave to try. Trying to make what we do television is notoriously difficult. There’s very little to see – just people tapping keyboards and staring at screens, with most of the action going on in their heads. So I’m pleasantly surprised by Peter Kosminsky’s Channel 4 series The Undeclared War (the second episode of which airs tonight). I binge-watched everything in a weekend.
The cyber attack on the UK in episode one was all too believable. I initially thought they would be vague and melodramatic – “The internet is gone!” – but the script went on to explain how the BT infrastructure, which handles a huge chunk of web traffic in the UK, had been taken offline. They specified how 55% of internet access was lost and it was cleverly timed to be a disruptive attack, rather than a disastrous attack with planes falling from the sky. You can cause a lot of chaos by disabling one of these “Tier 1 networks”. We’ve seen it happen by accident – last October Facebook managed to erase itself by mistake – so it’s perfectly plausible that an attacker could do the same.
We have also seen it happen ‘by design’. In 2016, there was an attack on a company called Dyn, a provider of Domain Name System (essentially the phone book for the Internet). It took Amazon, Netflix, gaming platforms, social networks and news organizations half a day. In internet time, that’s eons. Two years ago, SolarWinds – network management software used by many government agencies – was hacked. Someone cleverly placed a back door, which went undetected for months. It seemed to be spying, but instead of stealing data, it could have been used for something more disruptive.
Of course, the program is also coincidentally timed. An hour after it invaded Ukraine, Russia took offensive cyber action. A communications company called Viasat provides much of the internet connectivity in Ukraine. Russia managed to freeze it, so nothing worked. It prevented people from going online, which may not seem like much, but look at the younger generation glued to their smartphones. A beep goes up when they lose 10 seconds of Wi-Fi. Imagine having no internet for 12 hours. That’s quite a glitch.
From its inception, The Undeclared War has represented protagonist Saara Parvin (Hannah Khalique-Brown) completing a digital Capture the Flag exercise. This beautifully portrayed her thinking process. People who excel in cybersecurity are usually good at solving problems. During the war at Bletchley Park, they printed cryptic puzzles in newspapers and recruited people who completed them the fastest.
Once it got to the tech core, I was excited to see characters using real tools. Analysts have extracted a piece of malware using an IDA (interactive disassembler). The code you saw on the screen was real machine language, rather than gobbledegook. Saara found a second virus nested inside another — a bit like Russian dolls — which is a well-known technique. My own original discipline was steganography, the art of hiding things in plain sight. It is mostly used for secret communication, but also increasingly in malware. Let people look in one direction, then the charge suddenly goes off somewhere unexpected.
We saw Saara exploit real vulnerabilities and break through a firewall, which was quite authentic. So putting the virus in a “sandbox” is what you do to test malicious software: load it on an isolated computer. Coincidentally, this piece of malware came out, but that is also becoming more common. Malware is now designed to recognize when it is in a sandbox and find ways to escape. I can tell there’s a lot more focus on The Undeclared War than your average “bombs and bullets” Bruce Willis movie.
I enjoyed the juxtaposition in the Cobra meeting between what the ministers demanded and what GCHQ advised. Politicians often suffer from “do-something-itis” – they want to be seen to take bold action. Nobody in our profession would think hacking back is a good idea, because it leads to escalation. The GCHQ representatives – Danny Patrick (Simon Pegg) and David Neal (Alex Jennings) – have rightly pointed out that tit-for-tat can go horribly wrong. If you’re not careful, a conflict in cyberspace can escalate into military retaliation. Indeed, NATO’s Tallinn document states that if the country is hit by a cyberattack of sufficient magnitude, it reserves the right to react ‘kinetically’, i.e. missiles and bombs.
The drama also highlighted the huge problem with retaliation. Cyber attacks allow for plausible deniability and attribution is incredibly difficult. People assume it was the Russians, but nobody knows for sure. If someone fires a missile at you, you’ll be pretty sure where it’s coming from. In cyber-attacks, it’s hard to tell who wrote the code and where they were. It’s also easy to put false flags there – make it look like North Korean, for example, or timestamp files that match Moscow’s time zones. You need additional information because the bits and pieces extracted from electronic warfare data are not enough.
In the show, an unhinged British hacker named Jolly Roger responds to the Russian attack by flicking the lights on and off in Putin’s office. You get these vigilantes. There is an entire group on the Telegram chat app called “the Ukrainian IT army”, which is trying to carry out attacks on Russian targets. At another point in the program, the GCHQ mentioned control of Putin’s presidential plane. That’s a joke about cybersecurity adviser Chris Roberts, who told the FBI in 2015 that he hacked into planes and piloted a United Airlines flight. Don’t worry, you may be able to hack into the galley system or the in-flight entertainment system, but not the engine management or autopilot.
The GCHQ setting also feels very accurate. The old site consisted of many small individual offices with closed doors and a high degree of compartmentalisation. Since “the Donut” was built in 2003, it has looked more like a college campus. Once you get through the doors, there are open offices and coffee shops. The baristas serving the coffee have the same security clearance as you. I approved of how Kosminsky shows people in uniform walking around because GCHQ also supports military operations. Some of the employees work in bulletproof vests or behind armored glass – brave people doing important work. It’s refreshing how the drama portrays GCHQ in a positive light. These people help defend us on a daily basis, with little or no credit.
There are problems, of course. The cabinet briefing rooms are too dark and not shabby enough. There is too much external connectivity from the donut. These dramas always boil down to six people saving the world, when in reality a thousand are doing the work. And getting Saara, a student on an internship, to crack the code was a chore. But again, it’s surprising how often people find something in places no one else thought they were looking for.
Some viewers wondered if Saara would be allowed to, as her partner is a climate activist, but a lot has changed. In the 21st century, GCHQ welcomes everyone. The questions are not about “moral disgrace,” as they were when I joined, but whether you will remain loyal. What the process is trying to determine is if you’re hiding something. It doesn’t matter what your sex life is or if you’ve ever used drugs, as long as you’re open and honest about it. If you’re withholding something that you could be blackmailed or coerced into, that’s where problems arise.
Security forces today are staffed with people who would not have entered 30 years ago. In the Cold War era, we mainly looked at the Soviet Union, so a lot of recruits were white, male, Russian-speaking public schoolboys. Now the threats are much more widespread. We worry about places like China, Iran and North Korea. You need diversity of employees to reflect the threats we face.
You can absolutely tell that Peter Kosminsky has been doing research for three years. I bet he also had quite a lot of collaboration as many scenarios, tools and techniques matched my own experience. Kosminsky says that everything he portrayed has either happened or has been “confused” by security forces, which I can very well believe. We have an organization called Center for the Protection of National Infrastructure. Part of their job is to identify critical points of failure – “What will be the impact if certain telecom towers are shut down?”, “What if someone cuts the transatlantic data cables off the coast of Cornwall?” – and practice what could happen.
We’re a cautious party on cybersecurity, but other than a few elements added for dramatic effect, I’m very positive about the show’s realism. The security industry is like any other in that people will poke holes in the technical details. All in all, The Undeclared War is very impressive. I would like to see it extended for a second time. That could be another rogue – perhaps ransomware from North Korea, Chinese data collection, or something escalating from the Middle East. There is certainly fodder for another series, so to speak.
As told to Michael Hogan
Alan Woodward is a computer scientist and visiting professor at the Surrey Center for Cyber Safety† He has worked for the UK Government in the field of signals intelligence and information security as well as in business and academia