The UK cyber attack in the first episode was very believable. At first I thought they would be vague and melodramatic – “The Internet is down!” – but the script went on to explain how the BT infrastructure, which runs a huge chunk of the UK’s internet traffic, had been taken offline. They determined how 55% of web access had been lost, and it was cleverly timed to be a disruption attack, rather than a devastating attack with planes falling from the sky. You can cause a lot of chaos by removing any of these “layer 1 networks”. We’ve seen it happen by accident – last October, Facebook managed to delete itself by accident – so it’s entirely plausible that an attacker could do the same. Of course, the program is also randomly timed. An hour after its invasion of Ukraine, Russia launched a cyber offensive. A comms company called Viasat provides much of the Internet connectivity in Ukraine. Russia managed to freeze it, so nothing worked. It stopped people from going online, which may not sound like much, but look at the younger generation glued to their smartphones. If they lose wifi for 10 seconds, a squeal goes up. Imagine no internet for 12 hours. This is a very big upset. From the beginning, The Undeclared War visually represented protagonist Saara Parvin (Hannah Khalique-Brown) completing a digital Capture the Flag exercise. This illustrated her thought process beautifully. People who excel at cyber security tend to be good at solving problems. At Bletchley Park during the war, they printed cryptic puzzles in newspapers and recruited people who completed them the fastest. You might be able to hack an airplane’s cooking system or in-flight entertainment, but not the autopilot Once it got to technological perfection, I was happy to see characters using real tools. Analysts unpacked a piece of malware using an IDA (interactive disassembler). The code you saw on the screen was real machine language, not gobbledegook. Saara found a second virus nested inside another – a bit like Russian dolls – which is a well-known technique. My own original discipline was steganography, the art of hiding things in plain sight. Mainly used for covert communications, but increasingly in malware. Get people looking in one direction, then suddenly the payload drops somewhere unexpected. We saw Saara exploit real vulnerabilities and crack a firewall, which was pretty authentic. So was sandboxing the virus, which is what you do to test malware: load it onto an isolated computer. As it happened, that piece of malware disappeared – but it’s also increasingly common. Malware is now designed to recognize when it is in a sandbox and find ways to escape. I can tell that a lot more thought has been put into Unforgettable War than your average Bruce Willis ‘bombs and bullets’ movie. I enjoyed the juxtaposition at the Cobra meeting between what ministers asked for and what GCHQ advised. Politicians often suffer from ‘do something’ – they want to be seen to take decisive action. No one in our trade would think that hacking back is a good idea, because it leads to escalation. GCHQ representatives – Danny Patrick (Simon Pegg) and David Neill (Alex Jennings) – rightly point out that the standoff can go very wrong. If you’re not careful, a cyber conflict can escalate into military retaliation. Indeed, NATO’s Tallinn document says that if it receives a cyberattack of sufficient magnitude, it reserves the right to respond “kinetically,” meaning missiles and bombs. “If you’re not careful, a cyber conflict can escalate into military retaliation” … Andrew (Adrian Lester), Saara, John and Danny (Simon Pegg). Photo: Channel 4 The drama also highlighted the huge problem with retaliation. Cyber attacks allow for plausible deniability and performance is incredibly difficult. People assume it was the Russians, but no one knows for sure. If someone fires a missile at you, you know exactly where it came from. With cyber attacks, it’s hard to tell who wrote the code and where it was. It’s also easy to put fake flags in there – make it look like North Korean, say, or timestamp files to match Moscow time zones. You need auxiliary intelligence because the pieces gleaned from electronic warfare data are not enough. In the show, a rogue British hacker named Jolly Roger responds to the Russian attack by making the lights in Putin’s office go on and off. You have these vigilantes. There is an entire group on the Telegram chat app called “the Ukrainian IT Army” that is trying to carry out attacks against Russian targets. Elsewhere in the programme, GCHQ reports controlling Putin’s presidential jet. This is a joke with cybersecurity consultant Chris Roberts, who told the FBI in 2015 that he had hacked planes and was controlling a United Airlines flight. Don’t worry: you might be able to hack the cooking system or the in-flight entertainment system, but not the engine management or the autopilot. It’s refreshing how the drama shows GCHQ in a positive light. These people help defend us on a daily basis The GCHQ setting is also very accurate. The old space included many small individual offices with locked doors and a high degree of compartmentalization. Since “The Doughnut” was built in 2003, it feels more like a college campus. As soon as you walk through the doors, there are open offices and coffee shops. The baristas serving the coffee have the same security clearance as you. I approved of the way Kosminsky shows people in uniform walking because GCHQ also supports military operations. Some employees work in jackets or behind tempered glass – brave people doing important work. It’s refreshing how the drama shows GCHQ in a positive light. These people help defend us on a daily basis, with little or no credit. There are stings, of course. The Cabinet Office briefing rooms are too dark and not shabby enough. There is too much external connectivity through Donut. These dramas always end up with six people saving the world, when in reality a thousand are doing the job. And having Saara, a placement student, crack the code was difficult. Again, it’s amazing how often people find something in places no one else thought to look. Some viewers wondered if Sarah would be taking time off, considering her partner is a climate change activist, but things have changed a lot. In the 21st century, GCHQ welcomes anyone and everyone. The questions are not about “moral turpitude” as it was when I joined, but whether you will remain loyal. What the process is trying to determine is whether you are hiding something. It doesn’t matter what your sex life involves or if you’ve ever taken drugs, as long as you’re open and honest about it. If you hold something back that you could be blackmailed or coerced into, that’s when problems arise. The security services today are staffed with people who would not have been in there 30 years ago. In the Cold War era, we looked primarily at the Soviet Union, so many recruits were white, male, Russian-speaking public school students. Now the threats are much more widespread. We worry about places like China, Iran and North Korea. You need a variety of staff to reflect the threats we face. You can absolutely tell that Peter Kosminsky did three years of research. I’ll bet it’s had quite a bit of collaboration too, because a lot of scenarios, tools, and techniques mesh with my own experience. Kosminski says that everything he depicted either happened or was “war-gamed” by the security services, which I can well believe. We have an organization called the Center to Protect the National Infrastructure. Part of their job is to identify critical points of failure – “What would be the impact if some telecoms towers were taken down?”, “What would happen if someone cut the transatlantic data cables off the coast of Cornwall?” – and rehearse what might happen. We are very careful about cyber security, but aside from a few elements added for dramatic effect, I feel very positive about the realism of the series. The security industry is just like any other in that people will pick holes in the technical details. Overall, though, The Undeclared War is very impressive. I would love for it to be renewed for a second series. This could depict another rogue state – perhaps ransomware from North Korea, Chinese data collection, or something escalating from the Middle East. There’s definitely fodder for another series, let’s put it that way. As he told Michael Hogan Alan Woodward is a computer scientist and visiting professor at the Surrey Center for Cyber Security. He has…
