The Undeclared War: What TV drama can tell us about real-life cyber crises

The Undeclared War is a new show from the UK’s Channel 4, looking at how GCHQ reacts to a Nation-State cyberattack. But how close to reality does the show remain?

Hackers, spies, and cyber security good guys have long awaited a TV show that accurately represents the hacking community.

The opening of the show saw a stress test go wrong at BT and the UK’s cyber-spy headquarters GCHQ react. Stress tests are routinely held for all companies, and as you can imagine take a lot of planning and management for a business as large and critical as BT.

Various senior stakeholders are made aware of what will happen in case anything goes wrong with extra people waiting in the wings to jump on board to support. But how was this shown in The Undeclared War?

Often, Hollywoodisms take over with cliches and over-dramatizations instead of the reality of how teams actually respond to a threat.

Thankfully, the first episode of Channel 4’s new show remained fairly close to reality. Below are three ways the show depicted cyber teams reacting to a cyber threat – and how close or far from reality they got it.

1. Experience before age – true

The protagonist of the show is Saara, a young female hacker on work experience at GCHQ. When the attack happens, she gets to work supporting much older, experienced cyber experts.

Those older counterparts fail to take her seriously, suggesting her idea of checking a library file would be a fruitless activity. She ignores them and in trusting her gut discovers a second hidden bug, which could have been fatal if not found before it was activated.

In reality, this is partially true. We’ve all seen younger workers ignored when trying to point things out to their senior leaders.

However, in cybersecurity ‘young blood’ is seen as essential in finding and identifying attacks. Fresh talent is always brought into organizations because fresh eyes have a knack for seeing things differently.

Cyber is a race against cybercriminals, and only by thinking outside of the box can we keep up with the new tools and tactics bad actors employ. This is the same for many IT-related decisions, which HR professionals need to work on such as hiring, onboarding, reviews, and training programs.

2. Sharing with the US – (mostly) true

Once the attack is identified, an operative from US intelligence agency the National Security Agency (NSA), wades into the GCHQ office demanding access to the entire malware code. Her approach – bolshy and cagey – is relatively accurate, as is the team’s response: “You need approval from the boss”.

What is more Hollywood than reality is how quickly and easily that authorization came.

In reality, that boss is managing a huge team of experts trying to isolate and reverse engineer a piece of malware to identify who made it and why.

Sharing that code with the NSA would not be a top priority over ensuring the safety of the business being attacked – particularly if it’s a company like BT responsible for critical national infrastructure.

Authorizing the sharing of the code would happen, but not as immediately as the show purports. Many of us have seen similar situations at work when progress is stalled due to delayed authorization from senior leadership.

3. Reacting without authority – Hollywood

In response to the attack against BT, the Prime Minister on the show almost declares war on Russia with absolutely no proof that the malware code originated from the Russian government. This would never happen.

As with any crisis management process, retaliations cannot be approved without first understanding where the attack came from and why.

The idea the UK government would immediately respond by turning the lights off in Putin’s office is farcical. You wouldn’t launch a cruise missile in an enemy’s direction without being 100% sure they attacked first.

It’s career suicide, not to mention the impact it would have on the country. Serious decisions require serious discussion and analysis. The best response should minimize an event, not blow it up to gastronomical sizes.

Overall, The Undeclared War stayed relatively close to reality in depicting GCHQ’s response during a stress test and the resulting cyber attack on BT.

When it comes to cybersecurity, in particular, preparing for the worst is the only route any security leader and management team should take.