‘A hacker could turn off the lights in Putin’s office’
Far-fetched? No. TV’s new cyber-attack drama ‘The Undeclared War’ is frighteningly realistic, a former GCHQ chief tells Chris Harvey
In the first episode of Channel 4’s new drama The Undeclared War, Russia launches a major cyber attack on Britain. Set at intelligence agency GCHQ, the series follows the UK’s attempts to respond to a severely worsening threat: one that could drag the country into war.
The internet goes down, cash machines stop working, flights are grounded and the railways are put out of action.
“In terms of the attack scenarios, those are all eminently plausible,” Sir David Omand, the former GCHQ director, tells me via video call from a book-lined study. “All of the threats that are portrayed against the UK and its democratic system are real. They’re all technically doable.”
Sir David’s 2020 book, How Spies Think: Ten Lessons in Intelligence, imagined a similar scenario. The title of the new drama, by Bafta-winning writer-director Peter Kosminsky, suggests that we may already be in a state of war: does Sir David believe that? No, he says, but “we’ve probably been in an undeclared state of conflict”.
I wonder if it’s possible that Kosminsky – and the West in general – may have overestimated Russia’s offensive capabilities? Although Putin’s cyber troops have just carried out a wave of attacks against Norway, knocking out public and private websites, Russia’s attempts to cripple Ukraine’s infrastructure after its invasion in February seemed to be repelled. “I wouldn’t immediately jump to that conclusion,” Sir David says. “The Americans and the commercial cyber security companies had all been piling in, and, I don’t know, but I’m sure GCHQ would have been helping as well. So they were ready for that kind of attack.”
That doesn’t mean, he says, that there are not “military-grade cyber attacks sitting on a server somewhere inside Moscow or St Petersburg” waiting to be launched. They may even have been considered, as the extent of the West’s involvement became clear.
“It’s a complicated thing to unravel. It may very well be that Putin took the view: ‘Do I really want to broaden this by launching military-grade attacks against Western infrastructure?’ He probably thought not.”
We move on to the way GCHQ is depicted. Sir David, who has watched the whole series, is quick to register the fact that there has been a “simplification for dramatic purposes”, beginning with setting the drama inside the doughnut-shaped Cheltenham HQ. “What they show is GCHQ inside the Doughnut, doing all this hacking and counter-hacking. In fact, there is a part of GCHQ, the National Cyber Security Centre (NCSC), based in a smart office block in Victoria that’s filled with analysts.”
The teams dealing with such a major incident would also be much larger, he notes, and there would be much more to-and-fro between GCHQ and
‘All the scenarios in the series are eminently plausible’
government departments. He can understand why Kosminsky has written it like that, although he notes: “Where is the National Security Adviser – the Prime Minister’s principal adviser on national security?”
What, then, of the central plank of the plot, in which student placement Saara (Hannah Khalique-Brown), is allowed to look at the malware that has brought down the UK’s infrastructure? “Well, it’s set in 2024… that’s a step I think the organisation has still to take,” he says drily. “It is unreal to imagine that a student would actually get so close to the front line.”
Would an employee get clearance if their boyfriend or girlfriend was a climate activist (as is the case in the drama)? “Um, yeah. It would have to be examined pretty carefully. In all vetting, one of the first things you ask is: ‘Is there a partner?’ But you’d have to be satisfied that there was no foreign connection.”
Code analysis can be a “much more grinding process” than seen in the drama, he says, but he expresses admiration for the visual device Kosminsky uses to convey the problem-solving abilities of both Saara and her fellow student placement, mathematician Gabriel (Alfie Friedman). “That ability, which you see beautifully portrayed in both characters, to hold a problem in your mind and visualise it. A lot of the people that are really, really good at this kind of work have that ‘eidetic memory’. So I thought that was actually quite realistic.”
When he joined GCHQ in 1969, he says, the final interview board included Hugh Alexander, Alan
Turing’s boss who had been the head of Hut Six at Bletchley Park. “He remembered every chess game he’d ever played,” recalls.
“The bit that I thought was, in a sense, most true to life, was the people: their agility, their virtuosity, very high levels of technical skill, very diverse, both in the autism spectrum and in the gender spectrum. So that felt like today’s GCHQ.”
Sir David would make a wonderful model for any dramatist; his easy charm seems at odds with the image one might have of someone who has been so high-ranking in British intelligence. I mention his own oft-quoted line from the Today programme in 2013 about the special relationship between GCHQ and the National Security Agency (NSA): “We have the brains. They have the money. It’s a collaboration that’s worked very well.” “That was a joke,” he says. “The history of cryptography shows that hat some of the NSA cryptographers have really been spectacularly good.”
What about the hostile questioning oning of Simon Pegg’s GCHQ head of operations by a minister at a Cobra ra meeting? “It’s usually a little more re polite. But that’s perfectly plausible. ble. Cobra, by the way, doesn’t look like ike a Cold War dungeon. It even has wallpaper.”
Pegg’s Danny Patrick warns against the danger of escalation in n responding tit-for-tat, as he is pressed to provide an offensive response. A director may indeed have to be robust when cabinet members are calling for retaliation, on, Sir David notes.
At the beginning of the drama, we see GCHQ running a stress test on n BT’s internet servers, to see if they can break into them. Again, Sir David attests to the accuracy of the dramatisation – “it’s called ‘pen testing’, penetration testing,” he says, and it is done all the time “to test credit cards… the security of financial systems, that sort of thing”.
Kosminsky also introduces a rogue British hacker, Jolly Roger, who delivers a personal response to the Russian attack by making the lights in Putin’s office flash on and off. Sir David acknowledges that individuals like this, perhaps operating under a collective banner such as Anonymous, are “serious players”. But he says messing with the lights in Putin’s office is exactly the sort of prank GCHQ would not approve of. “What you’d be trying to do is degrade the capability of the people who are actively working against you. But just annoying your opponent would only cause them to redouble redo their efforts. So that’s the sort of thing th that a hacker group might do, because beca they can. But just because you can do it, doesn’t mean it’s wise to do it.”
Finally, Fi I ask him about Mark Rylance’s Ryla character, a survivor from earlier earl years, whose parents worked at Bletchley. Blet He arrives in episode two – is he true to life? “I thought it was a very entertaining cameo. I don’t know whether whe Mark Rylance based his character char on talking to any of these retired retir old staff, he may have done. There The were certainly some old
eccentrics!” ecc