Hacking the Popular Imaginary
Hacking the Popular Imaginary – How Fictitious Cyber Threats Affect the Cybersecurity Industry
An interview with Jason Haward-Grau, CISO at PAS, written by Paula Magal.
Coding enthusiasts and screenwriters have long criticized the way hackers are portrayed in cinema and television. But what do cybersecurity experts have to say? Is any of the speed-typing, heroic-villain kind of hacking realistic? And can this type of fiction, entertaining as it might be, have negative impacts on the cybersecurity industry? I take the questions to Jason Haward-Grau, who faces real-world cyber threats on a daily basis as the CISO at PAS:
What are some of your favourite movies or TV shows portraying cyber threats?
I’d start with Mr. Robot, then the golden oldie WarGames and finally Battlestar Galactica – the new version. (Though Weird Science deserves an honorable mention!)
What do you like about them? Are any of them realistic depictions of your industry?
For me the most realistic is Mr. Robot, as the creator accurately depicts the complexity and challenges of hacking. For pure popcorn fun, the Die Hard movies make me smile (as does Blackhat), as they depict scripting and dropping code ‘popping a firewall’ as surreally easy -hence movie magic. That being said, it only takes one exploit to create the situation we all fear…
What hacking scenes or cyber threats depicted in them did you find most memorable?
Mr. Robot’s scene in which they drop a malware-loaded USB stick in the car park is still one of the most realistic approaches to hacking, as it leverages code delivery with human interaction. The desire to ‘know what is on the stick’ is interesting, and the show also shows the defences at work, detecting the malware and attempting to contain it.
Also interesting is The Net, where Sandra Bullock’s character has her entire identity stolen – which, back in 1995, was considered fantastical. Now, identity theft is so common place it is considered routine…
Are some of these cyber threats possible in today’s world?
There is a truism that all things are possible with the ever increasing complexity and inter-operability of different systems. We’re seeing more and more connected attacks and more creative ways of doing them. Developing Denial of Service attacks and attempting brute forcing is ever present. However, developing an effective intrusion (with or without nation state or organized crime resources) is more time consuming – the goal is to get in undetected, and that requires time, patience and commitment.
That being said, the nature of connected systems is showing a Hollywood-like scenario (think Terminator, for example) where exploits like Wannacry and Notpetya exponentially extend out of the vector they were targeted towards. The challenge, as Michael Hayden said, is that “once drawn, you can’t really put the sword back in the scabbard” and this is something that we have to live with in our spy-versus-spy environment where everyone is focused on developing cyber capabilities.
How do you think these representations of cyber threats in popular culture might affect the cybersecurity industry? Do they perhaps discourage people from learning about cybersecurity because cyber threats seem too far-fetched and overly complex?
There is a lot of fear, uncertainty and doubt, which are exacerbated in the entertainment industry for ‘good cinema’ sake. This can be off-putting. I find myself often smiling at the speed at which a takedown happens in movies, which are depicted without due consideration of the defenses that are -or should be- in place.
Do cyber threats in popular culture help raise awareness to the vulnerabilities of the digital world and the importance of safe networks?
I do think the entertainment industry is promoting the conversation across generations. I am often asked, by people from a wide variety of age ranges: ‘can it really happen? Could this really impact me?’
The reality is that cyber-attacking is here to stay; simply because it is a cheap, tricky to attribute, effective and relatively low risk endeavor. We need to recognize it as part of the mainstream societal discourse and as something that is here to stay… And with the entertainment industry leveraging the bad side of attacks (think Geostorm for good measure!), it is always great to have a different type of villain – at least it lets the English actors do something else for a change!
Jason Haward-Grau is the CISO at PAS – the leading provider of software solutions for process safety, cyber security, and asset reliability to the Energy, Process and Power industries across the world. PAS is the official sponsor of CS4CA USA 2019, taking place in Houston this March 26th-27th. Catch up with them at the summit – a limited number of VIP complimentary passes are available for senior cybersecurity professionals! Contact our marketing team at email@example.com for the discount code and secure your place!