The iconic world of James Bond has finally caught up with cyber security. The latest James Bond film "Skyfall," suggests that intelligence officers will have had to work hard to adapt to a world in which information is everywhere and torrents of secrets can be stolen in seconds. “Skyfall” can also be seen as a stark lesson in the dangers of weak IT security – something which applies almost universally to the realms of government, business and industry.
In "Skyfall" the British Secret Intelligence Service – better known as MI6 - battles to prevent the identities of its agents seeping out onto the Internet. The Chief of MI6 – known as “M” and played by once more by Judi Dench - finds herself under scrutiny for her weak understanding of the world of cyber security. “Skyfall” is an epic illustration of what has become know as one of “Naughton’s Laws”. Invented by John Naughton, the law proposes that the more senior the cabinet minister, government official, corporate executive or judge – the weaker their understanding of the Internet will be.
The new James Bond film also evokes the world after “Stuxnet” – the cyber-attack on Iran’s nuclear progamme in 2009. Computer experts around the world have watched two countries – which shall remain nameless – design a reconnaissance virus that first of all sniffed out Iran’s control systems for its nuclear centrifuges. “Stuxnet” then delivered a payload of two different viruses that caused the centrifuges to spin out of control - while continuing to feed false data that suggested everything in the plant was normal.
Stuxnet leapt across “air-gapped” computer systems that were not connected to the Internet. The conclusion that most observers have come to is that even good IT security is not good enough. Sensitive sites now need a mixture of human, analog and digital systems to protect their most precious secrets. The optimum model is layered system used to defend nuclear power stations from cyber attack. The final defence is what we might call “heritage theme park security” – a person in a donkey-jacket who pulls levers and turns wheels.
Cyber security – the business of GCHQ, Britain’s largest intelligence agency and also its National Technical Authority makes its very first appearance in a Bond film with the release of “Skyfall” in October 2012. While MI6 has enjoyed extensive exposure on the big screen courtesy of the Bond franchise and MI5 (the Security Service) has been widely publicised by the BBC drama “Spooks”, the sort of work done by GCHQ has hitherto seen only a little of the limelight. The last feature film to focus on subjects associated with GCHQ was “The Whistleblower” - a film made in 1984 starring Michael Cain.
Down the years, James Bond has fought shy of maths, codes and cryptography, despite their importance to the world of spying. We have to go back to 1957 and Ian Fleming’s novel “From Russia with Love” to find any hint of this subject. In “From Russia with Love” much of the plot revolves around the efforts of MI6 to persuade a Russian to defect with a highly secret “Spektor” cipher machine.
Turned into an iconic film with Sean Connery a few years later, it featured the first appearance of the villain Blofeld with his Persian cat and the first appearance by "Q". Most importantly. the plot alludes Ian Fleming’s own wartime service with Naval Intelligence when the Allies sought to capture Enigma machines - together with their code books - from German ships and submarines. Fleming’s story of a stolen cipher machine hinted at the Bletchley Park secret - something that would not emerge into the public domain until the 1970s.