Cybersecurity is a highly complex topic from the theoretical and technical point of view, something only experts can really understand in depth. At the same time, however, it is also a topic that we’re all familiar with, because it is very popular in movies, TV series, and we read about it in novels and comics.
With the help of a Cybersecurity expert, Luca Viganò, Professor at King’s College London and published playwright, we try to understand how good or bad the representation of Cybersecurity in pop culture is. Is what we see realistic? Are those cyberattacks (and the cyber-attackers) accurately portrayed? Can they really happen?
From Jurassic Park to Mr. Robot, Prof. Viganò gives some examples of good and bad representations of Cybersecurity, and also explains why they are so.
Hackers are often portrayed as superheroes
“Quite often, the reality of Cybersecurity is not faithfully represented in movies and novels,” says Viganò – “but understandably so: being technical would likely be boring.” For the sake of narrative choices, hackers or Cybersecurity experts are often presented almost as superheroes who can crack a password or break into a protected system within seconds of tapping on their phone or laptop. This can’t be farther from the truth: to settle the matter once and for all, Viganò says that “it’s easier to be struck by lightning than to crack a secured system within a minute!”
This misrepresentation of what is possible within the realm of cybersecurity is based on the ignorance that the public has with respect to cybersecurity issues. Who can verify if what we are shown is realistic or not? And when it borders into science fiction, does it really matter? In recent years, however, some movies and even more so some tv series have actually presented cyber-stories in a more accurate way.
It is the case of Mr. Robot, aired for the first time in 2015. The protagonist of the series is a Cybersecurity engineer and hacker with social disorders like anxiety and depression. He is recruited by a community of hacktivists with the aim to destroy all debt records. “The types of attacks that we see in Mr. Robot could actually happen in reality” says Viganò.
Other cases are the movies of the Millennium series like The girl with the dragon tattoo and The girl who played with fire, inspired by the novels by Swedish author Stieg Larsson. The female lead of the series is Lisbeth Salander, a computer hacker who goes by the name of Wasp. Thanks to her computer skills, Salander is able to expose men who abuse women, while collaborating with journalist Mikael Blomkvist. “From the viewpoint of Cybersecurity, Salander’s actions are quite realistic,” Viganò reassures us. However, it is worth noting that once again a highly skilled hacker is given a traumatic past and an introverted and asocial personality, as if being excellent at computer hacking would require one form or another of mental disorder.
Good movie, bad cybersecurity
“A bad representation of Cybersecurity actually comes from a movie that I love very much,” says Viganò. It is the iconic Jurassic Park by Steven Spielberg. At the end of the movie, the protagonists (two archaeologists and two children) are hiding in a lab to avoid being eaten by the raptors that escaped their cages due to a malfunctioning of the electronically controlled security systems on the island. It is a sequence loaded with anxiety as everything is happening very fast. While the adults try to keep the raptors outside the lab door, the young girl spots a computer and by the look on her face we understand she knows this type of operating system – we had learned earlier on in the movie that she is a bit of a computer geek. She browses through the operating system and after a few failed attempts, she manages to restore the security system in the Park. “For narrative reasons, it is necessary that the young girl solves the problem in a matter of seconds, but in reality, it is not believable,” says Viganò.
However, this is a good movie according to Viganò. It is useful to observe, indeed, that an unrealistic representation of Cybersecurity in a movie does not mean that the movie is bad. The reality of Cybersecurity is an instrumental accessory to the narration, which remains based on a solid script, timing, actors’ performance, and editing.
New technology, new risks
Along with the fast-paced technological advancement in our society come new risks and new threats. In particular, in cybercrime and cyberterrorism. The advent of domotics (smart homes), self-driving cars, Internet of Things, means that we are going to be immersed in an ever “smarter” and “connected” environment. This will expose us to new risks, only some of which we can imagine today. Attacks on water plants, deactivating traffic lights in a busy street, or cutting an entire city’s electric supply: these are attacks we can imagine, although they may not have happened in reality yet. What about attacks we have not thought of yet?
“Brilliant minds in Cybersecurity are focusing exactly on this problem: how to imagine new possible problems, and how to design a technology that prevents those attacks from happening,” explains Viganò. What makes us particularly vulnerable is that we, the future users of home assistants, smart light bulbs in our house, etc., are not Cybersecurity experts. We may be exposed to risks that we are not even aware of. This may cause a sense of fear towards a more technological future, and a mistrust towards technology in general. “Our role as Cybersecurity experts,” continues Viganò “is that of explaining the benefits and the risks of the new technologies, and keep the users involved in a good communication loop.” There is no need to fear the future of technology, as it will bring immense advantages for society and especially citizens with special needs. And by being aware of the risks, we will help mitigate possible risks for individuals and the collective society.