James Bond spends most of his time during Skyfall fighting a cyber terrorist. The latest James Bond flick might be unrealistic, but it reminds us that losing data, especially to hackers, can be a very bad thing.
James Bond has always leaned on his gadgets for an edge in fighting off villains. The latest movie is no different. Skyfall has its share of high-tech gadgets: a palm-print reader; a radio transmitter that reveals Bond's location when pressed; plus a classic Bond car, the Aston Martin DB5. But for the most part, James Bond, played by actor Daniel Craig, does not depend on typical 007 devices like exploding pens or jet packs. Instead, the conflict in Skyfall centers on computer hacking, and how sensitive data in the wrong hands can put lives at risk.
Of course, the hacking in Skyfall is a James Bond version of hacking -- not realistic. "Skyfall's depiction of hacking was a lot like Star Trek's depiction of space travel -- a lot of jargon used in a way that has no meaning whatsoever," said Raphael Mudge, founder of Strategic Cyber.
From the movie trailer you don't get the impression that hacking is critical to the plot, but it is:
Spoiler alert: The movie begins with Bond trying to find a missing hard drive, which has encrypted information about agents. He's soon fighting the guy who has the hard drive on top of a fast-moving train.
M, the head of the British Secret Intelligence Service, is put in a vulnerable situation, knowing lives are at risk if the data is released. M makes the decision to allow a sharpshooter to take down the bad guy to hasten recovery of the hard drive. Bond is shot instead, and disappears for some time. When he sees that headquarters are under a cyber attack, he returns to duty in London.
To fight off the threat of cyberwar and security loopholes, Bond depends on human intelligence -- mainly Q, the quartermaster, who is a computer hacking genius. In introducing himself to Bond, Q quips, "I can do more damage on my laptop, sitting in my pajamas, before my first cup of Earl Grey than you can do in a year in the field. Every now and then a trigger has to be pulled."
Later in the film, the information from the hard drive is released on YouTube and several agents are assassinated.
The concept of "security by obscurity" even comes up in the film. It's well known in the security field that protecting a system this way doesn't actually work. Computer experts explain why on Quora.
Perhaps Skyfall was inspired by the Stuxnet virus, which was created by the U.S. and Israel to spy on Iran's nuclear enrichment facilities. The virus was discovered in June 2010, and it spreads through Microsoft Windows and can affect Siemens equipment. The Wall Street Journal reports that Stuxnet also infected Chevron's network.
The villain Raoul Silva, played by Javier Bardem, is a cyber terrorist. Many have made the connection that Bond is fighting a Julian Assange-inspired character. The cyber terrorist Silva sends messages on the computer screen telling M to, "Think on your sins."
In reality, penetrating a corporation would look more like what Mudge demonstrated to me during BlackHat and Defcon. Skyfall does remind us, though, that losing data could cause serious damage if that information falls into the wrong hands and that connecting devices to a network can compromise the system.
In all, Skyfall provided a few hours of entertainment. And although not very realistic, it did allude to the war we are currently fighting -- cyberwar. There was no mention of Bond bringing his own smart phone or tablet to the office, but maybe that's a good thing. BYOD might have introduced even more vulnerabilities into the network.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.