This weekend I ended up on an impromptu trip to Birmingham and decided to go to see the film Blackhat (Click here to see the official website). Admittedly, it was something rather of an atypical Hollywood blockbuster film – yet it had great insights into the changing perspectives of cybersecurity and its connections to wider security discourses. Most strikingly it had a classic lead in Chris Hemsworth as a convicted hacker who was released to help in a cross-border investigation into a severe hack against a Chinese nuclear power plant and a later one on financial corn exchanges. This pitted cooperation between the US and China on a single hacker – which I thought was a rather bold move. There is a scene in which the FBI discusses the difficult relationship on cybersecurity and the mistrust this exposes, which is returned to at several points during the film. I wish not to spoil the film any further so I will leave those of you who may wish to watch it can do so without me ruining it for you.
The film’s understanding of cybersecurity and general security discourses was particularly encouraging to see. There were definite attempts to engage with current perspectives on cybersecurity beyond a purely technical problem to one of tracing fragments of data and political decision-making. I would claim this demarcates a coming-of-age for cybersecurity in film that is welcome. It clearly had clear parallels with the Stuxnet malware that is thought to have targeted Iranian nuclear power plants in order to commit sabotage, which was comprehensively detailed in 2010. Although the execution of the attacks were somewhat unrealistic, I appreciate that creative license is required to entertain, so was a rather good attempt. The wider questions around attribution were a core theme of the film, in order to find the hacker which included tracing the clues that were left ‘behind’ through not only files, but also money transfers – demonstrating the complex interactions in ‘cyber-crime/terrorism’. This complexity of ‘older’ crimes such as fraud and its combination with cyber attacks demonstrate the physicality of ‘cyber’ and that these crimes may be committed solely through the means of data communications but have material impacts.
The use of 9/11 and wider terrorism discourses in ‘connecting the dots’ which the Department of Justice says was one of the core of elements of the US Patriot Act 2001, is of crucial importance to how cybersecurity is conceived in the public imagination. As Louise Amoore from Durham University states in her latest book, there is a crucial imaginary built upon code and how modelling into the future can ‘pre-empt’ events before they take place. Although this work primarily focuses on the movement of bodies and things, one can argue that cybersecurity discourses are far more (dis)connected. By this, I mean there are difficulties in humans perceiving the tangible effects of much action in cyberspace and yet we are constantly told that we are being increasingly interconnected. This binary is contradicted in Blackhat where the lead female US FBI agent as a ‘human’ body of affects and emotions combines her husband’s death in the 9/11 attacks to preventing further attacks by the hacker. The hacks of the exchange, not only purely lead to monetary values being manipulated, but expose the highly-connected nature where variables in one place can change an entire market and the lives that depend on this. The interesting connotation that the connection of dots, or fragments of the hacker (as a dividualised expression of pseudonym), will prevent further attacks is therefore an interesting imaginary that is formed. I believe this grows out of what was dreamt in the Patriot Act and subsequent actions by the US Government to be able to foresee through data the low probability, high risk event. Therefore the (dis)connection of cybersecurity is intermingling with former security discourses, determining that precision calculation can prevent attacks but admitting that there are tangible effects of a hack. Hence a prevention of attacks in ‘cyberspace’ mean we are directly affected as Blackhat shows, eroding dualisms of physical/cyber. This is something new in this film that I have not seen and lets the inherent complexities of cybersecurity to emerge; folding cyber, physical spaces, humans, politics, materials, code and so on into it.
So, how does the infusion of security discourse of 9/11 and cybersecurity fit together? Here are three examples:
- First, there is a simple problem of attribution (look to Thomas Rid for some of his work on this at King’s College London). This ‘problem’ correlates concerns of terrorism entering through the US border – with increases in airport security and the use of Passenger Name Records (PNRs) as examples of the increased use of data in order for dots to be connected. Therefore, among all the possible options to identify who is suspicious at the ‘border’ compares well here to detecting the malicious hacker.
- Second, the international nature of hacking and their sometimes confused objectives. The Blackhat hacker’s motives are constantly questioned within the film and with the networked nature of movements across state spaces, places it in ‘conventional’ terrorist networks within this post-9/11 imaginary. If we think back to Al-Qaeda and other Islamist extremists, then this confused nature of an unknown assailant is clear.
- Third, the insider. Since the Summer 2005 London bombings, and the recent concern with those returning from Syria who have gone to assist the Islamic State (IS) in Europe, the insider is a dominant schizophrenic problem in security discourses post-9/11. Edward Snowden is the example du jour for cybersecurity – who to trust. Blackhat‘s main character is one whose trust is questioned by the FBI and details how there is now greater scrutiny of those ‘within’ security discourses. The distinctions of ‘inside/outside’ for states have now become problematic and now a core theme in broader security discourses.
To end this post – I believe the critical point to take away is the enveloping of cybersecurity into wider security discourses as it enters the popular imagination. Therefore we can no longer see cybersecurity as solely a technical ‘problem’ but one interconnected in wider security discourses and is being used so, such as with the recent Sony hack where its interests became one of US national security. It is about connecting the dots.