The State of IT Automation: New Pressures Invite New Opportunities Read Report

Part 2 | Top 6 Cybersecurity Movies: Where They Got Incident Response Right [and Wrong!]

Part 2 | Top 6 Cybersecurity Movies: Where They Got Incident Response Right [and Wrong!]
August 24, 2017 • Resolve Staffer

Part 1 of this article weighed in on some of Hollywood’s foremost hacker movies and delved into where truth and fiction diverged on the silver screen. To get caught up, click here.

moviegoers watching cyberattack movie

Hacking cybersecurity movies are popular, but are they true to life?

Now, here are movies 3-6 on our list, as well as insights into where real-world security incident response (SIR) could scale the cyberattacks.

(2001) Swordfish: Wrong!

The premise. An undercover counter-terrorist unit needs money to help finance their war against global terrorism but it’s inaccessible, so the team blackmails an ex-con hacker to infiltrate. It’s a superlative fictionalization of programming and hacking.

Where Swordfish got it wrong. In the movie, Hugh Jackman singlehandedly hacks a large bank system with zero opposition. In fact, IR to security breaches:

  • Are top priority activating immediate response
  • Sometimes lead to shutting servers down, and that’s OK. “Some downtime is inevitable for good security hygiene,” one article details. A SOC team “sees this downed server as secure because no one can access it.”

Still, according to State of Cybersecurity 2017 report, less than half of corporations polled were confident their teams were well able to handle anything slightly beyond simple cyber incidents.

The career of a programmer or security analyst is not as steely and intimidating as Wolverine in front of a 7-screen multi-display. The job is quiet, often monotonous and redundant. For the skilled, the intrigue comes in innovating solutions. Which is why Resolve Systems delivers technology that automates the superfluous and repetitive tasks.

As mentioned in our previous article, “other innovative tech positions are sexy on paper but orchestrating systems that identify and mitigate an ever-evolving plethora of attacks is more of the awkward turtle on the IoT superhighway.”

Read more: Rethinking Cybersecurity: The $80K Job With Few Applicants

Where Swordfish got it right. Cybercrime code names have been notoriously punchy and illustrative with innuendo. The name Swordfish, had it been real, could’ve hung in the hall of infamy with real life cyberattack code names: Night Dragon, Nitro Zeus and Byzantine Hades, for example.

(2007) Live Free or Die Hard: Got it right, by and large

The Premise. John McClane and a young hacker pair up to take down a ruthless cyber terrorist plotting a massive cyberattack that would full-stop financial markets, traffic lights, and other computer-controlled infrastructure across the United States.

Where Live Free or Die Hard got it wrong. Those in the cyber industry can attest the movie is rife with eye-rolling computer clichés: rapid-fire and heavy-handed typing to indicate hacking is taking place, no use of a computer mouse or spacebar, tracing complete in milliseconds, etc.

Where Live Free or Die Hard got it right.

An article in the Sydney Morning Herald detailed the legitimate security threats illustrated in the film.

“The threat from hackers is real,” explains Eugene Kaspersky, CEO of Kaspersky Labs. He warns infrastructure authorities have to build cybersecurity controls at every level of the infrastructure to narrow their exposure to large-scale attacks.

Read more: Who left the door open? How big-name websites are self-sabotaging cybersecurity

In fact, there were at least two such large-scale control supervisory control and data acquisition (SCADA) cyber attacks in modern history:

  • The Stuxnet worm infiltrated Windows desktops inside nuclear facilities in Iran until it found systems running Step-7, which manages SCADA PLCs that control industrial process lines. Experts say Stuxnet then grant itself root access and reconfigured select SCADA systems
  • A 2000 incident brought SCADA sabotage to the U.S. when cyberattacks were instigated by a disgruntled SCADA contractor. He used only a laptop and radio transmitter to flood parks, rivers, and a hotel with more than 211,000 gallons of raw sewage

(2008) Untraceable: Hollywood hyped, but otherwise right and points to a bigger, global problem

The premise. An FBI agent is trailing a—seemingly undetectable—serial killer who posts live feeds online of his victims.

Where Untraceable got it wrong. The movie doesn’t hesitate to play up the stereotypical Sec Ops pro trilling across the keyboard with ultrasonic speed to decode cyber criminals ruses.

Though the movie seems geared toward techies, some subject matter experts contend, “the writers and technical consultant … don’t know how a DNS system works and how you can get a domain shut down.”

Where Untraceable got it right. That technical consultant is Former FBI Special Agent Ernest E.J. Hilbert, who was also the director of cybersecurity enforcement at

He was brought on to review the screenplay.

“When they wrote the script and started shooting the film it probably did take at least one week—and maybe in some cases two weeks—to get a domain name blacklisted if it was based in the U.S. Nowadays it could take as little as 24 hours depending on the context and so on.

“Does that make this story any less plausible? No. Take out the fact that it uses a domain name and instead the information that is being shared is through a series of IP addresses that pop up. And those IP addresses are just mirrors of the original IP address. I can blacklist an IP address or at least black hole it—if it is in the U.S. But if it is international, it’s not the same rules.”

Where SOC can safeguard

For all the movies provide in entertainment, the common thread of truth is that cyberattacks are imminent and shapeshifting to be more insidious and more lethal at the institutional and personal levels.

SOC teams are in place to defend against these dangers but they can’t do it alone. Programming is not as glamorous as the movie stars and flashing lights make it seem—but the same hacker intelligence that exists can also be leveraged and delegated to full, partial, or human-guided automation.

To learn more about the latest trends in SIR and automation, register for the upcoming Incident Resolution Summit in Chicago, this September 20, 2017. Executives and thought leaders in Security, IT Ops and NOC meet globally to share the most up-to-date best practices in enterprise-wide incident response. To RSVP, click here.

Incident Resolution Summit

RSVP for the Resolution Summit, held in Chicago September 20, 2017

Since 2008, Resolve Systems has stood as the vanguard for comprehensive enterprise-wide incident response and automation solutions: first for IT Operations, then service desk and Network Operations; now most recently, an award-winning IR resource for Security Operations as well.

For details on what Resolve can achieve for Security Operations teams, read about WannaCry | Resolve Launches WanaCryptor Detection and Triage Playbook.


About the Author, Resolve Staffer:

This post was written by one of the awesome contributors on the Resolve team.

Recommended Reads

How Telcos Can Rein in 5G Challenges with AIOPs and IT Process Automation

How Telcos Can Rein in 5G Challenges with AIOPs and IT Process Automation

Learn more about the top 3 challenges and how to overcome them.

The Rise of the Cognitive NOC and the Role of IT Process Automation

The Rise of the Cognitive NOC and the Role of IT Process Automation

Find out how the Cognitive NOC has become the driving force in network management.

What Is the Network Operations Center (NOC): A Brief Overview

What Is the Network Operations Center (NOC): A Brief Overview

How to make your NOC performance reach its full potential.