One would suspect that many of you reading this, and Infosecurity Magazine in general, are devotees of procedural dramas. One would also suspect that the CSI programs were of particular interest. Mea culpa from the author here.
But as well as being consistently entertaining and informative about forensic science since it began around fifteen years ago, CSI has also been constantly innovative and has evolved. Just like the security industry in general you could argue. And the similarities do not end there. The latest evolutionary stage of the franchise which has racked up audiences of millions across the world for CBS has taken CSI from out of its beginnings in the Las Vegas Crime Lab to the manic streets of New York and the pastel shades of Miami to the world of computing and cyber-crime.
As William Peterson and Jorja Fox headed off into the sunset, literally, to bring down the curtain on the original, Patricia Arquette has now strode on with purpose center stage, to the driving and appropriate strains of The Who’s See For Miles (which has replaced Who Are You as the theme tune of the new CSI Cyber.)
The series has just debuted in the UK on Channel 5. Both the fact that it has launched and where it is available are highly significant. As its name suggest, the station is the UK’s fifth largest national terrestrial broadcaster and was the subject of a recent acquisition by Viacom. Offering CSI in its incarnations has been central for Channel 5 to hit the mainstream, dogged since its launch in the mid-1990s as having a reputation for the low-brow, something not helped by one of its leading founding executives outlining its content strategy of appealing to the three Fs.
Fast forward to today and the key message is this: a huge media firm which offers household-name stations - such as MTV and Comedy Central - is showing a drama based on a subject matter that the franchise owners and writers believe is 100% relevant to mass audiences, not of niche appeal .
Moreover in thefirst episode shown, this mass audience was treated to an hour’s worth of drama where the murderer attempted to cover his tracks by using a phishing attack on a controversial online taxi service. (Whatever could have inspired that idea?). The concept of a phishing attack – using a rouge router no less – was spelled out for the non-cognoscenti but the script also included an unexplained reference/shout out to the black hat community, probably the first in the annals of mainstream TV drama in the UK.
But looking around drama, especially that emanating from the US, CSI Cyber would appear to be in good company. The dramatic impetus of new season of award-winning drama Homeland featured a fanciful and successful - and stated out loud - brute-force attack by hackers on the fictional CIA station in Berlin. UK viewers will also get to see soon the series Mr Robot featuring an Edward Snowdon-like character righting wrongs from his computer.
It’s tempting to think 'so what if cyber-crime and Infosecurity is on mainstream TV'? What does that mean for the industry? In the most broad and blunt of contexts, it may appear at first galncenot a lot – don’t bank on CSI Cyber drawing the same audiences as Downtown Abbey any time soon. But here’s what it could do. By cyber-crime being an intrinsic part of the mainstream it breaks the fourth wall as they say in TV and theatre, dragging it out of the techie niche and into people’s living rooms and most importantly boardrooms. A vital step as part of the much-needed program of continuous and widespread education about security in general.
At the recent (ISC) 2 security conference, Oracle’s EMEA director of security Georg Freundorfer told a packed gathering of security professionals that the industry had to look at the wider community outside of their organizations. “Most companies are not set up to deal with the threats of the future, he insisted,” We need to change the mindset in society as well as change the mindset in companies. In security we think that we are special – we are not compared with the other lines of business. We need to bring security into the reconnaissance mindset of management. It's a long-time job but we need to step outside of our silo and explain what the threats are and then the risk to management.”
And even if it’s unlikely, as the them to CSI Miami reminds us, we won’t get fooled again, having cyber-security on mainstream, terrestrial TV every Tuesday at 9pm is going to help this job considerably.