The upcoming Netflix show Zero Day paints a dramatic picture of a disastrous cyberattack on the United States, with severe infrastructural damage and thousands of casualties. Although the show has not been released yet, it has already raised an important question: Could such a catastrophic event happen in real life?
Ilia Sotnikov, Security Strategist at Netwrix, explains why we can all enjoy the series, while those in charge of national critical infrastructure must continue their work to keep such a prolonged nationwide cybersecurity disaster improbable:
Nations around the globe have suffered attacks on their critical infrastructure in the past few years. Cyberattacks such as the ransomware attack on Colonial Pipeline have led to short-lived regional disruptions, and state-sponsored advanced persistent threat (APT) groups have tried to establish a foothold in various environments, from government agencies to telecom providers.
Nevertheless, a devastating attack like the one in Zero Day is unrealistic in today’s world. There are three key reasons:
•Increasing security oversight for critical infrastructure — Critical infrastructure organizations like power plants, transportation networks and healthcare providers are not left to fend for themselves when it comes to cybersecurity. Governments around the world not only enact strict regulations but provide resources to help organizations adhere to them. In the US, the Cybersecurity and Infrastructure Agency (CISA) facilitates cybersecurity oversight across critical infrastructure and coordinates implementation efforts across the public and private sectors. In addition, national security and intelligence agencies keep their eyes on potential harmful activity that could impact critical infrastructure. This constant monitoring and collaboration reduce the likelihood of a successful attack on multiple critical systems simultaneously.
•Operational and technical complexity — While a particular organization may be vulnerable to adversaries, executing a coordinated attack on a nation’s entire critical infrastructure requires overcoming significant technical and operational hurdles. Adversaries would have to establish persistence in multiple diverse environments, learn how each of them operates, and determine how to cause the most destruction and chaos. Then they would need to weaponize their presence in each environment by gaining access to the most impactful systems and controls. Such an operation would require not only gaining extremely high levels of access across multiple technology stacks in multiple highly secured environments but also being able to maintain it for a long time without raising any alarms. Realistically, this is a military-grade operation that very few nation-states have the means and motivation to contemplate, let alone hacker groups who will realize no financial gain from their efforts.
•Global monitoring and diplomacy — Intelligence services around the world are collecting information about other nation-states, whether they see them as hostile, competitive or even friendly; it’s a part of international politics. However, conducting a cyberoperation against another nation’s civilian infrastructure is a different thing altogether. Even if the incursion is limited to infiltration “only as preparation,” it’s akin to massing a huge invasion force at the border — an act that demands a response. In the modern world, the stakes are way too high for any nation-state to undertake such an attack, knowing that it will inevitably be seen as an act of war.
Still, risk management formulas always consider not just the probability of an adverse event but the severity of its impact. Even if an event is extremely unlikely, if the impact is completely unacceptable, then the organization or government must prepare for the scenario. That’s exactly the case with the risk of a coordinated cyberattack on a nation’s critical infrastructure — however unlikely such an event is, it is not impossible, so it’s essential to take steps to reduce the probability down as close to zero as possible. As we have seen, the government, the intelligence community and critical infrastructure organizations are already doing exactly that.
In short, while successful cyberattacks have damaged critical infrastructure on a modest scale in recent years, there is little risk of a doomsday event like the one in Netflix’s Zero Day. So sit back, relax and enjoy the show.
Ad
Join over 500,000 cybersecurity professionals in our LinkedIn group “Information Security Community”!