Oscar Wilde once said, "Life imitates art far more than art imitates life." Let’s hope that isn’t true when it comes to the Netflix series Zero Day, which has just started airing. This political thriller stars Robert De Niro and Angela Bassett, whose characters lead the investigation and response efforts after a devastating cyberattack causes massive casualties, chaos and hardship across the United States.
Hollywood Taps into Our Fears
While audiences often joke that Hollywood keeps recycling the same storylines, writers have no trouble tapping into the public’s deepest fears. Over the past decade, we’ve seen countless films and TV shows explore unsettling topics like pandemics, EMP attacks and the existential threat of AI. As humans, we fear things that we don’t fully understand but that could pose a threat. That is because uncertainty breeds fear.
It’s only natural, then, that cyberattacks have become the latest fodder for gripping on-screen dramas. Even if the average Netflix viewer isn’t familiar with the technical details of how cyberattacks are carried out, they’re acutely aware of their growing frequency and severity. Millions of Americans have had their data exposed in attacks, and while they may not fully understand what ransomware is, they know it isn’t good.
Security Strategist & VP of User Experience at Netwrix.
Could Such an Attack Really Happen?
While the critical reception of Zero Day remains to be seen, one thing is certain: viewers will debate the plausibility of the events unfolding on their screens. Could a devastating attack like that actually happen? It’s technically possible, but the risk is similar to the remote chance of a civilization-ending asteroid strike (a scenario that has itself inspired more than one movie).
Why? Well, while it is one thing to bring down the business operations of a single entity such as Colonial Pipeline, MGM Resorts or Halliburton, executing a coordinated attack on an entire nation's critical infrastructure is an entirely different challenge. There are multiple reasons:
1. A broadscale attack would require a vastly more complex and coordinated effort. Critical infrastructure organizations include everything from power plants to transportation networks to healthcare providers, and these sectors employ different security protocols, procedures and technologies. Therefore, it would be very difficult for attackers to develop a one-size-fits-all approach.
2. Unlike a single organization, national infrastructure is managed by a mix of public and private entities, making it harder to exploit a common vulnerability.
3. Many critical infrastructure systems have built-in redundancies and resilience measures to withstand localized failures or attacks, making it more difficult to cause widespread disruption.
Other Deterrents: Time, Scale and Retaliation
Let's consider possible initiators for such an attack. Today, only the largest cybercriminal groups may have the skills and resources for it. However, they are driven by financial gain. They would see no sense in investing their efforts with seemingly no future benefit while having dozens of proven methods to monetize their activities, from business email compromise to ransomware attacks.
Another possible threat actor, hacktivists driven by social or political agendas, may have enough motivation, but they have no resources for a large-scale coordinated effort spanning multiple years. The Netflix screenplay writers will surely come up with an unexpected twist in the plot, but in reality, it could only be a nation-state cyber operation.
Cyberattacking another nation’s civilian infrastructure is an assault on all its citizens. In today's digital world, such a move would be considered an act of war and spur an intense global manhunt for the perpetrators. While some nation-states eagerly perform espionage and reconnaissance campaigns, the stakes would be too high for any of them to risk the wrath of a superpower with a wealth of responses in their arsenal. The potential for escalation to conventional warfare serves as a powerful deterrent against any large-scale cyberattacks.
Reducing Risk Remains Imperative
Even though the odds of a devastating asteroid collision are remote, NASA still actively works to mitigate the risk through planetary defense initiatives. Similarly, even though a cyberattack like the one depicted in Zero Day is unrealistic, it’s essential for critical infrastructure organizations to continue bolstering their defense and response postures.
Fortunately, governments worldwide are not leaving these organizations to fend for themselves when it comes to cybersecurity. National-level critical infrastructure is now under continuous monitoring by government agencies and specialized security organizations to speed threat detection and response. In the U.S., the Cybersecurity and Infrastructure Security Agency (CISA) plays a key role in overseeing cybersecurity efforts and coordinating protections across both public and private sectors, helping to ensure that critical systems are fortified against evolving threats.
In addition, government agencies and critical infrastructure organizations have worked together to establish emergency response teams capable of quickly isolating and neutralizing widespread cyber threats.
The Bottom Line
Hollywood excels at creating TV shows and movies that explore “what if” scenarios, and cybersecurity is a natural topic to inspire writers today. There’s an old adage that “TV holds up a mirror to our society.” In the case of Zero Day, this is only partly true: The show does provide a solid representation of public fear around cyberattacks, but it does not accurately reflect the reality that such a devastating incident is actually highly improbable.
Learn more about cybersecurity with the best online cybersecurity courses.
This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
