A COBRA strikes: How does Sky One’s portrayal of a nation state attack compare to reality?

The second season of Sky One’s political thriller ‘COBRA’ is out on screens, with Robert Carlyle portraying a Prime Minister dealing with a large-scale, and well-timed, nation state cyber attack on the UK’s critical national infrastructure (CNI)

Whether you have watched the series or not (Spoiler alert: details of the plot may follow!), it’s no surprise TV writers landed on this storyline. It’s a credible scenario which mirrors what’s  happening in the real world on a daily basis. Every day, the UK is defending itself against cyberattacks on critical infrastructure which are accelerating both in frequency and success. We’re not alone in this challenge, either: cyber warfare is now a common feature in most countries’ arsenals, as nations around the world repeatedly take to the ‘cyber’ battlefield.

The stakes of getting cybersecurity wrong at a national level are huge, and prompting considerable investment in cyber defences; late last year, the UK government announced the formation of a dedicated ‘National Cyber Force’ to help keep the country safe against nefarious threat actors. It’s a welcome development given the volume of attacks on critical infrastructure we’ve seen around the world over the last eighteen months or so, including several attacks on Israeli water systems in 2020, the Colonial Oil pipeline attack in May, and even a hack on the Irish healthcare system.

With this in mind, how realistic then is COBRA’s ‘fictional’ storyline? And are there any learnings that can be taken from the series?

COBRA: What is got right

The threat landscape is evolving at a rapid pace, and damage from cyber-attacks is no longer contained to just the digital world. Attacks can have grave consequences in the physical realm too, with potential implications comprising everything from the disrupted delivery of key services, such as water, gas and electricity supply, to the jeopardising of public safety through compromised security or healthcare systems.

This is something Sky One got right in its portrayal. It depicted mass chaos erupting from downed communications platforms, showing viewers the impact that an outage of these systems could have on the emergency services in particular. Hospitals were unable to service patients properly, ambulances struggled to pick up patients and get them to help, and police and army units were powerless.

COBRA also demonstrated the impact an attack on the provision of utilities could have, with one episode depicting threats to the UK’s water pipes and the subsequent mass panic buying of water bottles by the general public as a result.

While a dramatization of course, this series outlines the serious nature of such attacks and the potential repercussions of what is a very real threat.

Rising global apprehension

As mentioned, the security of national critical infrastructure has been high up the priority list for governments across the globe for some time. But that hasn’t stopped hackers – whether individual or part of a nation state – continually innovating and finding new ways to infiltrate systems and networks controlling CNI, and use ransomware to grind these services to a halt.

The gravity of the threat is raising global apprehension, right up to the upper echelons of government, with some countries issuing new and updated orders, such as the National Security Memorandum in the US, to safeguard their countries against such attacks. These orders though aren’t currently enough to prevent attackers from succeeding in hacking in to and compromising CNI. National governments need to do more to reduce the attack surface of their critical infrastructure, and better mitigate risk should an attacker succeed in infiltrating mission-critical networks.

Where to start: Identity security

To better prepare for a scenario similar to that presented in the recent COBRA series, governments need to understand that the security of privileged accounts represents a top threat to every aspect of critical infrastructure.

Identity is a prime target for threat actors because it presents a potential route to infiltrate deep into networks, and a government’s ability to reduce risk and protect their infrastructure, and citizens is now dependent on how they protect it. This was proven by the SolarWinds attack, which saw hackers access some of the most sophisticated digital supply chain networks in the world, and lurk undetected on them for nine months before launching their attack.

Mitigation techniques aren’t an immediate fix in the identity security fight, but there are some which governments must implement now to help protect their networks. This includes embracing a Zero Trust philosophy: a cybersecurity principle centred on the belief that businesses shouldn’t automatically trust anything – whether it’s inside or outside its network perimeter- unless it can prove its identity via multiple layers of authentication.

Governments that embrace Zero Trust strategies and proactively limit the number of identities that are trusted with access to critical information and systems by default can better insulate themselves against CNI attacks.

Final thoughts

The cyber landscape is changing and no country or municipality is exempt from the threat of an attack on its infrastructure. Threat actors are continuing to set their sights on high tier targets, including fuel pipelines, federal agencies and healthcare systems, and their confidence levels continue to rise as they see examples of others’ success. Security leaders need to ensure they’re doing everything in their power to mitigate against a situation as severe as in the COBRA series coming to fruition, or risk this story playing out in real life, not just on our TV screens.

About the Author

Daniel Lattimer, Director Government & Defence, EMEA at CyberArk. CyberArk is the global leader in Identity Security. Centered on privileged access management, CyberArk provides the most comprehensive security offering for any identity – human or machine – across business applications, distributed workforces, hybrid cloud workloads and throughout the DevOps lifecycle. The world’s leading organizations trust CyberArk to help secure their most critical assets.

Featured image: ©Sky