Claudio López, Consulting Manager, Urudata Ciberseguridad
These days, a Netflix series titled Zero Day is being widely streamed in our country. It presents several technical cybersecurity concepts that are unfamiliar to the public in general, that´s why we have received inquiries from both clients and friends in regard.
To address these questions, we will publish a series of columns to break down these concepts and make them accessible to everyone, regardless of their technical knowledge.
And, of course, I promise—no spoilers! You can read this column and watch the series without any worry. That said, from a cybersecurity perspective (or more accurately, a cyber defense standpoint), it is an excellent series.
Let’s begin: The series revolves around a massive cyberattack on a country (in this case, the United States), unfolding over eight episodes that primarily focus on how modern-day responses to such conflicts (cyberwarfare) are handled.
The title itself hints—at least to those in the cybersecurity field—at the central theme: Zero Day.
A zero-day threat (often misidentified as a vulnerability) refers to a known weakness in a system that has already been exploited by a threat actor (the attacker) and for which there is no available solution.
A Real-World Analogy: Imagine that tomorrow, a new virus (e.g., COVID) is discovered but there is no antidote available yet. During the period from its discovery until a vaccine or treatment is developed, the virus is considered a zero-day virus.
Naturally, this raises the question: If a zero-day threat is identified and no solution exists, what can be done? Should we simply surrender? We are hopeless?
The answer is no—while it is challenging, not everything is lost. Even without an immediate solution, many steps can be taken.
Returning to our health analogy, one could manage symptoms with medication or isolate the affected individuals to prevent further spread. In cybersecurity, similar compensatory controls can be implemented. Although they may not fix the root problem, they can mitigate its impact—or even prevent it altogether.
Going back to the series, we see the application of these compensatory measures: Once a zero-day threat is identified, various countermeasures are activated, such as forming national emergency response committees, issuing media communications to reduce public panic, and conducting intelligence operations to identify and eliminate the threat actor.
Now, you have a solid understanding not only of the core premise of the series but also of one of the most critical cybersecurity threats.
This is why companies and nations must continuously prepare for potential zero-day threats by implementing defense-in-depth strategies. These strategies ensure that if one defensive layer fails due to a zero-day attack, other layers can compensate.
In future columns, we will go deeper into other key aspects of the series and explore real-world cases of large-scale cyberattacks on nations—events that, unfortunately, are far from fiction.