Cyber security is fascinating, high-tech and critical to the world as we know it. However, the reality is often very different to how it is portrayed in movies and television.
How TV gets cyber wrong
Hackers and cyber attacks feature in many films and television programmes, but are these portrayals accurate? Hecham Mrabet, senior security specialist at NHS Digital, gives us a behind-the-scenes look at how a cyber security centre runs in real life.
16 December 2019
As intriguing as it looks, green characters cascading down a black screen only happens in films like The Matrix. At NHS Digital, we have six large screens with dashboards on a big wall and a couple of monitors on our desks – it’s high tech, but it’s not the Minority Report.
Here’s a few more examples of when television and movies got cyber wrong – and what actually happens in a cyber security centre.
Two people on one keyboard spells disaster, not success
One of the most ridiculous portrayals of cyber security experts comes from the TV show NCIS. As soon as the characters see that hackers have broken through the NCIS firewall, two of them jump onto one keyboard. I imagine nobody has ever successfully typed an email – never mind stopped a cyber-attack – by inviting someone else to type with them simultaneously on the same keyboard.
As silly as this example is, cyber security is a collaborative process. We work closely with health and care organisations to provide a range of specialist services so they are prepared and ready to respond to cyber threats. These services include a cyber security support model, assessment and support, and threat advice and intelligence. We’re also promoting our Keep I.T. Confidential campaign to embed good cyber security habits as an everyday part of the behaviour of staff in health and care.
The drama is rarely over in 30 seconds flat
For example, in the 2003 version of The Italian Job, one of the characters hacks into the traffic control centre in Los Angeles, takes control of the traffic lights in the city and causes chaos. Then, as quickly as the attack begins, it’s over.
In real life, our projects keep us busy over long periods of time. If it all happened like it did in the movies, we’d have very little to do in between dramatic cyber attacks.
We use threat hunting activities to proactively search through networks for cyber threats every day and apply blocks to ‘indicators of compromise’ (unusual activity or data that indicates a potential cyber attack).
Our early detection work helped prevent further infections to reduce the impact to the NHS estate.
The Cyber Security Operations Centre (CSOC) at NHS Digital has detected and blocked a number of malicious malware and trojans over the past few years using these techniques. Recently, we detected the TrickBot trojan, a powerful credential stealer originally developed in 2016 as a trojan for banking applications. Since its creation, TrickBot authors armed their malware with many additional capabilities (modules) that allow silent propagation across the network, evasion of anti-virus, and communication with command and control (C2) servers, to harvest and exfiltrate a range of sensitive data. Our early detection work helped prevent further infections to reduce the impact to the NHS estate.
It's not usually a smash and grab job
In Jason Bourne, an attacker seemingly ‘walks into’ the CIA’s computer system to steal data with little to no effort, downloading everything she needs in one go.
Real-life organised crime groups play the “long-game” – they generally use a slow-burner approach to remain undetected. Of course, this doesn’t create the high impact drama that viewers want to see on television or in the movies, but copying large volumes of data in one go is much too obvious.
We have to 'play by the rules' – everything we do needs to be legal and ethical. Criminals do not care about either of these things.
Real criminals know this, so they go for small amounts of data which could go unnoticed more easily. For example, they might start a phishing campaign which contains a malicious file that is downloaded on to an end user’s computer. It could sit dormant for weeks or months before someone takes a simple action, like opening a particular file, which then causes the malicious file to execute and either:
propagate a piece of malware across the network
lock you out of your infrastructure until a fee is paid (ransomware)
exfiltrate sensitive information to another location
That's a wrap
Cyber security professionals are problem-solvers and investigators, and we do most our work behind the scenes to ensure the systems on which our patients and healthcare professionals rely on run safely and securely.