sb-au logo
Story image

How North Korea’s nuclear aggression masks a deeper threat

09 Oct 2017

By Eric O' Neill, Carbon Black

While the world has been holding its collective breath over North Korea’s highly visible rocket flights and nuclear threats, the rogue nation has been carrying out a stealth campaign that threatens even worse mayhem.

The North Koreans have launched 22 missiles in 15 tests in 2017, and US intelligence sources believe their most recent test detonated a 140-kiloton nuclear device, which the North Koreans claim was a hydrogen bomb.

While US President Donald Trump and North Korean leader Kim Jong Un have been trading threats and insults, the UN secretary-general has condemned the ballistic missile launches as serious violations of UN Security Council resolutions.

Clearly the missile tests are posturing by Kim in an attempt to show dominance to the United States and its allies. They are likely part of a strategy that follows Iran’s playbook: Get close to developing a nuclear weapon and the rest of the world will make a deal.

They are also a major distraction from a much bigger issue. The true risk from North Korea lies in is its cyber attack capabilities.

North Korea has invested heavily in cyber attack operations to disrupt its Western enemies. Western Intelligence services blamed the 2014 attack against Sony on North Korea’s spy agency, the Reconnaissance General Bureau. North Korea is also believed to be responsible for the cyber heist at Bangladesh’s central bank and the global WannaCry ransomware attack from earlier this year.

Pyongyang’s cyber spies conduct low-cost, high-impact, deniable attacks around the world to harm enemies, disrupt the West and steal money. Financial institutions are a prime target of theft as North Korea bleeds funds to support its nuclear program.

The goal for North Korea’s cybe rattack operations, beyond flying under the radar, is a deliberate and organised disrupt-and-attack approach in line with the country’s national strategy. Arguably, the more money and resources North Korea can steal via cyber attacks, the stronger its kinetic military can become.

Despite severe unemployment rates and appalling living conditions for its masses, North Korea invests in, and educates, a portion of its population in science and technology to work for its cyber military agency. Security experts and North Korean defectors have placed the numbers in North Korea’s cyber army in the thousands. Students are often handpicked to join the elite corps.

While all citizens must serve time in the military, those who serve as cyber spies continue to work in a surge capacity when the authoritarian government requires their support. In that respect, North Korea has at its disposal a dedicated and systematically developed cyber army on call.

The target of North Korea’s most frequent target of cyber attacks is its neighbour, South Korea. As pressure from the West to derail North Korea’s nuclear weapons program increases, Kim is expected to continue to develop cyber attack capabilities in response.

In turn, the United States should develop contingency plans to respond to a direct cyber attack from North Korea.

Most critically, the US should develop an escalation policy that establishes when a cyber attack is considered an act of war. In addition to targeting bank accounts or identity theft, cyber attacks can shut down power transmission, turn off water and prevent aircraft control towers from safely landing planes.

The United States needs to invest heavily in cyber security for critical infrastructure, hardening key control elements across the country and doubling down on protections to financial systems and power grids.

In North Korea and elsewhere, the battleground for future conflicts will be found in both kinetic and cyber-war theatres. As we continue to focus attention on Kim’s nuclear missile posturing, it’s important not to lose sight of North Korea’s cyber attack initiatives, which have successfully disrupted the West in recent years and will continue to do so in the future if we don’t take action.

Story image
Why it’s essential to re-write IT security for the cloud era
Key components of network security architecture for the cloud era should be built from the ground up, as opposed to being bolted on to legacy solutions built for organisations functioning only on-premises or from only managed devices.More
Story image
Ripple20 threat has potential for 'vast exploitation', ExtraHop researchers find
One in three IT environments are vulnerable to a cyber threat known as Ripple20. This is according to a new report from ExtraHop, a cloud-native network detection and response solutions provider. More
Link image
Why performance monitoring is essential to keep cloud costs down
Cloud comes with many different associated costs, which can sneak up on organisations and drive down efficiency. Here's how to reduce costs by up to 50%.More
Story image
Fast track your digital transformation with dynamic security services from Fortinet
Jon McGettigan, Fortinet A/NZ Regional Director, explains how enterprises can speed up their network service delivery programmes by embracing Fortinet’s dynamic security services.More
Story image
Kaspersky finds red tape biggest barrier against cybersecurity initiatives
The most common obstacles that inhibit or delay the implementation of industrial cybersecurity projects include the inability to stop production (34%), and bureaucratic steps, such as a lengthy approval process (31%) and having too many decision-makers (23%). More
Story image
Malware and email scams targeting employees spread rapidly in Q2
"Businesses must stay alert and should employ defense-in-depth tactics and equip themselves with multilayered security mechanisms, including high-sensor spam filters and a VPN connection, which would prevent malicious pages from opening."More