Network Security

Is North Korea climbing to the top of the cyber-attack tree?

With speculation growing about the 'cyber-power' of some of the world's lesser-developed nations such as North Korea and Iran, is it time to reassess the world's threat structure? Should this now be evaluated on the destructive capability and potential likelihood of virtual attacks, instead of the more traditional strength of a nuclear arsenal or number of troops within an army?

The United States has spent years trying to paint North Korea as the bully with a big baseball bat, metaphorically waving it around at others on a regular basis (but never seemingly striking anyone). But now the shift has moved to a new kind of accusation, associated with some of the very fabric of their commercial successes such as Sony and 'actual' attacks on such entities rather than just the traditional display of power.

But just how plausible is this? Do Nation States air their dirty laundry in the public domain? In my experience, not unless they are forced to - so is there something else is at play here? Could they be testing their capability on soft targets with a view to improving? It seems unlikely. This would expose their techniques and tooling, meaning adversaries could build up a defence, which doesn't sound like a particularly strong military strategy to me. 

When referencing a long term campaign aimed at South Korea recently, James Lewis, director of the Strategic Technologies Program at the Center for Strategic and International Studies (CSIS) in Washington has been on record as saying: "They have moved from basic denial of service attacks to the ability to hack a little bit to this kind of disruptive action against Sony. It's been in the last four or five years that they have figured it out."

So is this the behaviour of a nation that prides itself on its closed borders and a completely insular outlook on the world? If I was trying to build capability as a nation state would I air how basic or little it has developed?

The number of personnel reported to be in the division responsible for cyber-warfare inside Korea is estimated currently in the range of 3,000 to 6,000. Its capability must be similar to the US, UK, Russia, China, and Israel - nations currently seen as the cyber 'Super Powers.

Lewis, who has been responsible for setting US cyber-policy for decades, has also suggested that North Korea “might be in the top 10”, but stopped short of saying it was capable of something like Stuxnet, the sophisticated computer virus designed to set back Iran's quest for nuclear weapons. 

He also doubted the country's ability to carry out the most damaging kind of cyber-attack, but I'm not so sure. These things are much easier to hide, much quicker to build and can be infinitely more invisible if orchestrated in the correct way.

The big question seems to be: what makes a nation state the biggest in terms of cyber-attacks? Is it the complexity, or conversely their simplicity, their success, or their inability to be detected - or could we simply put it down to perception? 

Most battles are fought in the hearts and minds of those who feel threatened - why should cyber-warfare be any different?

Contributed by Pete Shoard chief architect SecureData, a former security analyst for government organisations and defence suppliers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.