The Q&A below is taken from a radio interview with a local South Korean broadcaster (interview date: Jan. 17 ’13).
1) How come North Korea is frequently accused of targeting South Korea’s cybersphere? What have been some of the major online attacks
so far and what?
For North Korea, engaging in cyberattacks represents a greater strategic advantage compared to traditional military or paramilitary attacks using armed military personnel, bombs, and aircraft.
Today, South Korea’s JoongAng Daily (JAD) newspaper concluded that the hacking of its servers was in fact linked to North Korea. This was the fifth time an alleged North Korean cyberattacks were detected, following distributed denial-of-service (DDoS) attacks on websites of government agencies and financial institutions in July 2009 and March 2011; the hacking of Nonghyup’s banking network in April 2011; and additional hacking of email accounts belonging to students at Korea University in November that year. There were also alleged cyberattacks from the DPRK targeting South Korea’s Incheon International Airport that could have potentially caused confusion with the airport’s heavy air traffic as well as a relatively recent cyberattack on the GPS systems many Seoulites depend upon to navigate Seoul’s busy and often complicated street ways. More concerning, cyberattacks were also aimed at the Blue House and National Assembly. One estimate by the Hyundai Research Institute puts the loss value for FY 2009 alone at $33.7-50.5 million.
2) How big of a threat is it to be attacked by North Korean hackers, assuming that their internet technology is far behind that of South Korea’s? Describe North Korea’s internet culture.
No one really knows for sure, but as far as we can tell, there’s not much internet technology to speak of in North Korea, apart from a couple of universities, which are most likely closely monitored by the North Korean government. North Korea, much like South Korea, actively recruits top students to become part of the governments’s military cybercommand units. So it seems, in a sense, that all those hours of video gaming could actually pay off, since some overlapping skill sets exist.
3) Cyberattacks are perceived by some to be less harmful than conventional military attacks. So should the public be fearful?
Yes, since cyberattacks can often inflict just as much damage as attacks using “kinetic” weapons such as missiles, bombs, and bullets. For instance, a cyberattack could be aimed at an electric grid, which could then cut off the power source for hospitals in a city or country, wreaking havoc on the system.
4) How does the global community or the international law under the UN Charter, specifically, properly address such cases of cyberattacks and cyberwar?
As of now, little legal infrastructure exists to reflect the burgeoning capabilities of cyberattacks and cyberwar.
Article 51 of the UN Charter, originally drafted right around the end of WWII, states that a state has the right to collective self-defense if “an armed attack occurs.” But this language was written when PCs and the internet did not exist. So the question becomes: Does a cyberattack inflicting military and/or non-military personnel constitute an “armed attack” under Article 51 of the UN Charter? If yes, then a state can in theory preemptively attack another state for purposes of collective self-defense, as was the case in the Middle East in the past when one state pre-emptively attacked another state
s nuclear weapons production facilities, claiming self-defense.
Expect more cyberattacks in the Korean peninsula for 2013–leading to greater potential economic and non-economic losses – it is the future of warfare in the 21st century, for better or worse.