In 1945, two nuclear bombs decimated the Japanese cities of Hiroshima and Nagasaki, ending World War II and forever changing the scope of modern warfare.
Lim Jong-in, a professor at the graduate school of information security at Korea University, said he believes that cyberattacks are the next big threat to humanity.
“In the 1950s, the international society reached a consensus on nuclear weapons and saw the birth of the International Atomic Energy Agency. Now, we have cyber weapons that present such threats,” Lim, formerly a special advisor to President Park Geun-hye, told The Korea Herald on Friday, the day of North Korea’s fifth nuclear test.
While not yet perceived as critical as a nuclear program, he emphasized cyber terrorism is extremely dangerous in a society that is growing more connected.
“If there is an attack on the society’s critical infrastructure, it can potentially be as devastating as a nuclear weapon. The international community needs a set of discussions that will bring binding organizations to this issue, a ‘cyber IAEA’ if you will.”
Pyongyang itself, currently going rogue with its internationally-condemned nuclear program, has proven this point with repeated hacking attacks on its southern neighbor.
In 2014, the Korea Hydro & Nuclear Power Co. came under what is believed to be an attack from North Korean hackers. Prosecutors said last month that the information of high-ranking officials and members of research institutes on Pyongyang may have been stolen by North Korean hackers.
Lim pointed out that majority of the critical infrastructure in South Korea are operated by civilians.
“Attacks on such facilities are usually carried out on the state-level as done by North Korea, which makes it impossible for private companies to counter. Counterattacks on these attacks should be conducted on a state-level as well,” Lim said.
He said that cyber terrorism is appealing to poorer countries like North Korea as it requires relatively small budget and yields a large impact. The assailants can also evade justice by hiding in anonymity, he added.
According to the Ministry of National Defense, North Korea has 6,800 specialists on cyber terrorism. But experts believe the actual number could be even greater, ranging from 10,000 to 30,000.
On the other hand, South Korea’s military-run cyber command hovers at around 600.
“What is worse is that North Korea doesn’t care about being caught in hacking attacks. We have so much to protect, which requires more assets for cybersecurity,” Lim said.
Experts from around the world have been working to find ways to cope with the growing threat of cyber terrorism. Lim is part of a multinational cyber working group at the Seoul Defense Dialogue seeking to share information and cooperate on preventing such attacks.
Lim, however, said that the leading parties in these fields, such as the US, China and Russia have not been as active in terms of forming a joint line of defense against this threat.
“Many countries know that cybersecurity is important and they each have organizations devoted to such purpose. But they are not sure of specifically what they should do,” Lim said.
He took the case of the 2014 hacking of KHNP, in which South Korean investigators failed to acquire definitive evidence that North Korea was the culprit because the source of the attack was traced to China. This is why international information sharing and cooperation is important, he stressed.
“The technology is advancing in massive strides, yet the regulations fall behind. The developers think about what the technology can achieve, but they do not worry about what risks it can bring. So the cyber liability inevitably keeps growing,” he said.
The lack of control tower against cyber threats can be a problem in the face of an attack, Lim said, along with the legal restraints on acquiring information.
“The government needs to take related information and analyze it to assess the threats and risks, which means it can collect information on civilians. This sparks concerns over privacy,” he said.
The Park administration and the ruling Saenuri Party have pushed for the passage of the cyber terrorism act that would have the National Intelligence Service be the control tower on cyber terrorism.
But the opposition and civic groups have raised concerns that this would allow the NIS to spy on civilians, which the agency has been accused of doing in the past.
A similar dispute had taken place in the US upon the passage of the Patriot Act which expanded the government’s surveillance powers over citizens.
Lim said that while such concerns exist, the issue of cybersecurity is a matter of national interest.
“The existing laws focus on catching the criminals after the attack, but this holds little relevance in the case of cyberattacks. When an attack occurs, hundreds of thousands of information are leaked online, so prevention is more important,” he said.
To address worries that a government body could go rogue, a watchdog is needed to keep it in check, he said.
This watchdog would have to be independent of outside influence and consist of members that opposition or civic groups agree on.
“If the opponents (of the cybersecurity law) can trust the organization, then they would have no reason to oppose it, as cybersecurity is a realistic threat,” Lim said.
In light of North Korean attacks, the government has rolled out plans to boost cybersecurity. But Lim highlighted that many of them are focused on acquiring equipment or enhancing cyber walls.
“Equipment becomes obsolete quickly, so we need to foster individuals with creative minds,” he said.
Such education requires no rote memorization, Lim added.
“Cybersecurity is (about) finding new ways to attack and defend. A computer virus vaccine becomes obsolete upon new virus. We have to constantly find new ways around others’ tactics.
“In cybersecurity, humans are the most important weapon. ... Weapons are easily hackable, and then it’s no use no matter how good your weapon is,” he said.
By Yoon Min-sik(firstname.lastname@example.org