Reinforce cybersecurity

Amid heightened tension over North Korean nuclear provocations, it turned out that many of South Korea’s top military secrets, including a plan to kill North Korean leader Kim Jong-un, had been leaked en masse by North Korean hackers. The Ministry of National Defense in May did not release the details of the hacking, which took place between September and November last year. After the defense ministry, Cyber Command and Defense Security Command all shirked their responsibilities, our military discipline underwent sharp scrutiny at the National Assembly.

According to an opposition lawmaker, the hacked military information amounts to a whopping 235 gigabytes, which covers our military’s new Operations Plan 5015, aimed to prepare for North Korea’s all-out invasion, and the so-called decapitation plan, aimed at removing North Korea’s military commanders in a time of war. Our military authorities do not even know what secrets were leaked in 77 percent of the hacked information.

We are dumbfounded at the way the sensitive information was hacked by North Korea. Even the basic three-phase cybersecurity procedure — the separation of military computing networks from the internet, regular cybersecurity checkups and firm control of the computing networks — was all ignored. If only one of the three steps had really worked, North Korea could not have gained access to a bunch of our military secrets.

Even after North Korea found a weak spot, our military was not even aware of the massive leak for two and half months. That’s not all. The military has recently renewed a contract with the same antivirus software company responsible for the hacking due to a lack of budget for computer security.

But the Ministry of National Defense is not fully awake yet, as clearly seen in the virus infections of the Korea Joint Command Control System (KJCCS) 14 times this year, including during the Ulchi-Freedom Guardian joint drill in August between South Korea and the United States. The system was infected with viruses because military security officials violated basic regulations by connecting it to USBs or external hard drives.

The defense ministry must fix the lax discipline. It must colossally revamp Cyber Command and supply money and manpower to help it work properly. The authorities must double-check and revise the operations plan. If this sensitive information is really in North Korea’s hands, that means a death sentence for our troops engaged in a decapitation operation. We urge the government to take all steps to earn public trust.

JoongAng Ilbo, Oct. 11, Page 30