[Viewpoint] The growing cyberthreat

Recent cyberattacks on Korean banks and ministries have highlighted for the public the sudden emergence of a serious cyberthreat from North Korea. The United States and other open democracies face the same attacks every day from North Korea and, on a much larger scale, from China. All indications are that the problem will only grow more severe in the future.

The North Korean attacks on South Korea were first spotlighted in July 2009 with attacks on American and South Korean Web sites, including government home pages. South Korea has concluded that these and subsequent attacks were organized and executed from the North or China. There are now estimated to be 250 million attacks on the South originating from North Korea each day.

The North’s motives are fairly clear. First, the attacks are designed to generate cash by hacking into online casinos or engaging in fraud. These objectives are similar to those focused on by Office 39 of the Workers’ Party with respect to illegal drug exports, counterfeiting and insurance fraud. Kim Jong-il directly commands Office 39, and the cyberattacks are likely coming from within. In addition, the cyberattacks are part of broader North Korean efforts to destabilize the South’s economy, though the impact has been minimal so far. Finally, the attacks are designed to test the South’s defenses in order to develop more sophisticated strategies to disrupt critical infrastructure in the South or neighboring countries in a crisis. This capability would be attractive to the North because it would allow an avenue for rapid escalation without resorting to weapons of mass destruction, which would carry the attendant risk of U.S. retaliation.

The cyberthreat, in other words, is more asymmetrical because the North does not depend on infrastructure that could be threatened in a counterattack. (The flip side is that the South might be able to attack North Korean cybertargets with less fear of collateral damage to civilian infrastructure).

The Chinese case is no less worrisome. Since leaving the White House and coming to the Center for Strategic and International Studies, I have been the subject of constant cyberattacks from China. I have received authentic looking e-mails from senior U.S. government officials with attachments purporting to be memos for my review, when, in fact, they were malware designed for phishing attacks.

Many Asia, defense or human rights experts in think tanks and NGOs have had similar experiences. U.S. government experts have said that these attacks come from hacker units authorized by the Ministry of State Security and the People’s Liberation Army. Chinese hackers have also penetrated major U.S. defense contractors.

In April last year, China Telecom rerouted massive amounts of Internet traffic through its own servers for 18 minutes. It was not clear whether this unprecedented event was a deliberate government action or not, but it would have allowed Beijing to mine the e-mail traffic for intelligence and to test capabilities for such massive reroutings in the future. (Much of the traffic diverted was from Korea.)

Meanwhile, China has tried to mask its operations with a swarm of government-encouraged “hacker militia” that give it deniability. And, of course, there are plenty of independent hackers in China who go after neighboring countries and even their own government. The overall effect is to promote a capability based on Mao Zedong’s guerilla strategy of hiding his fighters among peasants like “fish that swim in the sea.”

The Obama administration has engaged Beijing at high levels to discourage them from a cyber arms race. China has vehemently denied any involvement in cyberattacks, but its operational security is so poor that Chinese government complicity is widely acknowledged by experts outside of China. The PLA’s aggressive rules of engagement in cyberspace are similar to those in the South China Sea. And the weakness of civilian oversight of those operations is equally apparent.

Preserving cybersecurity is an enormous diplomatic challenge. Both Washington and Seoul seek positive and growing cooperation with China, and Beijing seeks stable and improved relations with us. But it is hard to see how democratic governments could ignore these constant, blatant attacks.

Washington and Seoul are already developing new cyberstrategies to deal with these threats. Bilateral complaints to Beijing have proven largely ineffective, so it may be necessary to take a coordinated approach to hold the Chinese accountable. The U.S. and South Korean governments will also need a sophisticated cyberstrategy that develops tools for defense, deterrence and counterattack, particularly toward North Korea.

It may also be necessary for us to change how we think about defense. Instead of trying to defend our entire cyberspace, we may need to focus on hardening specific targets. In this sense, cybersecurity is more like medicine than warfare.

*The writer is the Japan chair at the Center for Strategic and International Studies in Washington.

by Michael Green