Asleep at the wheel

South Korea’s state nuclear research institute came under cyber attack by North Korean hackers. According to the National Intelligence Service (NIS) on Thursday, the computer network of the Korea Atomic Energy Research Institute (KAERI) was exposed to hackers for 12 days. The research institute was unaware of the intrusion. The NIS claimed no files of key technologies had been disrupted, although it admitted it does not know which files may have been stolen. Hackers do not leave any trace — not if they’re any good.

The hacking follows similar cyberattacks on Korea Aerospace Industries and Daewoo Shipbuilding and Marine Engineering (DSME), both involved in national defense projects. KAI is the country’s sole aircraft manufacturer, and the blueprints for the prototype of KF-21 fighter jets could have been targeted. DSME may have lost files on a submarine-launched ballistic missile or the Korean Vertical Launching System under development. Moreover, KAERI has been involved in a naval project to design a nuclear-powered submarine reactor. The Korea Aerospace Research Institute, which is engaged in development of rocket launchers and satellites, also came under a North Korean cyberattack last year. The latest attacks have all been focused on high-tech strategic weapons.

Cyber warfare has been evolving. In 2014, the Agency for Defense Development (ADD) lost a large amount of information to a hacking group presumed to be North Koreans. North Korea’s precision-based Iskander-M missile is presumed to have been based on a design it stole from the ADD. The Defense Ministry’s integrated data system also came under attack in 2016, losing confidential defense strategy information.

Our authorities, however, seem to be helpless. There is no national strategy on cyber warfare or related law. In December, the government proposed conventions on cyber security, but since it is an executive act, it can be pushed aside if it conflicts with a law. The U.S., Japan and other advanced countries have basic laws on cyber security. A national cyber strategy the government mapped out in 2019 is more about cyber security than defense. There is no presidential secretary in charge of cyber security and the National Security Office’s role and function have long been obsolete.

U.S. fuel pipelines were paralyzed by hacking. That can happen in South Korea. The North is capable of infiltrating Korean networks to destabilize infrastructure. The heavily interconnected Korean society is obviously vulnerable. The government must hasten to draw up a fundamental action plan on cyber defense and security. If it’s waiting for a sign, it has gotten it.