A world in cyberwar

Kim Min-seok
The author, a former editorial writer and director of the Institute for Military and Security Affairs at the JoongAng Ilbo, is a senior researcher of the institute.

Tension is rapidly building after Russian cyberattacks on SolarWinds, a leading IT infrastructure and management software provider, and Colonial Pipeline, a top fuel pipeline operator, both in the United States. At least nine U.S. government organizations, including the Department of Homeland Security and the Department of the Treasury, and approximately 18,000 private companies, including Microsoft and Intel, were exposed to the stealthy — and methodical — attacks by Russian hackers. The U.S. government says it will take at least several months to weigh the colossal damage and a year to normalize the U.S. cybersecurity system.

The United States declared retaliation. In March, White House press secretary Jen Psaki confirmed to CNBC that Washington will carry out “a mix of actions seen and unseen.” In April, U.S. President Joe Biden signed an executive order putting sanctions on Russia. Russia’s new group, DarkSide, hacked Colonial Pipeline. Outraged by the cyberattack, Biden met Russian President Vladimir Putin in Geneva, Switzerland on June 16. “How would you feel if ransomware took on the pipelines from your oil fields?” asked Biden. “It would matter,” said Putin, according to Biden’s unusual solo news conference.

Russia’s hacking of SolarWinds was designed elaborately. From September to November 2019, Russian hackers sought to locate vulnerabilities of computer networks of the software company and began hacking in a full-fledged way after installing a backdoor on its SolarWinds Orion software, which is used for IT inventory management and monitoring by government agencies and 80% of the Fortune 500 companies.

After finishing their hacking in June 2020, the Russians erased traces of their hacking. It was in December that SolarWinds found it had been hacked. FireEye, one of the largest cybersecurity companies in the U.S., called the hacking a “state-sponsored cyberattack.” In January, Microsoft belatedly pointed to Nobelium, Russia’s new hacking group, for leading a recent cyberattacks on it. U.S. and UK intelligence agencies singled out the SVR, or Russia’s Foreign Intelligence Service, as being behind the hacking. (Moscow denied it.) But Nobelium resumed cyberattacks soon. It stole emails of the U.S. Agency for International Development (USAID), obtained 3,000 email accounts of 150 government agencies of 24 countries, and embarked on cyberattacks.

China’s cyberattacks are nearly indiscriminate, as seen in the hacking of the New York City subway authority in April. Hackers connected to the Chinese government reportedly penetrated the computer system of the Metropolitan Transportation Authority (MTA). The hackers could have caused a terrible subway accident if they wanted to. Beijing denied such allegations. China has been bent on hacking information and technology related to Covid-19 since 2020. Chinese hackers reportedly targeted Gilead Sciences, the developer of Remdesivir, a treatment for Covid-19. That’s not all. It turned out that China’s so-called Advanced Persistent Threat (APT) hacking teams hacked the U.S. government and defense contractors from October 2020 through last March. They hacked companies like Lockheed Martin in the past too. China’s stealth fighter jets such as J-21 and FC-31 might have been built with designs that were hacked and copied.

For South Korea, cyberattacks from North Korea pose a serious challenge. The National Intelligence Service (NIS) says North Korean groups have hacked the Korea Aerospace Industries (KAI), the Daewoo Shipbuilding & Marine Engineering (DSME) and the Korea Atomic Energy Research Institute (KAERI) to steal blueprints for the prototype of KF-21 fighter jets and data on small nuclear reactors for submarines. Given the North’s past record of stealing countless pieces of private information, cryptocurrencies and military secrets, no one knows what will happen next time.

And yet, our cybersecurity system is very vulnerable to attacks from outside. Legal foundations are not set. The only ordinance South Korea has is the Work Guidelines on Cybersecurity, a presidential decree, from last December. In 2019, the Blue House announced a National Cybersecurity Strategy, but fell short of coming up with follow-up steps. The National Security Office in the Blue House even does not have a secretary in charge of cybersecurity. The responsibility for cybersecurity is split among the NIS in the public sector, the Korea Internet & Security Agency (KISA) in the civilian sector, and the Cyber Command in the military. In other words, there’s no integrated cybersecurity center on the national level as in the United States, Japan and China.

A Basic Cybersecurity Bill proposed by Rep. Cho Tae-yong, a former diplomatic official and current lawmaker of the opposition People Power Party (PPP), is still stuck in the National Assembly. Current laws do not allow the government to collect related information even if there are signs of cyberattacks. Existing laws such as the Telecommunication Privacy Protection Law cannot effectively respond to cyberattacks. The military’s Cyber Command is still devoid of top-caliber personnel capable of carrying out sophisticated cyberoperations.

Cybersecurity environments will change faster than before. For instance, North Korea can neutralize our military before firing its long-range rockets toward South Korea. If unmanned combat systems are introduced in our military, the networks should be protected. But no systems are established to safeguard them.

The deepening U.S.-China contest also poses a serious challenge for South Korea. As the private information of Korean users of TikTok, China’s popular mobile video platform, is restored in the central server in China, Beijing can exploit the information anytime if it wants to. South Korea must come up with cybersecurity measures on the national level before it’s too late.