Nuclear Missiles Are Not N.Korea’s Only Threat

North Korea has launched 22 missiles in 15 tests in 2017. According to US intelligence sources, the most recent test detonated a 140-kiloton nuclear device, which the North Koreans claim was a hydrogen bomb.

That’s 10 times as powerful as the atomic bomb the United States dropped on Hiroshima in World War II. The UN secretary-general has continuously condemned North Korea’s ballistic missile launches as serious violations of UN Security Council resolutions.

Meanwhile, President Donald Trump has promised new sanctions against North Korea that will allow the United States to target businesses, individuals and financial institutions that aid North Korea’s regime, and the Chinese central bank has begun to implement strict UN sanctions against Pyongyang.

The missile tests are posturing by Kim Jong Un and a clear attempt to show dominance to the United States and its allies. They are likely part of a strategy that follows Iran’s playbook: Get close to developing a nuclear weapon and the rest of the world will make a deal.

But they are also a major distraction from a much bigger issue. The true risk when it comes to North Korea is its cyberattack capabilities.

North Korea has invested heavily in cyberattack operations to disrupt its Western enemies. Western Intelligence services blamed the 2014 attack against Sony on North Korea’s spy agency, the Reconnaissance General Bureau.

North Korea is also believed to be responsible for the cyber heist at Bangladesh’s central bank and the global WannaCry ransomware attack from earlier this year.

Pyongyang’s cyber-spies conduct low-cost, high-impact, deniable attacks around the world to harm enemies, disrupt the West and steal money. Financial institutions are particularly at risk of theft as North Korea bleeds funds to support its nuclear program.

The goal for North Korea’s cyberattack operations, beyond flying under the radar, is to inflict death by a thousand cuts, a deliberate and organised disrupt-and-attack approach in line with the country’s national strategy. Arguably, the more money and resources North Korea can steal via cyberattacks, the stronger its kinetic military can become.

Despite severe unemployment rates and terrible living conditions for its masses, North Korea invests in, and educates, a portion of its population in science and technology to work for its cyber military agency, which is a top-level job in the country.

Security experts and North Korean defectors have placed the numbers in North Korea’s cyber army in the thousands. Students are often handpicked to join the elite corps.

While all citizens must serve for a period of time in the military, those who serve as cyber-spies continue to work in a surge capacity when the authoritarian government requires their support. In that respect, North Korea has at its disposal a dedicated and systematically developed cyber army on call.

North Korea’s most frequent target of cyberattacks is its southern neighbor.

As pressure from the West to derail North Korea’s nuclear weapons program increases, Kim will likely continue to develop cyberattack capabilities in response. In turn, the United States should develop contingency plans to respond to a direct cyberattack from North Korea.

Most critically, we should develop an escalation policy that establishes when a cyberattack will be considered an act of war. Cyberattacks can affect more than just bank accounts or identity theft; they can shut down power transmission, turn off water and prevent aircraft control towers from safely landing planes.

The United States needs to invest heavily in cybersecurity for critical infrastructure, hardening key control elements across the country and doubling down on protections to our financial systems and power grids.

In North Korea and elsewhere, the battleground for future conflicts will be found in both kinetic and cyberwar theaters.

As we all continue to pay attention to Kim’s nuclear missile posturing, it’s important we not lose sight of North Korea’s cyberattack initiatives, which have successfully disrupted the West in recent years and will continue to do so in the future if we don’t take action.

CarbonBlack:

You Might Also Read: 

N.Korea's Cyber Threats To S.Korea

How Worried Should We Be About a Nuclear War With North Korea?:

 

 

« Multicloud - The Next Step In Cloud Computing
Poor Coding Limits IS Hackers »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CyberArk Software

CyberArk Software

CyberArk is an established leader in privileged access management and offers the most complete set of Identity Security capabilities.

Xcitium

Xcitium

Xcitium (formerly Comodo) is and industry leading provider of state-of-the-art endpoint protection solutions. Our Zero threat platform isolates and removes all ransomware & malware infectictions.

Fortress Group

Fortress Group

Fortress is specialized in confidential and discrete recruitment solutions and temporary staffing in the field of security and risk management.

Secarma

Secarma

Secarma provides penetration testing, security assessments, consultancy, and training services to ensure your digital infrastructure is secure from cybersecurity threats.

Egnyte

Egnyte

Egnyte delivers secure content collaboration, compliant data protection and simple infrastructure modernization; all through a single SaaS solution.

ioXt Alliance

ioXt Alliance

The ioXt Alliance is a group of manufacturers, industry alliances and government organizations dedicated to harmonizing best security practices in a highly connected world.

Blue Hexagon

Blue Hexagon

Blue Hexagon is a deep learning innovator focused on protecting organizations from cyberthreats.

Eureka Technology Partners

Eureka Technology Partners

Eureka Technology Partners are committed to helping you focus on your business by taking care of your IT infrastructure and data security needs.

Crypto International

Crypto International

Crypto International offers comprehensive services for the operation of our customers’ IT and communication infrastructure, with a focus on cybersecurity and encryption solutions.

Reflectiz

Reflectiz

Reflectiz empowers digital businesses to make all web applications safer by non-intrusively mitigating any website risks without a single line of code.

Graylog

Graylog

Graylog provides answers to your team’s security, application, and IT infrastructure questions by enabling you to combine, enrich, correlate, query, and visualize all your log data in one place.

South West Cyber Resilience Centre (SWCRC)

South West Cyber Resilience Centre (SWCRC)

The South West Cyber Resilience Centre (SWCRC) is led by serving police officers, as part of a not-for-profit partnership with business and academia.

Grant Thornton

Grant Thornton

Grant Thornton is one of the world’s leading networks of independent assurance, tax and advisory firms.

DESCERT

DESCERT

DESCERT offers you an extended IT, cyber security, risk advisory & compliance audit team which provides strategic guidance, engineering and audit services.

Veza Technologies

Veza Technologies

Veza is the authorization platform for data. Built for hybrid, multi-cloud environments, Veza enables organizations to manage and control who can and should take what action on what data.

Security Compliance Associates (SCA)

Security Compliance Associates (SCA)

The sole focus of SCA is safeguarding critical information and complying with information security regulations.