US Has A Secret Cyberwar Going Against North Korea

Three years ago, President Barack Obama ordered Pentagon officials to step up their cyber and electronic strikes against North Korea’s missile program in hopes of sabotaging test launches in their opening seconds.

Soon a large number of the North’s military rockets began to explode, veer off course, disintegrate in midair and plunge into the sea.

Advocates of such efforts say they believe that targeted attacks have given American antimissile defenses a new edge and delayed by several years the day when North Korea will be able to threaten American cities with nuclear weapons launched atop intercontinental ballistic missiles.

But other experts have grown increasingly skeptical of the new approach, arguing that manufacturing errors, disgruntled insiders and sheer incompetence can also send missiles awry.

Over the past eight months, they note, the North has managed to successfully launch three medium-range rockets. And Kim Jong-un, the North Korean leader, now claims his country is in “the final stage in preparations” for the inaugural test of his intercontinental missiles, perhaps a bluff, perhaps not.

An examination of the Pentagon’s disruption effort, based on interviews with officials of the Obama and Trump administrations as well as a review of extensive but obscure public records, found that the United States still does not have the ability to effectively counter the North Korean nuclear and missile programs.

Those threats are far more resilient than many experts thought and pose such a danger that Mr. Obama, as he left office, warned President Trump they were likely to be the most urgent problem he would confront.

Mr. Trump has signaled his preference to respond aggressively against the North Korean threat. In a Twitter post after Mr. Kim first issued his warning on New Year’s Day, the president wrote, “It won’t happen!” Yet like Mr. Obama before him, Mr. Trump is quickly discovering that he must choose from highly imperfect options.

He could order the escalation of the Pentagon’s cyber and electronic warfare effort, but that carries no guarantees. He could open negotiations with the North to freeze its nuclear and missile programs, but that would leave a looming threat in place.

He could prepare for direct missile strikes on the launch sites, which Mr. Obama also considered, but there is little chance of hitting every target. He could press the Chinese to cut off trade and support, but Beijing has always stopped short of steps that could lead to the regime’s collapse.

In two meetings of Mr. Trump’s national security deputies in the Situation Room, all those options were discussed, along with the possibility of reintroducing nuclear weapons to South Korea as a dramatic warning. Administration officials say those issues will soon go to Mr. Trump and his top national security aides.

The decision to intensify the cyber and electronic strikes, in early 2014, came after Mr. Obama concluded that the $300 billion spent since the Eisenhower era on traditional antimissile systems, often compared to hitting “a bullet with a bullet,” had failed the core purpose of protecting the continental United States.

Flight tests of interceptors based in Alaska and California had an overall failure rate of 56 percent, under near-perfect conditions. Privately, many experts warned the system would fare worse in real combat.

So the Obama administration searched for a better way to destroy missiles. It reached for techniques the Pentagon had long been experimenting with under the rubric of “left of launch,” because the attacks begin before the missiles ever reach the launch-pad, or just as they lift off.

For years, the Pentagon’s most senior officers and officials have publicly advocated these kinds of sophisticated attacks in little-noticed testimony to Congress and at defense conferences.

The approach taken in targeting the North Korean missiles has distinct echoes of the American, and Israeli-led sabotage of Iran’s nuclear program, the most sophisticated known use of a cyber-weapon meant to cripple a nuclear threat.

But even that use of the “Stuxnet” worm in Iran quickly ran into limits. It was effective for several years, until the Iranians figured it out and recovered. And Iran posed a relatively easy target: an underground nuclear enrichment plant that could be attacked repeatedly.

In North Korea, the target is much more challenging. Missiles are fired from multiple launch sites around the country and moved about on mobile launchers in an elaborate shell game meant to deceive adversaries. To strike them, timing is critical.

Advocates of the sophisticated effort to remotely manipulate data inside North Korea’s missile systems argue the United States has no real alternative because the effort to stop the North from learning the secrets of making nuclear weapons has already failed.

The only hope now is stopping the country from developing an intercontinental missile, and demonstrating that destructive threat to the world.

The White House is also looking at pre-emptive military strike options, a senior Trump administration official said, though the challenge is huge given the country’s mountainous terrain and deep tunnels and bunkers.

Putting American tactical nuclear weapons back in South Korea, they were withdrawn a quarter-century ago, is also under consideration, even if that step could accelerate an arms race with the North.

NYTimes

Cyberwarfare: Borders Offer No Defense:

Surprise: N Korea Hacked S Korea Cyber Command:

Was North Korea Behind The IoT DDoS Attack?:

 

 

« Newspaper Subscriptions are on the Rise
Increasing Healthcare Cybersecurity Risks »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Irish Reporting & Information Security Service (IRISS)

Irish Reporting & Information Security Service (IRISS)

IRISS-CERT is Ireland's first CSIRT (Computer Security Incident Response Team) to provide services to all users within Ireland.

BGD E-GOV CIRT

BGD E-GOV CIRT

BGD e-GOV CIRT's mission is to support government efforts to develop ICT programs by establishing incident management capabilities within Bangladesh.

Tessian

Tessian

Tessian (formerly CheckRecipient) is a next-generation email security platform that helps enterprises counteract human error and significantly reduce the risk of data loss.

Bird & Bird

Bird & Bird

Bird & Bird is an international law firm with a focus on helping organisations being changed by technology and the digital world. Areas of expertise include cyber security.

Cycura

Cycura

Cycura provide advanced, customized, and confidential cyber security services, cyber investigation services, and digital forensic services to governments, companies, and organizations.

Cyber Security & Cloud Expo

Cyber Security & Cloud Expo

The Cyber Security & Cloud Expo is an international event series in London, Amsterdam and Silicon Valley.

GitGuardian

GitGuardian

Enable developers, ops, security and compliance professionals to enforce security policies across public and private code, and other data sources as well

Qualcomm Technologies

Qualcomm Technologies

Qualcomm invents breakthrough technologies that transform how the world connects, computes and communicates.

Wizard Cyber

Wizard Cyber

At Wizard Cyber, we simplify cyber security, delivering an advanced service that protects your high-risk assets from the complex threats that technology alone can miss, 24/7.

QuantiCor Security

QuantiCor Security

QuantiCor Security is one of the world’s leading developers and manufacturers of quantum computer resistant security solutions for IT infrastructures and the Internet of Things (IoT).

Aegis Security

Aegis Security

Aegis Security helps clients to secure their systems against potential threats through pre-emptive measures, such as security assessments, and cutting-edge solutions to security challenges.

vCISO Services

vCISO Services

vCISO Services is a small, specialized, veteran-owned firm focused on the needs of SMBs only.

Archon Secure

Archon Secure

Archon GoSilent Cube delivers a CSfC-certified, plug-and-play security solution for classified and unclassified communication when using the public Internet.

Gorilla Technology Group

Gorilla Technology Group

Gorilla specializes in video analytics, OT network security and big data to support a wide range of solutions for commercial, industrial, cities and government purposes.

CyberEPQ

CyberEPQ

CyberEPQ (Cyber Extended Project Qualification) is the UK’s first and only Extended Project Qualification in Cyber Security.

Defendis

Defendis

Defendis develops AI-powered cybersecurity solutions for Government Agencies, Banks, and Businesses, designed to helps them contain data leaks, minimise damage, and proactively hunt for new threats.