US Has A Secret Cyberwar Going Against North Korea

Three years ago, President Barack Obama ordered Pentagon officials to step up their cyber and electronic strikes against North Korea’s missile program in hopes of sabotaging test launches in their opening seconds.

Soon a large number of the North’s military rockets began to explode, veer off course, disintegrate in midair and plunge into the sea.

Advocates of such efforts say they believe that targeted attacks have given American antimissile defenses a new edge and delayed by several years the day when North Korea will be able to threaten American cities with nuclear weapons launched atop intercontinental ballistic missiles.

But other experts have grown increasingly skeptical of the new approach, arguing that manufacturing errors, disgruntled insiders and sheer incompetence can also send missiles awry.

Over the past eight months, they note, the North has managed to successfully launch three medium-range rockets. And Kim Jong-un, the North Korean leader, now claims his country is in “the final stage in preparations” for the inaugural test of his intercontinental missiles, perhaps a bluff, perhaps not.

An examination of the Pentagon’s disruption effort, based on interviews with officials of the Obama and Trump administrations as well as a review of extensive but obscure public records, found that the United States still does not have the ability to effectively counter the North Korean nuclear and missile programs.

Those threats are far more resilient than many experts thought and pose such a danger that Mr. Obama, as he left office, warned President Trump they were likely to be the most urgent problem he would confront.

Mr. Trump has signaled his preference to respond aggressively against the North Korean threat. In a Twitter post after Mr. Kim first issued his warning on New Year’s Day, the president wrote, “It won’t happen!” Yet like Mr. Obama before him, Mr. Trump is quickly discovering that he must choose from highly imperfect options.

He could order the escalation of the Pentagon’s cyber and electronic warfare effort, but that carries no guarantees. He could open negotiations with the North to freeze its nuclear and missile programs, but that would leave a looming threat in place.

He could prepare for direct missile strikes on the launch sites, which Mr. Obama also considered, but there is little chance of hitting every target. He could press the Chinese to cut off trade and support, but Beijing has always stopped short of steps that could lead to the regime’s collapse.

In two meetings of Mr. Trump’s national security deputies in the Situation Room, all those options were discussed, along with the possibility of reintroducing nuclear weapons to South Korea as a dramatic warning. Administration officials say those issues will soon go to Mr. Trump and his top national security aides.

The decision to intensify the cyber and electronic strikes, in early 2014, came after Mr. Obama concluded that the $300 billion spent since the Eisenhower era on traditional antimissile systems, often compared to hitting “a bullet with a bullet,” had failed the core purpose of protecting the continental United States.

Flight tests of interceptors based in Alaska and California had an overall failure rate of 56 percent, under near-perfect conditions. Privately, many experts warned the system would fare worse in real combat.

So the Obama administration searched for a better way to destroy missiles. It reached for techniques the Pentagon had long been experimenting with under the rubric of “left of launch,” because the attacks begin before the missiles ever reach the launch-pad, or just as they lift off.

For years, the Pentagon’s most senior officers and officials have publicly advocated these kinds of sophisticated attacks in little-noticed testimony to Congress and at defense conferences.

The approach taken in targeting the North Korean missiles has distinct echoes of the American, and Israeli-led sabotage of Iran’s nuclear program, the most sophisticated known use of a cyber-weapon meant to cripple a nuclear threat.

But even that use of the “Stuxnet” worm in Iran quickly ran into limits. It was effective for several years, until the Iranians figured it out and recovered. And Iran posed a relatively easy target: an underground nuclear enrichment plant that could be attacked repeatedly.

In North Korea, the target is much more challenging. Missiles are fired from multiple launch sites around the country and moved about on mobile launchers in an elaborate shell game meant to deceive adversaries. To strike them, timing is critical.

Advocates of the sophisticated effort to remotely manipulate data inside North Korea’s missile systems argue the United States has no real alternative because the effort to stop the North from learning the secrets of making nuclear weapons has already failed.

The only hope now is stopping the country from developing an intercontinental missile, and demonstrating that destructive threat to the world.

The White House is also looking at pre-emptive military strike options, a senior Trump administration official said, though the challenge is huge given the country’s mountainous terrain and deep tunnels and bunkers.

Putting American tactical nuclear weapons back in South Korea, they were withdrawn a quarter-century ago, is also under consideration, even if that step could accelerate an arms race with the North.

NYTimes

Cyberwarfare: Borders Offer No Defense:

Surprise: N Korea Hacked S Korea Cyber Command:

Was North Korea Behind The IoT DDoS Attack?:

 

 

« Newspaper Subscriptions are on the Rise
Increasing Healthcare Cybersecurity Risks »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

F-Secure

F-Secure

F-Secure defends enterprises and consumers against everything from opportunistic ransomware infections to advanced cyber attacks.

National Agency for the Security of Information Systems (ANSSI) - France

National Agency for the Security of Information Systems (ANSSI) - France

The role of Agence Nationale de la Sécurité des Systèmes d'Information (ANSSI) is to foster a coordinated, ambitious, pro-active response to cybersecurity issues in France.

NetExtend

NetExtend

NetExtend services include backup and recovery, endpoint protection, network monitoring, cloud portal and billing and payment solutions.

Core Security

Core Security

Core Security provides threat-aware identity, access, authentication and vulnerability management solutions.

Telesoft Technologies

Telesoft Technologies

Telesoft Technologies is a global provider of cyber security, telecom and government infrastructure products and services.

Hypori

Hypori

Hypori is a virtual smartphone solution that makes truly secure BYOD a reality for organizations in healthcare, finance, government, and beyond.

Noventiq

Noventiq

Noventiq (the brandname of Softline Holding plc) is a leading global solutions and services provider in digital transformation and cybersecurity.

CyberWhite

CyberWhite

CyberWhite is a disruptive provider of cyber security and risk mitigation solutions.

Semmle

Semmle

Semmle's code analysis platform helps teams find zero-days and automate variant analysis. Secure your code with continuous security analysis and automated code review.

Elisity

Elisity

Elisity Cognitive Trust is a new security paradigm that combines Zero Trust Network Access and an AI-enabled Software Defined Perimeter.

OpenAVN (DefenseArk)

OpenAVN (DefenseArk)

Defending your life online, keeping your data safe and private. We detect digital threats magnitudes faster than the leading antivirus software.

Wing Security

Wing Security

Wing fosters a stronger security culture by engaging SaaS end-users and enabling easy communication with security teams.

Ekco

Ekco

Ekco is one of Europe’s leading managed cloud providers. With a network of infrastructure and security specialists across Europe, we’ve perfected our approach to supporting digital transformation.

Timus Networks

Timus Networks

Timus Networks enables today's work from anywhere organizations to secure their networks very easily and cost effectively.

GuardYoo

GuardYoo

GuardYoo's SaaS platform allows cybersecurity professionals to perform Compromise Assessment remotely from anywhere in the world.

Uptime Institute

Uptime Institute

Uptime Institute is an unbiased advisory organization focused on improving the performance, efficiency, and reliability of business critical infrastructure.