South Korea and the US ignored advance warning that North Korea might mount cyber attacks should the US and allies punish the north for launching ballistic missiles.
As DoD Buzz readers know, Kevin Coleman warned of this and offers a pretty devastating critique of the defenses available to US cyber warriors. Coleman, a consultant on cyber war to Strategic Command, says we knew the attacks were likely, couldn't handle a relatively unsophisticated (though persistent) attack from one of the world's less capable cyber forces and illuminates the still poor coordination between US government departments and agencies.
Kevin's story follows:
The U.S. Government now admits they did not properly handle the situation. Sources have revealed that the South Korean government knew in advance that the distributed denial of service (DDoS) attacks that hit multiple web sites of major institutions in South Korea had begun earlier in the United States.
Late last week South Korea's intelligence agency briefed its lawmakers on circumstantial and technical evidence behind their belief that North Korea was behind the recent cyber attacks. Other intelligence sources went as far as to state that Kim Chong Un, the third son of North Korean dictator Kim Jong Il, was the mastermind of the cyber attacks that have hit government computers in the United States, South Korea and other some 14 other countries.
Foreign intelligence sources have also reported that the North Korean government sent a cyber contingent of approximately a dozen people across the northern border into China to conduct some of the operations and that Kim Chong Un actually was in commanded of that unit. Also sources have speculated that North Korean Research and Development Unit (110 or 101) and Cyber Warfare Unit 121 were the primary military units involved in the planning and execution of the DDoS style cyber attack. At least one Republican lawmaker urged President Obama to take retaliatory action (cyber attacks) against North Korea for the cyber attacks launched last week.
Given the extremely limited telecommunication infrastructure (estimated 1.18 million phone lines) and the limited Internet connectivity (given the less than 80,000 broadband connections) a cyber attack would be next to useless. After studying and researching the cyber attacks the following observations are offered.
1. The current U.S. defenses against cyber attack are woefully inadequate against even moderate level attacks as we have just experienced.
2. The fact that these attacks were well-coordinated, lasted as long as they did and were able to bring down a number of sites says more about the state of our defenses than the moderate rated offensive cyber capabilities of North Korea.
3. This clearly shows the need for the international agreement for cyber attack investigation cooperation that has been called for by many cyber warfare experts including me. These attacks were routed/launched through compromised computers in 16 countries.
4. Reports that the Department of Defense was not alerted to the attacks and found out through the media indicate that better coordination between DOD, DHS, DOJ and other government organizations as well as the private sector is critical in times of cyber attack and therefore must be improved and maintained.
5. There are unconfirmed reports for typically reliable sources that a South Korean intelligence agency has obtained documents ordering North Korean army units to start the cyber attack. If true, this could be the smoking gun! Once verified, that would open the way for retaliatory action.