What a cyberwar with North Korea could look like, according to a cybersecurity expert
North Korea has been launching missiles and issuing threats against the Unites States for years. But in addition to nukes, Kim Jong Un's regime has also likely been working on the cyber front to design attacks against America. We spoke with Ang Cui, founder of Red Balloon Security, about what types of attacks North Korea might be able to pull off based on what we have seen elsewhere in the world. Following is a transcript of the video.
Ang Cui: Hello, my name is Ang Cui. I am the founder and chief scientist of Red Balloon Security.
You know the question of whether North Korea has the capability of disrupting our critical infrastructure is pretty clearly answered: yes. They have the capability like many other people on this planet.
Attribution is very difficult in cybersecurity. So let's look at it a simpler way. What is the capability that someone like North Korea can get access to and put to use? Can they reach into this country and turn down the power? Or can they interrupt our telecommunication? This is no longer the state of art and strictly restricted to nation states. Someone with a modest amount of resources and some amount of time can probably pull this off.
So, for example, a few years ago, there was a power plant that was disabled in the Ukraine. That significantly disrupted their power infrastructure. The same type of embedded controllers that live inside that Ukrainian power plant are the same ones that we use in the United States and in a whole lot of other places in the world.
If an attacker has the ability to reach one of those devices in the Ukraine, they can certainly reach into devices that live here in the United States.
One thing that you can look at is the Mirai botnet. That's basically a botnet of computers that are made of home routers and IP cameras that took down major portions of the internet. And that wasn't an attack that can only be levied by a nation-state. It was able to levy a denial-of-service attack larger than any other DDOS attack we've ever seen on the planet. The Mirai botnet attack could have been pulled by a very small group of people with very little amount of resources. The person or persons who decided to create this eventually ended up putting the source code up to share with the world.
At this point, anyone can take that source code and create their own tiny botnet using embedded devices. And this is a serious security problem that we as a community and also as a planet need to address going forward.
So can we use our cyber capabilities, for example, to prevent the successful launch of a North Korean missile?
We have the option of shooting a kinetic missile at it in order to blow it out of the sky. We certainly have demonstrated that capability. But there has been this other strategy that's been brought forward called the left of launch. Now this is a strategy where instead of using our kinetic might to stop nuclear weapons from hitting the mainland, we use everything else, alternative techniques at our disposal to interfere with, sabotage, prevent successful launches of missiles the left of the timeline.
And on the surface of it, it's a very good idea. It's a sexy idea.
We are also very vulnerable to similar types of attack from countries like North Korea. Once we use a weapon or capability against our adversary, we can expect that that adversary will be able to reverse engineer that attack and turn it right around and use it on us.
So there is a strategy and a dynamic where you have to be very considerate and strategic about when to use certain attacks.
I do believe that our nuclear weapons are safer today, but are they completely invulnerable to cyber attack? Absolutely not. Because they are an embedded device running general purpose code, they can be exploited just like any other general purpose computer running potentially buggy code.