0424-[Editorial] Cyber security bill

It took seven months for the police-run Cyber Terror Response Center to confirm that North Korea was behind a cyber attack on the Seoul-based JoongAng Ilbo daily last June. But it took much less time until a joint investigation, led by the National Intelligence Service, determined that it was North Korea again that attacked the computer systems of South Korean television broadcasters and financial institutions on March 20-26.

As the joint investigation proved, a coordinated action involving both the public and private sectors is more efficacious than one taken by a single government agency. That is the reason why one government agency needs to be empowered to coordinate action against cyber terror. But no underlying legislation is forthcoming.

A team of government, military and civilian investigators said Wednesday, three weeks after the initial attack, that North Korea’s military-run Reconnaissance General Bureau was responsible for the cyber attack. As evidence, it presented some of the codes used in the attack, which it said were identical to those used in malware previously linked to North Korea’s military intelligence agency.

The Reconnaissance General Bureau, which has thousands of cyber warfare experts under its wing, appeared to have made meticulous preparations long before the attack. The joint investigation team said the intelligence agency started to infiltrate into the target computer systems for monitoring and data theft at least eight months before it sent out the command to delete data stored on their servers.

Another piece of evidence of careful preparation, the investing team said, was that North Korean hackers had gotten access to the computer systems of the financial institutions on as many as 1,590 occasions when they sent out the attack command. It said that 67 of the 76 codes in malware were used for infiltration and monitoring, with only nine of them used for data deletion.

North Korean hackers are becoming increasingly sophisticated in their attacks on the computer control systems of South Korean government agencies, financial institutions, news media and other organizations. As such, the South’s online infrastructure needs greater protection. But neither the public sector nor the private one is vigilant enough against North Korea’s cyber terrorists.

The government has yet to establish a comprehensive defense against cyber terror. The private sector is not keen on spending on cyber security. Individuals are rarely alert to the possibility of their personal computers being exploited by North Korean hackers mounting an attack on South Korean computer networks.

North Korea has good reason to keep a large elite force of cyber warfare experts ― about 3,000, according to one South Korean estimate. A cyber attack can deal a great amount of damage to South Korea’s vital infrastructure at low cost.

Of course, it is not South Korea alone that is vulnerable to cyber terror. Last October, U.S. Defense Secretary Leon Panetta said: “Foreign cyber actors are probing America’s critical infrastructure networks. They are targeting the computer control systems that operate chemical, electricity and water plants and those that guide transportation throughout the country.”

As he said, cyber terrorists are trying to create sophisticated hacking tools to attack computer networks and “cause panic, destruction and even the loss of life.” Undoubtedly among them are North Koreans who are targeting South Korean infrastructure.

By mobilizing 270,000 “zombie” personal computers in the South in 2009, North Korea launched “distributed denial-of-service” attacks, better known as DDoS attacks, against the presidential office, the National Assembly and other government organizations. Two years later, it also put the computer network of NongHyup Bank into paralysis, causing great inconvenience to its clients.

Now North Korea is widening its targets, as was seen in the March 20 case that involved television broadcasters and financial institutions. It should not come as a surprise if an emboldened Reconnaissance General Bureau attempts to launch online attacks on the nation’s power grids, transportation systems and other vital infrastructure in the future.

Still, no sense of urgency is found among the administration, the legislature and the business community. Each time South Korea was hit by a cyber attack from the North, many voiced a need to give the National Intelligence Agency or any other government agency a mandate to coordinate action for cyber security.

The administration will have to hasten to write a bill giving the mandate to the National Intelligence Agency. No other agency can do the job better than the spy agency, whose main mission is to gather intelligence on North Korea.