This summer Leonid Petrov characterized cyber-warfare as North Korea’s most “cost-effective way of intimidating the South.” South Korea is responding to the threat by bolstering external defenses and tightening internal controls.
Earlier this year one South Korean ministry announced a strategy that emphasizes quality over quantity. According to a report in Dong-A Ilbo, “The government will foster six IT security agents to supervise national cyber security in the belief that cyber warfare can be won by a single genius, not numbers. The Knowledge Economy Ministry and the Korea Information Technology Institute have launched the “Best of the Best” program, which selects six “white” hackers by March next year with a budget of 1.9 billion won (1.66 million U.S. dollars). Each of the six will be in charge of six areas: cloud computing security; mobile phone security against hacking of smartphones; converged security that blocks both cyber hacking and attempts to sabotage offline government facilities; vulnerability analysis; and digital forensics, or collecting evidence of cyber hacking; and security consulting providing legal and policy advice on IT security…. The six hackers will be included in the pool of human resources for government agencies in charge of cyber security such as the National Intelligence Agency, the National Police Agency and the Cyber Command and get assistance in joining IT security companies. The candidates range from high school to graduate students, and even include one of the most famous hackers in the country.” At $277,000 per genius, I’m not sure if I would describe this expenditure as lavish…
In the meantime, the Ministry of National Defense is taking a different tack. It announced that it was doubling the size of its Cyber Command, established in January 2010, to 1,000 people.
At Peterson, this diversity of responses is known as “the portfolio approach.”
Certainly, some defense is better than no defense. But in an interesting report my former teacher Ken Lieberthal along with Peter Singer makes the point that at this juncture, “offense” appears to have an overwhelming advantage over “defense”:
“The one seeking to penetrate a computer network, at least at present, is at a great advantage relative to the defender. The Internet was designed to share information easily, not prevent its flow. Historically, an imbalance in favor of the offense increases the incentives to act maliciously and quickly, while it also lowers each side’s confidence in its ability to deter attack and defend itself effectively.
It is rarely possible to identify with complete confidence the actual initiator of a malicious cyber activity. The ability to capture the operations of another computer and use it to launch activities that its owner does not intend and might even be unaware of further complicates the issue of attribution.
Policy, which often moves at a slower pace than technical innovation, is inevitably at risk of being fundamentally out of synch in dealing with exponential rates of technological change in cyber capabilities. Additionally, at least in policy terms decision-making time is, in effect,
compressed in cybersecurity. While proper preparations for an attack may require weeks or months, the actual elapsed time for its successful execution may be counted in nanoseconds. Thus, the normal processes of governments and institutions to decide on responses may simply be irrelevant to the problem.”
South Korea is also acting on the home front, so to speak. The South continues to indict its own citizens under the National Security Law (a couple of examples: 1 2), and at least one gang of young cyber-vigilantes is off scrubbing the net of pro-North Korean material. It beats sniffing glue, I suppose.