Thursday, 23 February 2012
Kim Jong Un and cyberwarfare. Overrated threat?
Kim Jong Un and cyberwarfare. Overrated threat?
By Security Asia Editors | Jan 4, 2012
0 comments
Digg
PrintThe death of North Korean dictator Kim Jong Il has understandably set neighboring South Korea and other countries in the region on edge. But should it put the western world on high alert as well, for possible cyberattacks?
Two cyber security experts have different views on the matter.
There is general agreement that the transition of power could bring significant instability to the region. While the dictator's son, Kim Jong Un, was named by his father to succeed him, the twenty-something Kim has had only two years to be groomed for the position, while his father had 14. He was made a four-star general by his father, but has never served in the military.
And even if the younger Kim does take power seamlessly, there is speculation that he may deliberately act aggressively to quash even the thought of an "Arab Spring" type of rebellion, to consolidate his power and establish a reputation throughout the world that he will be just as unpredictable and threatening as his father.
South Korea's largest news agency, Yonhap, reported that the country had put its military on high alert.
Korea Communications Commission (KCC) raised the cyber alert to the third-highest level over the weekend and stepped up monitoring on distributed denial-of-service attacks, hacking incidents and other assaults via the Internet.
John Linkous, vice-president and chief security and compliance officer of eIQnetworks, says this amounts to "a strong possibility" that North Korea could launch cyberattacks against the U.S.
And he says neither private industry nor government may be adequately prepared.
"On the commercial side, if you look at all the successful cyberattacks over the past year, businesses are not prepared," he says, noting that most of those attacks are from smaller organizations, not nation states.
"On the federal side, I would like to think we are prepared, but we probably are not," Linkous says. "We have so much infrastructure spread out over the world that economically and mathematically it's almost not feasible."
He notes that Vivek Kundra, former U.S. chief information officer, gave government cybersecurity a "B" grade before he left office in August.
"The (attack) vectors themselves are not that sophisticated, but they don't need to be," he says. "The reality is that this is a nation that clearly views itself as world leader and wants to assert itself in every way. Cybersecurity is a big part of that.
But Gary McGraw, chief technology officer for Cigital, doesn't see the political instability in the country as a direct threat, and says he doesn't think North Korea has the ability to launch a disabling cyberattack.
"A few times in the past North Korea has been blamed for stuff without much evidence, and it wasn't much beyond denial of service anyway," he says.
McGraw says the kind of attacks that might come from North Korea, are the kinds of things that Google and Amazon probably wouldn't even notice, and if they did, they would have no trouble shutting them down."
He says while cyberwar should be taken seriously, some of the fears about it are the result of hype.
North Korea, he says, has much more serious internal problems to confront.
"Why are we wringing our hands over cyberwar?" he asks. "We ought to be wringing our hands over the fact that they can't even feed their own people."
Similar
Add comment
knowledge_central_tab
Knowledge Central
Developing an enforceable mobile security policy 
Security risks have been heightened by the proliferation of employee-owned mobile devices in many enterprises. Employees will almost always take the path of least resistance in leveraging mobile devices for business purposes, which may lead to unsafe computing practices. A clearly documented and enforceable mobile security policy is critical to reducing the risk of data loss.
When Android apps want more than they need
So you just bought a new Android-based smartphone, what comes next? What else but the most exciting part—downloading the right apps to boost its functionality. You may even want to download a game or two or a movie or an MP3 player. But what if apps demand more of your personal information than they actually need?
Essar Group fights three BYOD devils
Say BYOD, and CIOs cringe. They complain of security, supporting a flood of devices and losing control. But the CIO of Essar Group just proved his peers wrong. Here's how.
How Cisco deals with the BYOD revolution
Cisco Systems Inc. is one of the biggest IT companies in the world, with a disciplined organization.
However, even its employees were unable to resist the bring-your-own-device revolution, which resulted in an explosion of SUSE Linux and Apple OS-based devices on a network that in 1999 had standardized on Windows. The company's IT department finally agreed to support new platforms, and learnt lessons from the experience.
