Drop a pre-emptive cyber bomb on North Korea?

Cyberwarfare experts share opinions on how to deal with the North Korean cyber threat.

cyber bomb North Korea, cyberwarfare
U.S. Army illustration

Cybersecurity Ventures posted a Twitter Poll yesterday, asking if the civilized world should launch a pre-emptive cyber strike or wait for North Korea to cyberattack first? 

More than 1,000 votes were tallied within hours of the poll going live. 

  • 67% voted to drop a cyber bomb on North Korea. 
  • 33% voted to wait until North Korea strikes first.

To be clear, this isn’t about just any type of hacking. Malicious cyber actors from North Korea have been engaged in cyberwarfare activities against the U.S. and its allies for quite some time.

"Any cyber strike by the U.S. against North Korea would be retaliatory and not pre-emptive,” says Casey Fleming, CEO at BLACKOPS Partners. “North Korea has been hacking the U.S. private sector, government and allies for years," adds Fleming, a member and speaker of the U.S. Secret Service - Electronic Crimes Task Force (ECTF) for the past six years.

The poll moves the needle to a discussion around a devastating grade cyber attack. Not a pleasant thought. But who drops the cyber bomb first — if one gets dropped at all. 

What cyberwarfare experts say about North Korea 

Cyberwarfare experts suggest diplomacy. 

“A civilized nation should exhaust all diplomatic avenues and international treaties and relationships before launching a preemptive cyber strike on the PRNK (People’s Republic of North Korea),” says John Wood, CEO at Telos Corporation (founded in 1971), a provider of secure IT solutions to the U.S. federal government. 

Launching a major cyber strike should be a last resort.

“If the PRNK continues to threaten that nation and diplomatic efforts fail, then that nation could determine that a cyber attack that would disrupt or cripple their nuclear program would be an appropriate next step and minimize the risk of further escalation,” adds Wood. 

While hostile posturing from North Korea is headline news this week, it’s hardly the first time. 

“Historically, a combination of diplomacy and sanctions have proven to be the most effective method of slowing North Korean aggression, and I strongly believe that the U.S. and its allies must exhaust those options before we entertain the prospect of any preemptive strike, including a cyber attack,” says Bill Conner, CEO at Sonicwall, a company that has been battling cyber crime globally for more than 25 years. 

Cyber protecting organizations in the event of a digital attack launched by North Korea — whether they strike first or not — may be where the attention really belongs. 

“As any engagement with a rogue actor like North Korea would be asymmetric, as they have far less to lose, it’s critical that governments and businesses alike build strong cyber defense capabilities,” adds Conner. 

No assurances with a cyber bomb 

There’s no assurances that dropping a cyber bomb on North Korea would have the desired effects. 

“I do not believe that in this incident, we should launch a preemptive cyberstrike on North Korea,” says Mike Janke, co-founder at DataTribe, a cybersecurity incubator working with startups in the Washington, D.C., area. “There is no guarantee that it will have the desired impact, and we have enough kinetic firepower to end any engagement quickly. This could be the ‘fodder’ that North Korea needs to launch missiles at Japan and South Korea. Not a smart strategic action.” 

Regardless of how harmful a cyber attack on North Korea might be, it would not stop their cyber aggression. 

“North Korea is a very tricky target,” says Janke, a former Navy SEAL. “They are insular. Their networks are isolated and archaic. Could we take out part of the power grid — sure. Could we ‘brick’ a few installations — sure. That in of itself does not guarantee we have stopped a capability. Again, not a smart strategy as a preemptive strike.” 

The idea of declaring cyberwar against North Korea — to be most effective — would need to be global. 

“Technically, a cyberstrike will be part of a global attack strategy on North Korea as it was with Iraq,” says Dario Forte, CEO at DFLabs, a leading global breach and incident response firm headquartered in Italy.

The U.S. would need to engage Europe, Israel, Japan and other countries in a cyberwar against North Korea.

“A pre-emptive cyberstrike will much probably be conducted in parallel and multi-modal/multi source. And it will be not only originated by the U.S., but possibly also via the U.S. allies as well,” adds Forte.

To sum up on the poll, the cyberwarfare experts appear to be in the minority. But they bring the most wisdom, and they espouse what may be the only practical strategy for coping with a potentially catastrophic world problem.

Putting the idea of cyber bombs aside, North Korea is an unrelenting cyber aggressor.

According to a recent United States Computer Emergency Readiness Team (US-CERT) bulletin, Hidden Cobra is leveraging malware called DeltaCharlie, which is the brains behind North Korea’s distributed denial-of-service (DDoS) botnet infrastructure targeting the media, aerospace, financial, and critical infrastructure sectors in the U.S. and elsewhere.

The more cyber eyes on North Korea, the better.

Visit SteveOnCyber.com to read all of my blogs and articles covering cybersecurity.

Follow me on Twitter @CybersecuritySF, or connect with me on LinkedIn. Send story tips, feedback and suggestions to me here.

New! Download the State of Cybercrime 2017 report