The impact of inexpensive IT networking systems has made cyberwarfare capabilities relatively cheap initiatives compared to pursuing nuclear weapons. For instance, North Korean hackers are chosen from universities and begin training at the age of 17. Pay is remarkably good, elevating the hackers and their families to high social status. The question remains: who wins, who loses, and what can we learn from cyberwarfare?
North Korean Cyberwarfare, Unit 121
North Korean defectors report that the Democratic People’s Republic of Korea employs over 1,800 hackers in Unit 121. In addition, other smaller units work under the General Bureau of Reconnaissance that houses hackers all over the world. The difference is that Unit 121 is assigned the responsibility of disabling communications and command control in South Korea while smaller units, such as Lab 110, specifically target the telecommunications infrastructure in the event of a war.
Incident response plans are essential components of preparing for cyber attacks. In fact, they are consistent themes in IT security recommendations. Responsible organizations segment networks, implement access controls limits, and audit infrastructures for inappropriate connections and unfiltered access.
The most successful hackers indicate that walking into corporations and walking out with confidential information is simple. Techniques for securing sensitive data both in person and via the Internet include:
- Acting like you belong by carrying around a tablet PC with you
- Appearing as a journalist requiring data or posing as a computer security specialist
- Writing, testing, and debuging open-source software
- Running, living, and breathing Unix, which is the operating system of the Internet
- Developing competency in myriad programming languages
- Building proficiency in writing HyperText Mark-Up Language (HTML)
- Thinking creatively and believing in freedom and mutual responsibility
- Learning to solve problems correctly on the first attempt
- Recognizing and fighting against censorship and authority
- Publishing useful information for the hacker culture
The growth of a genuine hacker is more verbose than intended. Hacks can range from practical jokes to an illustriously innovative computer program. Regardless of the type of hack, it must appear esthetically perfect. For example, hackers can create an entire HTML page embedded in a redirect page of the data URL to make it look exactly like the page it was before.
Multinational Government-backed Hackers
Garnering entrance to a system through stolen credentials and working deeper into networks to spread malware is similar to criminal breaches. The tools and skills used by attackers are conveniently available to just about anyone with determination, drive, energy, time, and access to the Internet. An instant supply of freelance cybercriminals and hackers is available to help any enterprise break into networks for the right price.
Hackers are the new Mafia of organized crime. Gangs in nations like Russia and China are particularly dangerous and resourceful, especially since governments in those countries are sponsoring the secret efforts of hackers and protecting them from international law enforcement.
Iran and India reportedly have armies of state-sponsored hackers infiltrating our critical infrastructure. The hackers are preparing for attacks that could paralyze the nation and create a profound and a new sense of vulnerability. In this way, cyberattacks are real threats to our security and our economy.
Predicting Cyber Wars of the Future
A meta-war between government and industry highlights the race to convince the most intellectual hackers to join one side of the war or the other. Cybersecurity is the fastest-growing and fastest-changing area of threat and opportunity. For that reason, predicting cyber wars of the future requires assembling an army of cyber warriors. Building the environment that allows hackers to do legally what would normally land them in jail means targeting those who might not pass government security clearance. For instance:
- The Federal Bureau of Investigation has a strict three-year no-use drug policy, disqualifying a large number of perfectly skilled and trustworthy young hackers entering the workforce who have used drugs in the past.
- Marketing efforts and compensation are more attractive in the private sector. Some hackers genuinely want a job so they can lawfully do what they do best.
- Understanding someone who thinks outside of the box means not putting them in a box. The government tends to do just that with the hackers they recruit.
- Private industry does not require hackers to wear a suit and tie, and tattoos are welcome.
World-wide Damage Potential
Successful hacks, even if not strategically relevant, set precedents that could encourage other countries like Russia and China to pursue American interests. If something of this proportion were to topple our government, it could produce disastrous results.
Winners, Losers, and Lessons Learned
Winning and losing is often synonymous during cyber warfare. However, for every enterprise-level problem, a teachable moment exists, such as:
- Recognizing that terrorists win when an activity is responded to, regardless of the level of response
- Perceiving the immediate effects on corporate and popular cultures
- Setting precedents for cybercrime with lack of responses
- Risking escalated situations by responding to threats of and actual attacks
Modeling corporate culture, emphasizing ownership, and staying ahead of the curve all result in clearly evolved guidance and a culture where employees feel invested in their work and take ownership of tasks assigned to them. While hacks are inevitable, a state of preparedness asserted by a healthy corporate culture that puts security first is the only credible method that an attack can be accurately contained and strictly managed.
The only long-term answer to a cyberwarfare threat is to make it increasingly hard to find vulnerabilities in IT systems and decrease the risks associated with successful attacks. That means that academic institutions, corporations, and software and hardware companies have to step up to actually make their networks less vulnerable to this type of attack by implementing better data security protocols. Another option is to let the government exert supplementary controls over the safety of the Internet. Nevertheless, all businesses need to pay close attention to cyberwarfare and begin to take data security seriously.