(Cyberwar.news) A newly released report warns that the United States should expect “higher-intensity” cyber attacks from North Korean hackers in part by formulating a tougher response policy.
Right now, the report [PDF] by the Center for Strategic and International Studies claims, U.S. policies in response to hacking and cyberattacks against government and private industry are insufficient, and because of that they put the U.S. “in the position of being repeatedly assailed by [low-intensity] attacks without concrete mechanisms to effectively respond.”
Titled, “North Korea’s Cyber Operations,” the CSIS report warns that the low-intensity attacks are likely to cost the U.S. government and private firms millions of dollars as well as degrade the American public’s confidence in Washington’s ability to deter them, the Washington Free Beacon noted.
The site further reported:
The paper, drawn from a study that began in March 2014, cites the November 2014 cyber attack on Sony Pictures Entertainment and earlier attacks on South Korean institutions as evidence that North Korea is “capable of conducting damaging and disruptive cyber attacks” and is also “heavily invested” in expanding its cyber capabilities for political and military ends.
The Obama administration imposed new sanctions on Pyongyang in early 2015 following the FBI’s conclusion that North Korean hackers were responsible for a massive attack against Sony Pictures, the movie studio that produced “The Interview,” an action-comedy depicting the assassination of Kim Jong Un, the country’s leader. GOP members of Congress and other experts like former Hewlett Packard CEO and current Republican presidential contender Carly Fiorina criticized the administration’s response as puny.
“We need to step up and target those financial institutions in Asia and beyond that are supporting the brutal and dangerous North Korean regime,” Rep. Ed Royce (R., Calif.), chair of the House Foreign Affairs Committee, said a year ago. “Such sanctions have crippled North Korea in the past, leaving the regime unable to buy the loyalty of its generals.”
The 100-page report marks one of the first truly comprehensive studies regarding North Korea’s burgeoning cyberwar capabilities. And while analysts at CSIS said in the report that they believe attacks from Pyongyang will continue to be “low intensity,” the U.S. should nonetheless prepare for a “worst-case scenario” of attacks of a higher caliber.
“North Korea may be emboldened, either from past success or a miscalculation of its capabilities and adversary resolve, and elevate the intensity of its cyber attacks. This could lead to crossing of the use of force threshold and an escalation of conflict with the United States and ROK,” the study says, employing an acronym for the Republic of Korea, or South Korea.
“While the lower-intensity options are more probable because continued small provocations are less likely to risk an escalatory response from the U.S. and ROK, planners should prepare for scenarios of spikes in intensity based on a history of unexpected provocations by North Korea,” researchers said in the report.
- More: 2015 plagued by cyber breaches of government, industry systems – but it’s only going to get worse
It further notes:
In response to the cyber attack against Sony in November 2014, policymakers did not have an established menu of proportional response options, thus hindering the ability of the United States to respond quickly and send a clear signal. Establishing a declared policy allows for more timely responses and may have deterrent effects.
For her part, Fiorina – the only presidential candidate of either party in the current presidential election cycle to appreciably address the issue of cyber security – has called emerging cyber threats “urgent.”
“The Patriot Act was written 14-years-ago and technology has gone through probably four generations since then,” she told Breitbart News, adding President “Obama’s cybersecurity strategy was written three years ago and technology has gone through a generation since then.”
Cybersecurity experts agree that one of the most effective strategies is to make adversaries pay for attacking you.
“Deterrence is the most effective strategy for national defense against cyber-attacks launched by nation-states,” said Howard Teicher, a former Asia expert for the National Security Council under President Jimmy Carter and President Ronald Reagan, and current vice president of public sector for Radware, a cyber security firm.
“But for deterrence to be credible, a nation-state most possess counter-attack tools and use them from time to time,” he told Cyberwar.news. “Our adversaries must believe that we can and will act with cyber force to think very carefully before striking the [U.S. government].”
He said to better protect its systems going forward, the government should “harden its perimeter and cloud defenses by deploying next generation, behavioral based solutions which provide automatic defense against” a myriad of encrypted threats.
Cyberwar.news is part of the USA Features Media network of sites. For advertising opportunities, click here.
Materials reuse policy: Click here