South Korea's cyber-war ambitions could backfire badly

February 25, 2014 by Alan Woodward
What’s worse than an enemy with a gun? An enemy with malicious code. Credit: Niall Carson/PA Archive/Press Association Images

South Korea has made a suprisingly public announcement that it plans to develop cyber-weapons for potential use against North Korea. The decision to make its plans known is baffling and the potential consequences of taking hostilities online are deeply troubling.

When the Iranian nuclear processing plant at Natanz was hit with Stuxnet it marked a new stage in modern warfare. Stuxnet was the first code-based weapon ever used and by the time it was discovered in 2010, it had ruined almost a fifth of the Natanz centrifuges and caused so much disruption that the Iranian nuclear programme is yet to fully recover.

For those with a vested interest in seeing the Iran's nuclear ambitions fail, Stuxnet appeared to be a major success. But the law of unintended consequences has resulted in some very troubling repercussions from the attack on Natanz, which makes it all the more surprising that South Korea wants to take a similar path.

From a purely technical perspective, Stuxnet was truly impressive. It targeted a particular class of computer called a Supervisory Control And Data Acquisition (SCADA) system. The virus was able not only to disrupt Iran's centrifuges so that they ran at incorrect speeds, but also report back to the power plant controllers that everything was fine. While it caused havoc by making highly sensitive systems operate erratically, those in charge had no idea anything was wrong.

The SCADA systems attacked by Stuxnet were a particular range made by Siemens, which were known to be used in the Natanz facility. That means the attack was probably highly targeted. It appeared to be the code equivalent of the type of smart bomb you see on the TV. It was able to take out the bad guys without any messy collateral damage.

But that's fiction. The reality is that "surgical strikes" often do have collateral impact and so did Stuxnet. In fact, Stuxnet's collateral impact continues to be felt today, years after the original attack. The reason is simple: SCADA systems are used in just about every form of critical infrastructure we need in modern life, from our power stations to water processing plants to transportation control systems. And the versions produced by Siemens are among the most commonly used SCADA systems.

By releasing a code-based weapon like Stuxnet, the still unidentified attackers did something quite different to launching a missile in Iran. Rather than exploding on impact, the weapon stayed intact.

When you use a weapon against an adversary and it is not destroyed, you have effectively given it the weapon to re-use elsewhere. So it was no great surprise when copies of Stuxnet became available around the world and it soon became possible to watch a YouTube video showing how to modify the code to attack your chosen SCADA system. It took only slightly longer for derivatives of Stuxnet to appear and the sons of Stuxnet were easier to use and faster to deploy. Weaponry has a horrible habit of evolving quickly and code-based weapons are even easier to improve than most.

Hi, we're the enemy

One thing that Stuxnet did have was plausible deniability. It was impossible to determine who had developed it. Fingers have been pointed at the US and Israel for many years but, even to this day, accusations about who attacked Irean are based on little more than hearsay and speculation.

Code-based weapons are not like nuclear weapons in that they do not require vast, expensive facilities to develop the raw materials. All you need is a group of clever people and relatively modest computing facilities. Unlike nuclear weapons, they are within the reach of most industrialised countries, and quite a few developing nations. A small rogue state could launch an attack against a militarily powerful nation, cause significant damage and no one need ever know it was behind the attack.

So it is particularly strange that South Korea has made its intentions public. Any attack on the North will now automatically be blamed on the South, thereby ratcheting up tension and possibly leading to armed confrontation. It's the one move I really can't understand.

The US believes a cyber-attack should be treated as an act of war and would like to reserve the right to retaliate using good old-fashioned bombs and bullets if the time comes. This is quite reasonable in many ways, given how serious a code-based weapon could be. An enemy need not bomb a country into submission anymore, it could simply turn off the power and water. No country – the US included – could survive that for long. Unless you threaten real physical retribution against an aggressor, there is a danger that someone will try their luck. Although, all this of course assumes you know who to launch reprisals against. Iran still doesn't.

Why then would South Korea threaten such action against North Korea so openly? Obviously it doesn't want the North to develop nuclear weapons as it has no such weaponry itself. What's more, a Stuxnet-like attack could be seen as justified because it will supposedly affect only the nuclear facilities engaged in developing nuclear weapons.

But South Korea has a far more advanced critical national infrastructure than North Korea. If the North picks up the code-based weapon used to attack it and uses it to retaliate, very serious damage could be caused in the South, not least in financial terms.

The threat of North Korea developing is certainly frightening but it is still not even clear if it has the resources needed to do it. And even then, it knows that using a nuclear weapon against the South or anyone else would be national suicide. It is more likely to have the resources needed to re-use a cyber-weapon. South Korea could knock out a half-baked nuclear programme but what it can expect in retaliation could be far worse.

Explore further: Computer expert says US behind Stuxnet worm

Related Stories

Computer expert says US behind Stuxnet worm

March 3, 2011

A German computer security expert said Thursday he believes the United States and Israel's Mossad unleashed the malicious Stuxnet worm on Iran's nuclear program.

Iran: Computer worm could have caused huge damage

April 17, 2011

A senior Iranian military official involved in investigating a mysterious computer worm targeting Iranian nuclear facilities and other industrial sites said Saturday the malware could have caused large-scale accidents and ...

Symantec warns of new Stuxnet-like virus

October 19, 2011

US security firm Symantec has warned of a new computer virus similar to the malicious Stuxnet worm believed to have preyed on Iran's nuclear program.

Stuxnet was 'good idea': former CIA chief

March 2, 2012

The Stuxnet computer virus sabotage of Iran's nuclear program was a "good idea" but it lent legitimacy to the use of malicious software as a weapon, according to a former CIA director.

Chevron says hit by Stuxnet virus in 2010

November 9, 2012

Oil giant Chevron was struck by the Stuxnet virus, a sophisticated cyber attack that tore through Iran's nuclear facilities and is believed to have been launched by the United States and Israel.

New cyber-attack model helps hackers time the next Stuxnet

January 13, 2014

Of the many tricks used by the world's greatest military strategists, one usually works well – taking the enemy by surprise. It is an approach that goes back to the horse that brought down Troy. But surprise can only be ...

Recommended for you

World is embracing clean energy, professor says

February 1, 2016

Renewable, energy efficient and flexible electricity sources are being adopted by policy makers and investors across the globe and this is sign of optimism in the battle against climate change, a University of Exeter energy ...

Battery technology could charge up water desalination

February 4, 2016

The technology that charges batteries for electronic devices could provide fresh water from salty seas, says a new study by University of Illinois engineers. Electricity running through a salt water-filled battery draws the ...

Researchers find vulnerability in two-factor authentication

February 3, 2016

Two-factor authentication is a computer security measure used by major online service providers to protect the identify of users in the event of a password loss. The process is familiar: When a password is forgotten, the ...

World's first 'robot run' farm to open in Japan

February 1, 2016

A Japanese firm said Monday it would open the world's first fully automated farm with robots handling almost every step of the process, from watering seedlings to harvesting crops.

1 comment

Adjust slider to filter visible comments by rank

Display comments: newest first

not rated yet Feb 26, 2014
Maybe smart--the paranoid Kim in North Korean now will attribute any software difficulties in his nuclear and other military programs to South Korean viruses. Indeed, it is possible the South Koreans are making their public statement because they have intelligence that this is what Kim in the North already thinks. If software used in the North causes problems, the South is advantaged if Kim blame them--there is always the chance this may enable disgruntled North Koreans sabotaging internally Kim's war efforts will go undetected--or even give them greater opportunities to frustrate Kim as they try and remove the "South Korean virus".

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.