But nothing is predictable when you’re dealing with a erratic despot who killed his own uncle with an anti-aircraft gun.
Realistically though, few nations have the resources and political will, to launch a war, half-way across the world. And neither Malaysia nor North Korea are one of those ‘few’ nations. But what if, instead of moving armies we just moved malicious code? What if we fought a cyberwar with the North Koreans, how would it look like, and could we win? Let’s find out.
Cyber is new domain of war
Cyber is a new domain of warfare, and this domains involves new ways of thinking and paradigm shifts. In the 18th and 19th century, the most powerful nation on earth, Great Britain had the worlds greatest Navy, and that allowed the empire to control the trade that flowed through the seas, and protect the island nation. Strategically Britain’s Navy was essential to the protection of Britain, and the projection of its power around the world.
As we move from trading over the seas to trading over network cables, the parallels of having a Cyber-Navy become more apparent by the day. After all, the data that pass through our networks have an inherent value above and beyond the physical goods they may represent.
Let’s say you’re buying a new laptop online, you enter your password into the online shopping portal, and then inevitably your credit card details. Your password and card information has value, inherent to itself, regardless of the laptop the transaction represents. We still ship physical goods via sea-lanes and air-freight, but the data transversing the internet has tradeable value.
More apparent when you consider that the vast majority of ‘money’ is traded in digital form, over the internet. Just ask the Bangladesh Central Bank, that lost millions of dollars (which could have been Billions) to hackers who infiltrated their network, and issued electronic instructions to wire money.
But there are things far more important than money.
In today’s world of ‘fake news’ and election tampering, it could be argued that having a Cyber Army is a necessity not just to protect trade and finance, but the very core of a country’s democracy.
And there we see the first issue with Cyber defense of critical infrastructure–is it a civil or military function?
Private companies in any country run their own security guards, banks hire private firms to protect the cash in the safe. If a bank gets robbed, the manager calls the police, and the entire apparatus is a civilian function. But a private company in Malaysia (or anywhere else) isn’t worried about military attack. After all, armies don’t attack banks or companies don’t they?
On the internet, everyone is fair game.
Strong evidence suggest that state sponsored actors have attacked banks, stolen secrets from chemical companies, even attacked Facebook. In a non-cyber world, having an army attack civilian infrastructure in peace-time would be insane! But that is the norm on the internet.
So whose job is it to protect civilian infrastructure from military attack during peace time?
The Americans have drawn clear delineation, that the Department of Homeland Security (DHS) protects civilian government infrastructure (and helps private companies when called upon), while US Cyber Command protects the Military infrastructure. Malaysia (and most other countries) have no such delineation–and the problem is that governments get hacked all the time, even ours, and it’s unclear to me which Malaysian government agency is actually responsible for the security of our infra.
But before we evaluate our defensive capabilities, let’s evaluate the North Korean defense.