Thorough measures against N. Korea’s cyberattacks on nuclear plants

A group of North Korean hackers are believed to have leaked internal documents from the Korea Hydro & Nuclear Power Co. (KHNP) five times while calling for "suspension of nuclear power plant operation" at the end of last year, according to the South Korean government-led joint investigation team. By using Internet protocol addresses in Shenyang, China, the hacker group has accessed the IP address of a domestic hosting company. The fact that notorious malware "kimsuky" of the North Korean hacker group was used in the cyberattack against the South Korean nuclear operator is another convincing evidence that the North is behind the hack attack.

The hacker posted a threat titled "Warning against South Korea and KHNP’ on twitter on last Thursday. The hackers’ group disclosed some 10 internal documents leaked from the KHNP and a memo that it claimed as a transcript of phone conversation between South Korean President Park Geun-hye and UN Secretary-General Ban Ki-moon, even demanding money. However, the investigators couldn’t induce judicial assistance from the Chinese government, failing to probe the Shenyang region in China. Accordingly, the interim investigation result failed to discover the real identity of hackers and the de-facto power behind the cyberattack, without providing clear countermeasures. To avoid cyberattacks from North Korea, the South Korean government needs to exercise its diplomatic power so as to actively earn collaboration from China.

According to the interim investigation result, the hacker group gained access to an e-mail account of a KHNP’s supplier, which was vulnerable in cyber security, and obtained IDs and passwords of e-mail accounts of incumbent or retired KHNP personnel who had been in touch with the supplier, in order to get internal documents and the address book. Although the hacker’s attempt to paralyze the entire system at the South Korean nuclear power plant operator has failed, thorough preparation and countermeasures must be taken as vulnerability to hacking through suppliers was revealed by this incident.

Nuclear power plants can become a top priority target of attacks from anti-government organizations including North Korea. But not only the security system but also investigation on cyberattacks turned out to be too lax and poor in quality, driving the public into anxiety. The U.S. reportedly launched counter attacks in cyber space against North Korea as retaliation for the communist regime’s cyberattack on Sony Pictures. We must not be helplessly sitting and attacked by North Korea. The Ministry of Unification announced a statement to blame North Korea on Tuesday for its “obvious provocation against the national security.” The South Korean government has pledged to strengthen functions of the cyber-security control tower centering on the Office of National Security. But these measures might not be sufficient. The South Korean government must search for stronger corrective actions, such as urging North Korea to prevent reoccurrence of similar incidents in the future.