If the world needed one more reason for global rules on cyberwarfare, it arrived Wednesday with a major cyberattack on South Korea.
The computer systems of three TV stations and a number of large financial institutions were shut down, some for as long as seven hours. The most visible disruption could be seen in the long lines of South Koreans standing at disabled ATMs.
The source of the attack was not immediately known, but North Korea remains the top suspect. It has been making more threats than usual in recent days, challenging a new government in Seoul and chafing at new international sanctions on its nuclear program.
In 2007, the Baltic state of Estonia suffered a similar widespread attack from inside Russia on the websites of its banks, government, and media. That attack prompted NATO to create an advisory manual on how states should respond to cyberwarfare. Now the attack in South Korea should force a similar global effort.
North Korea, which the South blames for previous shutdowns on some of its digital networks, may not go along with any new legal rules. It is a rogue state on many levels. But a global consensus could push its patron, China, to rein in its ally as well as possibly force China itself to accept new norms.
Just last week, the Obama administration fingered China for the first time as a source of cyberintrusion, mainly against businesses. In a speech, National Security Adviser Thomas Donilon called on Beijing to “take serious steps to investigate” reports of hacking coming fromwithin China.
The online attack in South Korea shows the potential to sow panic among civilians, similar to a terrorist bombing. The Geneva Conventions on war outlaw any attacks on certain key civilian sites. A cyberdisruption of vital services, such as water or electricity, could be the equivalent of an act of war.
If North Korea is found to have orchestrated Wednesday’s attack, this could bring serious repercussions. Ever since the North shelled a South Korean island in 2010, killing four people, leaders in Seoul have become more serious about retaliating after the next attack.
Just how nations should respond to cyberattacks remains unclear. In a recent report, a Pentagon advisory body, the Defense Science Board, warned the military to “expect cyber to be part of all future conflicts ... with potential consequences similar in some ways to the nuclear threat of the Cold War.” Its top recommendation is that the United States rely on the deterrence of a nuclear strike on any country that achieves an “existential” cyberattack on vital infrastructure of the US.
“Nuclear weapons would remain the ultimate response,” the report stated.
The report also found the Defense Department to be years away from building an “effective response” to such attacks. It found current efforts to thwart attacks to be “fragmented.”
Just as the world has come up with various schemes to combat terrorism, it now needs a similar approach to cyberwarfare. Each new type of warfare needs to be restrained by the kind of rules that have worked against many old types of warfare.