North Korea is developing not only ballistic missiles and nuclear weapon technologies, but also cyber attack capabilities. How far have so-called North Korean “cyber soldiers” come?
Professor Richard Danzig, the former United States Navy chief and senior fellow of Yale Jackson Institute for Global Affairs, sat down recently with Kazuyuki Sakamoto, a staff writer of the Sankei Shimbun Osaka Headquarters at Kyoto, and shared his views on the issue.
Here are the excerpts from the interview.
What is the worst scenario for a cyber attack?
The worst scenario would be if someone used a computer program to hack into our nuclear command and control system. People are very much aware of this possibility, keeping those systems isolated and not making them entirely digital, but there still is concern here. In my lecture, I put up a slide referencing some of the articles that have been written on this very issue.
There is another worry, though, pertaining to if another country believed that we had hacked their command and control system, they became nervous, and undertook action because they felt compromised. So, it is not in anyone’s interest to undertake such attacks on another countries’ nuclear command and control systems. That being said, cyber weapons are not easily controlled and there does exist a risk that such an attack could occur unintentionally.
We should recognize cyber technology as a weapon?
What should we be thinking about?
We need to think about how to defend ourselves: how do you build protection mechanisms for our current systems? Likewise, we need to think about deterrence: how do you deter people from attacking our systems in the first place? Finally, we need to think about resilience: how do you make our systems strong enough that even if a successfully orchestrated cyber attack were to happen, the effects might be damaging, while not completely disastrous? Those are, I think, three of the main areas we need to think about it.
There is no international law governing cyber technology. NATO has some papers. Should we create international laws or norms?
Yes. I think it would be an advance if we could create some international norms. NATO has been working on something called the “Tallinn Manual.” However, [US] President [Barack] Obama, during his last year in office, and [Chinese President] Xi-Jinping agreed that they would not use cyber weapons to attack the civilian infrastructure of another country in peacetime. That is a bilateral norm that I believe is useful. It’s not a guarantee, but nonetheless it may prove useful.
How do we strike a balance between the advantages of technology and international norms?
Right, very difficult. I published a piece on cyber security a few years ago called “Living on a Diet of Poisoned Fruit.” You can find the file online. My titles suggest my point of view: we need this, it is like fruit, it is nutritious and important, but it’s also poisonous and has risk. And I don’t think these two things are easily separated.
I think what we have to do is understand that we need to protect ourselves using some of the means I talked about: diversity in systems, using analog as well as digital systems; having some resilience, so that if the attack is successful, it still is not disastrous. Those kind of things.
Cyber security is very important, but we need to pay attention to many things, and it is difficult to make a perfect system. How do we explain the cost to the public and citizens?
Think about the automobile. The automobile is a technology. It causes many deaths. In the United Sates, 37,000 people die every year in automobile accidents. So we invest to protect ourselves. If you have a modern automobile it has brakes that are regulated, you have to get licensed to be a driver, and you have to have your car inspected. You are required to have air cushions and air bags, you are required to wear seat belts. So you make investments for your safety that cost a lot of money and that require your attention every day. Cyber technology is like that.
How do we get cooperation in international society or between allies, as in the US-Japan alliance or NATO? How do we cooperate against cyber attacks?
I think the US and Japan have significant dialog concerning this issue. As Japan prepares for the upcoming Olympics, it’s a very important topic of which the government is unquestionably aware, while the US is also lending its expertise. Japan, likewise, has considerable technological skills that help the US and is giving us advice. So, I think there is already decent corporation in this area. I’d like to see more, and I think the Olympics will help us get more.
Richard Danzig is senior advisor at the Center for New American Security, the Center for Naval Analyses, and the Center for Strategic and International Studies. He is also a consultant on terrorism for the Departments of Defense and Homeland Security. He served as the 71st secretary of the Navy and as a senior advisor on national security issues to President Barack Obama throughout the 2008 election. Danzig was an associate professor of Law at Stanford University, a Prize Fellow of the Harvard Society of Fellows, and a Rockefeller Foundation Fellow. He has also written books on contract law, national service, and security risks as well as various articles on constitutional history, contracts, criminal procedure, and law and literature.