Last year, North Korea launched cyberattacks on its southern neighbor. This reportedly cost Seoul £500m and came on the back of North Korea successfully testing a nuclear weapon. South Korea is developing technology, similar to what the US and Israel used in Iran, to target North Korean nuclear infrastructure.

Currently, the South Korean and US militaries are running joint military exercises on the border with the North. This is a yearly occurrence and one that does little to ease political tensions. The South Koreans have now stated that they will launch online attacks directed north.

Stuxnet inspired cyberwarfare

The South Korean Defense Ministry wants to develop cyberweapons that have marked similarities to Stuxnet, software that was designed to attack Iranian nuclear enrichment plants. The South Korean military will use its version of the software to launch and carry out missions, according to the ministry.

The plan reached the South Korean government Feb. 19 so it is still early days for the software. However, it has been a number of years since North Korea successfully tested a nuclear weapon in 2006. This has spread alarm across the region, and the world, and intensive diplomatic efforts have failed to rein in North Korea’s ambitions.

Two-pronged attack

The South Korean software in development is part of a bigger picture. According to the Yonhap News Agency, the cyberweapons are the second phase in a strategy that began in 2010. The first part of the two-pronged attack is to conduct online propaganda operations. The South Koreans have been posting propaganda to North Korean social networking and social media services.

According to a senior ministry official, “Once the second phase plan is established, the cybercommand will carry out comprehensive cyberwarfare missions.”

Controversy in South Korea

The South Korean cyberwarfare command that is slated to use the new cyberweapons is not without controversy. It has been dogged by accusations of using its psychological warfare capabilities on the South Korean populace in the run up to the last presidential elections.

However, the software in development has been questioned in terms of its accuracy. Using cyberweapons to physically damage infrastructure can backfire and have unintended consequences. Prof. Alan Woodward, a computer security expert at the University of Surrey said, “I think that it is very dangerous. The weapon could end up damaging all sorts of things you never intended it to.”

Impossible to control

After Stuxnet was released it was impossible to anticipate or control its spread. The code was intended for Iranian nuclear enrichment facilities. However, it attacked a Siemens control system. This system was used not only in the facilities but also in electrical, factories and water infrastructure.

Prof. Woodward said, “You might be targeting one thing, but it could spread. All those other forms of infrastructure become vulnerable.”

Could be hijacked

It is hard to control malicious code and it can spread further than intended. Cyberwarfare does not respect national borders and so the South Korean technology could rebound and end up damaging its own infrastructure that uses the same technologies. The code could spread internationally and cause more problems that it is intended to solve.

Worryingly, once the attack code is released it has potential to be stolen and used by hackers or military personnel anywhere in the world. The code will be widely studied and analyzed and the cyberweapon could be used to attack and damage another country’s infrastructure.