사이버 공격이 북한의 미사일 시험발사를 좌절시킬 수 있었을까?

[청량산]

COULD CYBER ATTACKS DEFEAT NORTH KOREAN MISSILE TESTS?

사이버 공격이 북한의 미사일 시험발사를 좌절시킬 수 있었을까?

NAPSNet Policy Forum

Markus Schiller and Peter Hayes

March 6, 2017

                                TRIDENT LAUNCH FAILURE (트라이던트 미사일 발사 실패)

This photo is from March 21, 1988 video of the US Navy’s first Trident II Performance Eval‎uation Missile (PEM-1) test launched from USS Tennessee off the coast of Cape Canaveral, Fla.

위 사진은 플로리다 케이프 캐너베럴해안에서 떨어진 곳에서 미핵잠 테네시호에서 시험발사된, 미 해군 최초의 

트라이던트II 성능 평가 미사일(PEM-1)을 촬영한 1988년 3월21일의 비디오에서 발췌한 사진이다.

I. INTRODUCTION

This essay by  Markus Schiller and Peter Hayes suggests that it is improbable that US cyber attacks were the cause of DPRK intermediate range missile failures as was suggested in a March 6, 2017 New York Times story.

마르쿠스 쉴러와 피터 헤이즈의 이 논문은, 2017년 3월6일 뉴욕타임스 보도가 시사한 것과는 달리, 미국의 사이버 공격이 북한의 중거리탄도미사일 실패의 원인일 것 같지 않다고 말한다.

Markus Schiller is an aerospace engineer, with rocket analysis experience gained at Schmucker Technologie and RAND. In 2015, he started the rocket and space consulting company ST Analytics in Munich.  Peter Hayes is Executive Director of Nautilus Institute and Honorary Professor at the Center for International Security Studies, University of Sydney.

마르쿠스 쉴러는 슈머커 테크(Schmucker Technologie)와 란드(RAND)에서 로켓 분석 경험을 한 우주항공 공학자이다.

2015년에 쉴러는 뮌헨에서 로켓, 우주항공 자문회사 ST Analytics를 시작했다. 피터 헤이스는 노틸러스 연구소의 전무이사이며, 시드니 대학교 국제안보연구센터의 명예 교수이다.

The views expressed in this report do not necessarily reflect the official policy or position of the Nautilus Institute. Readers should note that Nautilus seeks a diversity of views and opinions on significant topics in order to identify common ground.

이 보고서에서 표현된 견해들은 노틸러스의 연구소의 공식 정책 또는 입장을 반드시 반영하는 것은 아니다.

II. POLICY FORUM BY AUTHOR

COULD CYBER ATTACKS DEFEAT NORTH KOREAN MISSILE TESTS?

사이버 공격은 북한의 미사일 시험발사를 좌절시킬 수 있었을까?

Markus Schiller and Peter Hayes

March 7, 2017

On March 6, 2017, the New York Times published an article[1] that stated that the United States deployed cyber attacks against North Korea’s missile tests.  The article implied that these attacks may have succeeded in causing the failure of North Korean missile tests, stating:

2017년 3월6일, 뉴욕타임스는 미국이 북한의 미사일시험에 대항하여 사이버 공격을 전개했다고 전하는 기사를 실었다.

그 기사는 미국의 사이버공격이 북한의 미사일 시험발사의 실패를 가져오는데 성공했을 수 있다고 시사했다.

The North’s missiles soon began to fail at a remarkable pace. Some were destroyed, no doubt, by accident as well as by design. The technology the North was pursuing, using new designs and new engines, involved multistage rockets, introducing all kinds of possibilities for catastrophic mistakes. But by most accounts, the United States program accentuated the failures.

The evidence was in the numbers. Most flight tests of an intermediate-range missile called the Musudan, the weapon that the North Koreans showed off in public just after Mrs. Clinton’s warning, ended in flames: Its overall failure rate is 88 percent.

This article set of a buzz of commentary about the wisdom of such attacks against a nuclear armed state.[2]

이 기사는 핵무장국가에 대한 그와같은 "지혜로운" 공격에 대한 신바람내는 논평을 했다.

The assertion that cyber attacks could cause a higher rate of failure than would otherwise have occurred is, to put it mildly, a stretch, given the intervening variables and other factors that are well known to cause high failure rates early in missile testing programs.  It is useful, therefore, to examine the fundamentals of how a missile could be caused to fail by a cyber-attack.[3]

하지만 사이버공격이 그렇지 않은 경우에 비해 더 높은 실패율을 가져왔다는 주장은, 조심스럽게 말하면,  미사일 시험 프로그램 초기에 높은 실패율을 가져오는 것으로 잘 알려진 중개(仲介) 변수들과 다른 요소들을 고려해볼 때 사실을 왜곡하는 것(a stretch)이다. 따라서 사이버 공격으로 미사일 실패가 초래되는 기본 원칙들을 살펴보는 것이 유용하다.

Fundamentals of Missile Guidance

미사일 유도의 기본원칙들.

In principle, interference with a missile’s guidance system may cause it to veer it off course, or even destroy it in flight. What happens when the missile continuously steers into the same direction can be seen here:

원칙상, 미사일 유도 시스템에 대한 방해(interference)는 미사일을 경로에서 벗어나게 할 수 있으며, 또는 비행 중 미사일을 파괴할 수조차 있다. 미사일이 계속적으로 똑같은 방향으로 움직일 때 무슨 일이 있어나는지를 아래에서 볼 수 있다:

But this is not as easily done as people would imagine, or as is suggested in the New York Times article.

하지만 이는 사람들이 상상하는 것처럼, 또는 뉴욕타임즈 기사가 시사한 것처럼 쉽게 되는 것은 아니다.

To mess with a guidance system by hacking into it, it has to contain a computer system that uses software. This sounds very obvious, but it is very important to be reminded of this, because different rockets use very different guidance system.

미사일 유도시스템을 해킹해들어가서 유도시스템을 방해하기 위해서는, 유도시스템이 소프트웨어를 사용하는 컴퓨터 시스템을 포함해야한다. 이는 매우 분명하게 들린다. 하지만 다른 종류의 미사일은 매우 다른 유도시스템을 사용하기 때문에, 이를 상기하는 것은 매우 중요하다. 

The Falcon 9 space launcher from SpaceX, for example, uses a guidance system with a software that is based on Linux. It should be possible to hack this software, or plant some virus in it that does something weird during launch.   To do this, the attacker must be able to meet two conditions.  First, the attacker must know which software is used, and understand how the software is working to create compatible lines of code that actually do what you want them to do, and to plant this code into the existing software.

예를 들면, 스페이스X사의 팰컨 9 우주 발사체는 리눅스에 기반한 소프트웨어를 가진 유도시스템을 사용한다. 이 소프트웨어를 해킹해서, 발사 時 이상한 무언가를 하는 바이러스를 심는 것이 가능할 것이다. 이렇게 하기 위해서는, 공격자는 두가지 조건을 충족할 수 있어야 한다. 첫째, 공격자는 어떤 소프트웨어가 사용되고 있는지를 알아야한다, 그리고 소프트웨어가 공격자가 원하는 것을 실제로 하는 호환이 되는 명령 행(行)(compatible lines of code)을 만들어내도록 작동하는 법을 알아야하고, 현재 사용되는 소프트웨어에 이 명령을 심도록 작동하는 법을 알아야한다.

Second, the attacker must have access to the software, either by direct access to the guidance system you want to sabotage, or by infecting the software before it is transferred into the missile’s computers.  Also, the malware should not be detected once it is planted.

둘째, 공격자는 소프트웨어에 접근해야 한다. 파괴하고자 하는 유도시스템에 직접 엑세스하든지, 또는 미사일 컴퓨터에 옮기기 전에 소프트웨어를 감염시키는 방법으로. 또한 일단 심어진 다음에는 악성코드(컴퓨터 파괴소프트웨어)가 탐지되지 않아야 한다.

Certainly the DPRK would have established a guidance laboratory early in its missile program to develop accelerometers, gyroscopes, computers, and inertial platforms in the quest for an indigenous inertial guidance system and developed the transformation techniques needed to convert inertial measurements into targeting information.[4]  However, the DPRK is not yet capable of developing and producing the required sensors and computers and has had to buy in many of these parts from the world market.  The chances that the United States could identify and implant malware in such black market imports are low.

분명히, 북한은 

Moreover, it is not likely that that the DPRK would have failed to take cyber warfare defensive counter-measures to protect its guidance research and development program.  Of course, all bureaucracies make  mistakes, especially when operating in compartmentalized, vertical silos like those in the DPRK.  But it is unlikely that the DPRK military did not mount cyber defenses given that it was forewarned by media reports in 2011[5] of the Stuxnet attack on Iran’s centrifuge program.  It may also have been aware of the US National Security Agency attempts starting in 2010 to penetrate North Korea’s cyber systems[6] And it certainly has highly capable and world class cyber warriors to lend a hand.

Even if the DPRK missile guidance system community let down its guard, US knowledge of North Korea’s missile program is quite limited. It is doubtful that the United States has sufficient knowledge of the DPRK’s missile guidance software code, or even which software is used. It is also highly improbable that the DPRK’s missiles have a WiFi link, or Internet access, which could be used to infect the guidance software.

But, even more basic:  some missile guidance systems cannot be hacked, because they are not software-based.

The Scud B guidance system, for example, is quite close to the guidance system that the German A4/V2 used during World War 2. This system is based on mechanical inputs. You cannot hack it, just as you cannot hack old Wurlitzer jukeboxes, or mechanical computers. There is no software, no line of code that could be modified.

Scuds, of course, use a Scud-type guidance system, as does the Nodong. And judging by the technology that was found inside the Unha first stage, the Unha satellite launcher also uses some kind of this guidance type, perhaps just a modified Scud guidance system.  There is simply no way to infect these systems with malware.

Musudan and KN-11 Guidance Systems

The question today is whether the DPRK’s Musudan and the KN-11 missiles use a similar non-cyber guidance system; or if they use some type of modern strap-down guidance system that is based on sensors and a computer, and is running some software. And this question leads us straight to the old questions of where these missiles come from, what technology they are based on, and at what time they were actually developed.[7]

If the Musudan indeed is based on the R-27/SS-N-6, the chances are high that the original guidance system of this missile was also used for the Musudan, which means Soviet technology from the nineteen sixties, which would have been mechanical and therefore “hack-proof”.

Even if the DPRK uses a modern guidance system on the Musudan, it is doubtful that the United States would have had access to the guidance software and be able to plant a code in there. And missiles do not have an USB port that you can use to infect their computer via USB stick, or just connect from a distance via Bluetooth.  Such an insertion would have to be highly targeted, specific to the design and software used in the DPRK’s laboratory, and able to circumvent all the obvious countermeasures and barriers that would stand in the way of such an effort in the first place.  Such a combination strains credulity.

Conclusion

The New York Times article hearkens back to the movie “Independence Day”, where the world is saved from the Alien invasion by simply planting a computer virus into the mothership’s main computer by somehow just sending it over with a standard laptop. This might work in movies, but not in reality.

Perhaps the  more interesting story is who leaked to the New York Times the claims of the efficacy of cyber attacks on North Korea’s missiles and why now?  We wonder if it is part of a policy battle in the course of the Trump Administration’s North Korea policy review,[8] possibly designed to get President Trump’s attention.  It might also be an intentional effort to conduct psychological warfare against the DPRK by creating paranoia and purges within the DPRK missile program.  It might also be a way to impress allies and third parties that the United States has been doing more behind the scenes than patiently waiting for the DPRK threat to resolve itself and imposing ineffectual sanctions.  We don’t know.

III. REFERENCES

[1] D. Sanger, W. Broad, “Trump Inherits a Secret Cyberwar Against North Korean Missiles,” New York Times, March 4, 2017, at: https://mobile.nytimes.com/2017/03/04/world/asia/north-korea-missile-program-sabotage.html?smprod=nytcore-iphone&smid=nytcore-iphone-share&_r=0&referer=

[2] K. Waddell, “Is It Wise to Foil North Korea’s Nuclear Tests With Cyberattacks? “This could set off very serious alarm bells in Beijing and Moscow,”” The Atlantic, March 5, 2017, at:  https://www.theatlantic.com/technology/archive/2017/03/north-korea-cyberattack-nuclear-program/518634/

[3] See J. Constant, Fundamentals of strategic weapons: offense and defense systems, 2 volumes, James Constant. Nijhoff, 1981, at:  http://www.springer.com/gp/book/9789401501576

[4] For an introduction to missile guidance systems, see Arnold Engineering Development Center, Short-Range Ballistic Missile (SRBM) Infrastructure Requirements for Third World Countries, AEDC-1040S-04-91, Arnold Air Force Base, Tennessee, September 1991, pp. 31-36, at: http://nautilus.org/foia-document/short-range-ballistic-missile-srbm-infrastructure-requirements-for-third-world-countries/attachment/short-range-ballistic-missile-srbm-infrastructure-requirements-for-third-world-countries-1991/

[5] W. Broad, J. Markoff, D. Sanger, “Israeli Test on Worm Called Crucial in Iran Nuclear Delay,” New York Times, January 15, 2011, at: http://www.nytimes.com/2011/01/16/world/middleeast/16stuxnet.html

[6]  D. Sanger, M. Fackler, “N.S.A. Breached North Korean Networks Before Sony Attack, Officials Say,” New York Times, January 18, 2015, at: https://www.nytimes.com/2015/01/19/world/asia/nsa-tapped-into-north-korean-networks-before-sony-attack-officials-say.html

[7] On which see T. Postol, M. Schiller, “The North Korean Ballistic Missile Program,” Korea Observer, 47:4, Winter 2016, pp. 751-805, at: http://www.iks.or.kr/board/index.html?id=vol47no4

[8] Lee, A. Gale, “White House Explores Options, Including Use of Military Force, To Counter North Korean Threat, The strategy review comes as recent events have strained stability in Asia,” Wall Street Journal, March 1, 2017, at:

https://www.wsj.com/articles/white-house-explores-options-including-use-of-military-force-to-counter-north-korean-threat-1488407444

http://nautilus.org/napsnet/napsnet-policy-forum/could-cyber-attacks-defeat-north-korean-missile-tests/

[청량산]

서프에서 어느 네티즌이 찾은 글입니다. 번역은 계속하겠습니다.

[정론직필]

만일....위 주장대로라면....
이란이 센티널 스텔스 무인기의 암호를 해킹, 조종하여
전자덫으로 생포하는 일은...아마도 가능하지 않았을 것 같네요.

그러나....실제로는 이란은 그런 일을 해냈습니다.

[청량산]

그런가요?
서둘러 기사를 옮긴다고 마음이 급하다보니, 내용을 제대로 파악을 못했습니다.
그래도 참조자료로 남겨놓겠습니다.

[Doahm]

드론을 중간에 낚아채는 것과 미사일 발사 시스템을 해킹하는 건 천양지차가 있습니다.
지난날 미국 미사일이 여러번이나 발사 후 수 초만에 실패한 건 북에서 해킹한 게 아니라 이온추진비행체가 1-2분 전에 접근해서 레이저로 미리 공격을 했기 때문인데 미국에서는 동영상에서 레이저로 지지직~~태우는 게 보이는데도 안 믿습니다. 그런 게 있을 수 없다고 보거든요. 무슨 렌지에 묻은 먼지가 흰 점으로 나타났다고 보지 그게 비행체라고는 안 믿지요. 그 대신 기상천외 하게도 무슨 해킹했다는 가설을 세우고 보도하여 북의 반응을 떠보는 거지요.