North Korean hackers, not nukes, threaten UK the most - report



The UK faces a greater threat from a North Korean cyberattack than a nuclear missile, according to a Defence Committee report.

MPs have asked whether North Korea is "rash or rational" as part of their inquiry into the country's nuclear capabilities and its cyber arsenal.

They reported that the UK is unlikely to be targeted by a missile strike from the country - although Pyongyang may soon develop this capability. Instead, the UK is far more likely to suffer from "reckless cyberattacks.

North Korea has been conducting its nuclear weapons programme for over a quarter of a century, the MPs said, and was capable of reprocessing weapons-grade plutonium by the early 1990s.

NHS computer systems were crippled last year after being infected by the WannaCry ransomware worm that had been developed by North Korea.

North Korea developed the WannaCry malware which crippled NHS computer systems

The MPs said that North Korea rapidly developed its cyber capability since the early 1990s and that this capability had "crept up" on the UK following a high-profile attack on Sony in 2014.

North Korea currently has sophisticated organisations conducting cyber operations on its behalf, with an estimated 6,800 staff involved in its hacking teams.

Nigel Inkster, the former director of operations and intelligence for MI6, told the committee that one of the North Korean cyber units had an operational base in a hotel in China.

Mr Inkster said that "its activities must be known to the Chinese, given the bandwidth required and the close monitoring of web usage by the Chinese government", according to the committee.

The MPs added that the UK might be able to provide significant offensive cyber capability in response to North Korea, but as such tools had never yet been tested it wasn't clear what effect it would have.

Additional investment in the UK's cyber defences was required, said the MPs, and this needed to be sourced from outside of the existing defence budget.

They added that the lack of skilled staff is a concern for the UK's cyber capability development - echoing a worry the UK cyber security community has voiced for years.

Last October, Security Minister Ben Wallace said: "We can be as sure as possible - I can't obviously go into the detailed intelligence but it is widely believed in the community and across a number of countries that North Korea had taken this role."

The minister commented after the National Audit Office (NAO) warned the Government and NHS to "get their act together" to prevent future attacks.

An NAO report found computers at one third of health trusts across England were infected, along with computers at almost 600 GP surgeries.

The Defence Committee chairman Julian Lewis said the threats posed by North Korea were "typical of the new and intensifying dangers confronting the UK".

He added: "There is cross-party consensus that we need to invest much more than the NATO minimum of 2% of GDP.

"A target nearer 3% is essential to fill existing holes in the defence budget and counter re-emerging state-based threats from Russia and North Korea."

The report - called Rash Or Rational? North Korea And The Threat It Poses - has been published ahead of a possible summit in May between US President Donald Trump and North Korean leader Kim Jong Un.