Flood the North with information
I watched “The Interview” over the holidays. It was surprisingly funny and quite over-the-top. Even though it was entirely satirical, one could see why the North Korean regime found the movie offensive, and even threatening. In one scene, the main protagonist asks the North Korean leader in a live television interview, “Why do you spend hundreds of millions of dollars on nuclear weapons while your people are starving?” Again, even in a comedy movie, one would imagine that this sort of question would hit a nerve.
Prior to the hack against Sony Pictures, it is fair to say that the world underestimated North Korea’s cyber capabilities given that previous hacks had been rudimentary DDoS attacks against South Korean businesses and conservative media. Moreover, when the North uploaded a clunky video in February 2013 with an image of U.S. President Barack Obama in flames, most laughed at the low sophistication of the project rather than felt threatened.
Obama announced that North Korea was the source of the cyberhack, and referred to it as an attack on the values of his country and a threat to business. But he stopped short of classifying it as a national security threat.
Yet the Sony hack represents only the latest in a long-term effort by the North Korean state to develop a full range of asymmetric capabilities - long-range missiles, nuclear weapons, chemical and bio agents, and now cyber - to thwart the United States. Moreover, it is demonstrating significant advances in these technologies. The last ballistic missile test successfully launched a payload vehicle into orbit, and North Korea has promised that its next nuclear test will demonstrate new advancements in bomb technology.
So what will the response be? When asked this question, Obama used language that is often reserved for the gravest situations. Saying that the United States will respond proportionately “at a place and time of our choosing” signals that the hack will not go unpunished and suggests the measure will be significant. The most immediate element would be a criminal investigation to locate the individual perpetrators of the hack and anyone who aided and abetted it in third countries.
Another likely element will be to upgrade our current level of cyber cooperation with allies and partners. The United States and South Korea, both victims of North Korean attacks, recently started a bilateral cyber defense dialogue. Other partners are likely to include Japan and perhaps even China. Though Beijing is at the top of the cyber threat list and previous attempts at bilateral dialogue have been difficult, the potential for rogue activity by North Korean hackers against Chinese firms, not just American ones, may be a spur to some cooperation.
Politicians and policy experts have also called for another round of financial and trade sanctions aimed at choking off the North’s access to information technology.
Media has speculated that North Korea will be put back on the state sponsors of terrorism list, but this is unlikely. Obama has referred to the hack as “cyber vandalism,” not “cyber terrorism,” which is a pretty good sign that he will not seek to reinstate them on the terrorism list.
But there are things to consider beyond this standard menu.
The prospects of a “hackback” are not as fruitless as some may think. Though the North has only about 12,000 computers with Internet access, state-sanctioned computer facilities and training centers are all identifiable based on open sources and are therefore potential targets for disruption, including the leaking of internal correspondence and procedures that would be embarrassing for the regime.
But the correct proportional response is not to cut North Korea off from information technology, as the recent Internet outages in the North seem to suggest, but to flood the country with information about the outside world. The UN General Assembly passed a resolution last month calling for a referral of the regime to the International Criminal Court for crimes against humanity.
Pyongyang’s decision to take such outrageous steps to stop a fictional movie speaks to the premium they place on control of information and denial of free expression to their own people. Though North Korea engages in illicit arms and drug trade, counterfeiting, nuclear proliferation and now cybercrime, the denial of information to their own people is among its worst human rights abuses.
Satiating the people’s thirst for information about the outside world through radio broadcasting, DVDs and flash drives (loaded with movies) is one response to supplement any hackback. But the best proportional response would be to devise a way from outside of the country to provide the North Korean people with universal access to the Internet from the country’s two million-plus smartphones, computers and personal tablets. Not only would this deter the North from considering future attacks, but it would be helping to improve and empower the human condition in the country.
Hollywood should respond to the demise of “The Interview” not by castigating Sony and complaining about a violation of First Amendment rights, but by substantively taking up the mantle of North Korean human rights. Among the many noble causes that the stars have adopted, not a single one has sought to help the 22 million living in one of the most oppressive regimes in modern history.
The author is professor at Georgetown University and senior adviser at CSIS in Washington D.C.
by Victor Cha