North Korea’s cyber strategy

Home > Opinion > Columns

print dictionary print

North Korea’s cyber strategy


In Jang Jin-sung’s fascinating book “Dear Leader,” the defector describes his time working in North Korea’s United Front Department during the Kim Dae-jung presidency. The country was still recovering from widespread famine, and the Sunshine Policy held out hope of material support from the South.

However, Pyongyang did not want to make any concessions to Seoul. The solution: the so-called Northern Limit Line (NLL) Strategy. Instead of promising anything tangible, North Korea would launch provocations — such as those in 1999 and 2002 — and then promise to stop them in exchange for talks and aid.

An important question now looms over American, Japanese and Korean defense policy: Are we at risk of a cyber version of the NLL strategy on the part of the North?

As the Sony hack unfolded, the professional cyber community in the United States was skeptical of North Korean involvement. Alternative theories suggested that it was the work of disaffected employees, hackers, or simple extortionists. The initial note from the Guardians of Peace — the perpetrators of the attack — made no mention of the film “The Interview,” in which Kim Jong-un is parodied. Rather, it simply sought cash payment.

But explosive new documents released by Edward Snowden through the German magazine Der Spiegel suggest that the National Security Agency (NSA) in the United States had, in fact, penetrated North Korean cyber networks; indeed, they first identified them by watching outh Korean cyber operations against the North. These documents suggest that the Obama administration’s findings with respect to North Korea — which led to the announcement of new sanctions against North Korea in January — were probably correct.

North Korea has multiple motives for involvement in such an attack, beginning with the continuing development of its capabilities. yberattacks are perfectly suited for North Korea’s strategy vis-à-vis the United States and the South. Like submarines, cyberattacks remain difficult to detect and thus allow North Korea to sidestep attribution and deny involvement, as it did in the sinking of the Cheonan.

But cyber has many other potential uses. In the Sony case, it was brought to bear on artistic freedom in the United States. Whatever you think of the crass humor in “The Interview,” free societies cannot allow outside vetoes of free speech and artistic license. North Korea has a strong interest in silencing critics in the South, too, particularly in the defector community.

But the risks are higher still, as attacks against U.S. and South Korean targets in 2009, 2011 and 2013 showed. The 2013 attacks — known as Dark Seoul — did not only disrupt ATMs and banking services in South Korea but wiped hard drives clean as well. The cybersecurity firm McAfee subsequently found evidence that the attacks were preceded by a sophisticated spying operation designed to gather ntelligence on South Korean military networks. Such information not only has consequences for the cyber realm, but for conventional
deterrent capabilities.

McAfee shied away from directly attributing the Dark Seoul attacks to North Korea. But it noted that the two hacker groups identified with the attacks were almost certainly front operations and that the malware used in the attack appeared to emanate from a single source. Even if directed — or implemented by non-North Korean hackers — the security implications are clear.

What needs to be done? Much emphasis has been placed on the role of defense: that companies — and individuals — need to exercise much more caution and invest more heavily in cybersecurity. But it is also an open secret that defense is extraordinarily difficult: There are currently hundreds of millions of malware programs and defense against all of them is virtually impossible.

Government also needs to play a role, including through coordination of standards. Firms have incentives to underinvest in cybersecurity given its cost, and government can level the playing field by forging agreement on minimum standards. This is particularly important in areas such as control of critical infrastructure.

But the new frontier is in intelligence and — more controversially — the development of offensive capabilities for deterring such attacks in the first place. Cyber plays to North Korean strengths in part because of its very backwardness and the minimal connection the country maintains to the World Wide Web. South Korea, by contrast, is among the most wired countries in the world. But that also provides it with a deep talent pool of young people who should be brought into government service.

South Korean diplomacy must continue to raise this issue aggressively with Beijing, while patching the holes in intelligence cooperation between Japan, Korea and the United States. The recent attacks on the interests of the three countries are not a nuisance: They go to core issues such as freedom of speech, personal internet security and the integrity of the military deterrent against the risks from the North.

*The author is Krause Distinguished Professor at the Graduate School of University of California in San Diego.

By Stephan Haggard

Log in to Twitter or Facebook account to connect
with the Korea JoongAng Daily
help-image Social comment?
lock icon

To write comments, please log in to one of the accounts.

Standards Board Policy (0/250자)

What’s Popular Now