Amid the continuing leitmotif of missile tests, nuclear weapons development, and unwavering anti-South Korean and anti-U.S. rhetoric, North Korea’s cyber activities have once again risen in the order of importance among security and political circles. The latest North Korean cyber-episode was the revelation made by South Korean authorities that North Korea has been engaged in, at a minimum, a campaign of cyber-espionage against two South Korean conglomerates and a number of national security officials. This latest episode once again has many people pondering about North Korea’s exact cyber capability and why it is devoting its extremely limited state resources to the development of said capability.
An assessment of North Korea’s cyber capability, or any of its other capabilities for that matter, is inherently hampered due to several significant limitations. First, North Korea is one of the most – if not the most – opaque countries in the world, and its government does not publish any data relevant in this or related areas that can be used or trusted. Furthermore, any data or information one may acquire are often outdated.
Second, North Korea exercises strict control over who has access to the internet, and all officially sanctioned actors leave a negligible cyber-footprint that can be traced using open source.
Finally, much of the information on North Korea comes from U.S. and South Korean military, intelligence, and government reports. Aside from these reports, the Americans and the South Koreans each have their own political, historical, cultural, and emotional issues to contend with when it comes to North Korea, which makes an objective assessment of its capability challenging at best. All this being said, it is still possible to estimate North Korea’s cyber capability based on observed cyber incidents.
To truly understand North Korea’s cyber capability, however, one must first examine how cyber warfare fits into its national strategy. North Korea has always embraced the idea that intelligence collection and asymmetric warfare capabilities are paramount in successfully waging any conflict. North Korea’s extremely large special operation forces and various intelligence collection apparatus serve as both physical and institutional manifestations of that principle. Cyber capability is merely another tool that can be employed to enhance both its intelligence collection and asymmetric warfare capabilities. As its adversaries become increasingly more “connected,” cyber is a cost effective way to increase both of these capabilities and offset its diminishing kinetic military capabilities. The cyber domain not only provides the North Koreans with a platform for espionage and information operations but also psychological, political, and other forms of non-kinetic warfare. As the primary role of the North Korean special operation forces is to create a “second front” in the enemy’s rear area, a robust cyber capability can provide North Korea an ability to create a “second front” in its enemy’s information domain.
The investigations into the recent cyber-heist from Bangladesh’s central bank found cyber-fingerprints of North Korean and Pakistani hacking groups. If the North Korean regime did indeed sanction this activity, one must question how an outright theft of money from another nation state serves to advance North Korea’s goals. At the operational level, this incident could be a test of one’s ability (as well as the adversary’s response) to illicitly move money between accounts, as it has become more and more difficult for North Korea to acquire and transfer hard currency due to the intensification of international and American scrutiny on North Korean finances.
At the strategic level, however, the motivation could be quite a bit more ambitious. Since North Korea’s strategic goal is for its cyber capability to provide it the ability to create a virtual “second front,” it could be trying its hand at developing data integrity breach schemes. While the core SWIFT servers were not directly infected in this incident, it is not too much of a stretch to imagine what a successful data integrity breach of the SWIFT servers might look like and why North Korea may consider achieving such a capability so valuable.
In terms of actual cyber capability, however, North Korea is still fairly early in its developmental trajectory. As it continues to develop its cyber capability, its physical and political proximity to China will prove to be critical – at least in short- to mid-term – as North Korea relies on China for much of its network hardware (including servers and routers). And Chinese hackers have had a large influence in the development of North Korean cyber capability in terms of human capital as well as tools, techniques, and procedures.
Another potential ally for North Korea as it continues to develop its cyber capability, of course, is Iran, who the North Koreans have a bilateral scientific and technological cooperation agreement since 2012, where the two countries have, among others, agreed to transfer of information technology.
However, there is a silver lining in all this. North Korea is still quite some time away before it can mount a serious challenge to the United States government networks. For now, the United States has a commanding advantage over North Korea. Unfortunately, as surely as North Korea will continue to develop its cyber capability, the United States must continue to develop its capabilities – and not only in the cyber domain – to protect its interests at home and abroad.
Rhyner Washburn, a graduate assistant at START, contributed to this article.