North Korean Cyber Operations: Active, Noisy, and Lacking Strategy

Posted: July 30th, 2017

By Martin Libicki

Martin Libicki holds the Keyser Chair of cybersecurity studies at the U.S. Naval Academy. In addition to teaching, Libicki is an adjunct management scientist at the RAND Corporation, carrying out research in cyberwar and the general impact of information technology on domestic and national security. He previously spent 12 years at the National Defense University, three years on the Navy Staff as program sponsor for industrial preparedness, and three years at the GAO.

Since roughly 2009, North Korea has been active and noisy in cyberspace. From the hacking of government web sites in South Korea and the United States to the trashing of South Korean bank and media company information systems, the revenge attack on Sony, the infiltration of South Korean infrastructures such as nuclear power plants and subway systems, the theft of $81 million from Bangladesh, and, most recently, the release of the WannaCry ransomware, there seem to be few if any constraints on North Korean behavior in cyberspace.

Criminal motives are obvious in some cases; North Korea needs hard currency, notably for its nuclear programs. Not all such attacks are cybercrimes, though. What are the motives for the others?

“The Cipher Brief has become the most popular outlet for former intelligence officers; no media outlet is even a close second to The Cipher Brief in terms of the number of articles published by formers.” —Sept. 2018, Studies in Intelligence, Vol. 62

Access all of The Cipher Brief’s national security-focused expert insight by becoming a Cipher Brief Subscriber+ Member.

Subscriber+