Published daily by the Lowy Institute

North Korea's emerging cyber capabilities

North Korea's emerging cyber capabilities

The cyber attack on Sony Pictures by North Korea in response to the film The Interview (which opens in Australian cinemas today; see my review) came after a series of North Korean hacks of institutions in South Korea. It appears North Korea is improving its cyber capabilities and widening its target list. The decision to strike the private sector outside of South Korea is a new development with disturbing ramifications.

The Sony hack got global attention because it showed Pyongyang's new willingness to target high-profile, non-Korean, private companies. All this raises major questions about Pyongyang's asymmetric efforts against the South, and now for foreign firms operating in Korea.

There remains some disagreement over whether it was in fact North Korea that hacked Sony. Recently, the Director of the FBI felt compelled to come forward with more evidence in support of the US Government's claim, and President Obama has repeatedly spoken with great confidence that North Korea was the perpetrator. Furthermore, it is scarcely disputed that hacks of South Korean institutions, such as the nuclear power industry, banks, and broadcasters, were performed by North Korea.

North Korea's use of the cyber domain to contend with its opponents – South Korea, Japan, the US, and now perhaps their firms – is a new development.

For much of the internet age, North Korea has been so far behind South Korea and others that cyber was not an area in which it was expected to thrive. Indeed, it may be that North Korea contracts out its hacking requests to specialist, third-party 'hacktivist' groups like the Lizard Squad or Anonymous. Yet Pyongyang has repeatedly surprised observers with its technological leaps. North Korea beat South Korea in drone development, and of course, it has developed nuclear weapons and ballistic missiles. It therefore seems likely that cyber is an emerging arena of North Korean activity.  Governments, and now business, will be forced to defend themselves.

Indeed, cyber is an ideal arena for North Korea for many reasons. [fold]

It is a twilight space with few agreed rules and much room for plausible deniability.

Predictably, Pyongyang immediately disavowed the Sony hack, and many have questioned the US evidence. But unlike easily recognisable traditional aggression in the physical world, it is hard for non-experts to grasp virtual 'aggression.' Anyone could see the sunken South Korean destroyer Cheonan in 2010 and make the reasonable conjecture that North Korea torpedoed it. But few have the ability to understand the nuances and details of cyber-hacking. It is not immediately evident that hacking is even 'aggression.' Is the leaking private photos and emails, or knocking out a bank website for a few hours, an attack or is it industrial espionage? Should it invite a defensive, perhaps military, response?

Cyberspace attacks allow North Korea to wreak havoc, but with only oblique links between its action and real-world consequences such as injury or property damage. For example, if a patient dies in a hospital whose power was cut in a hack, whose fault is that? Perhaps the hospital should have had stronger redundancy systems or better trained staff, because power failures happen anyway.

There are no good answers yet to questions such as these, which also explains why Chinese hacking of US institutions has met such a confused policy response. Traditional international law and organisations cover 'real world' conflict issues (eg. rules of war, war crimes, the treatment of prisoners of war). But given the sheer novelty of cyber war, there are no clear norms for what constitutes aggression, defence, proportional response, and so on. In short, the vague, hard-to-attribute, poorly regulated, twilight character of cyber provocation is likely very attractive to Pyongyang.

Finally, cyber-hacking fits longstanding North Korean preferences for both the asymmetric harassment of South Korea and criminal activity.

North Korea (probably) cannot win an open conflict with South Korea. This is well known even among Pyongyang elites, who have consistently stepped back from the abyss of their own rhetoric, such as in the 2013 spring war crisis. But North Korea is built around an enemy image of South Korea and anti-Americanism. These are central tenets of its post-communist, nationalist ideology. Regular tension with the South, and the US and Japan, helps justify why North Korea exists despite the end of the Cold War, and why unification – ostensibly the regime's stated goal – never occurs. 

The dilemma then for Pyongyang is how to gin up enough tension to justify North Korea's existence as a separate, poorer Korean state, but not produce so much that war breaks out. Here again, cyber is a great fit. Its twilight nature allows regular action against the South and US, but without the clear-cut fallout which might provide a casus belli. The Interview, which mocks the leadership that North Korean propaganda treats as semi-divine, was an ideal target for such action.

Finally, hacking is a congenial choice for a regime already steeped in criminal gangsterism. North Korea produces methamphetamines, counterfeit dollars and RMB, proliferates military technology, engages in insurance fraud and so on. As a rogue state that already rejects the basic rules of the global economy, cyber-hacking is likely just another technique.

Both the governments and businesses in South Korea, Japan, and the West will have to prepare for North Korean cyber-harassment and debate the manner of response.

Photo courtesy of Flickr user Matt Palsh.

You may also be interested in