Making sense of North Korea’s cyber threat to President Trump and the US

Earlier this week, President Trump returned North Korea to the list of state sponsors of terrorism. The State Department has already identified Sudan, Syria, and Iran as nations that have “repeatedly provided support for acts of international terrorism.” Under section 6(j) of the Export Administration Act, section 40 of the Arms Export Control Act, and section 620A of the Foreign Assistance Act, the US imposes sanctions that:

  • Restrict US foreign assistance
  • Ban defense exports and sales
  • Exert control over exports of dual-use items
  • Apply miscellaneous financial and other restrictions

President Trump and North Korean supreme leader Kim Jong Un have been hurling insults at each other for a while as Jong Un  builds North Korea’s nuclear and missile programs and advances its cyber crime capabilities. As reported in Reuters, “North Korea conducted its sixth and most powerful nuclear bomb test on Sept. 3, prompting another round of U.N. sanctions.”

North Korea already has the fourth largest military land force and a sizable artillery of 11,000 pieces. Pyongyang’s emerging threat is its increasingly sophisticated cyber capabilities. According to the Congressional Research Service’s report North Korean Cyber Capabilities: In Brief, North Korea:

  • Has 3,000 to 6,000 hackers
  • Devotes 10 to 20% of its military budget to its online operations
  • Domestically trains talented students on hacking and, some researchers say, trains international students as well

South Korea has long been a suspected target of North Korea’s cyber crime syndicate, but mounting evidence demonstrates that the nation is expanding its menacing activity to other countries.

Cyber criminals can infiltrate and disrupt weapons systems

Aside from personal data security, to what extent can cyber criminals threaten the safety of other nations? According to the Washington Post’s forthcoming Journal of Conflict Resolution report, cyber attacks currently have little or no impact on the battleground.

Cyber attacks involving the Ukraine and Syria include:

  • Inundating communications systems with texts or phone calls
  • Applying firewalls and proxies to block website access
  • Injecting malicious code to inflict physical damage or compromise infrastructure and military objects

This data was analyzed alongside violent attacks in the Ukraine Donbas region and researchers found that, at this time, there is no real coordination between traditional warfare and cyber warfare.

Analysts believe that at some point hackers may begin to integrate disruption strategies to take over opponents’ command and control, conduct operations reconnaissance, and exploit conventional forces.

North Korea’s cyber attacks are increasing in scope

Pyongyang has disrupted several targets with cyber attacks:

  • Distributed denial-of-service breaches against South Korean institutions (2009)
  • Sony Pictures hack (2014)
  • WannaCry malware campaigns (2017)
  • Infiltration of South Korea’s military networks (2016)

Attacking North Korea’s Internet population for cyber-propaganda efforts would not have such an adverse effect because of the nation’s relatively low number of people with Internet access. A propaganda attack targeting US critical infrastructure, however, can have damaging consequences. Take, for example, Russia’s infiltration of 21 state technical systems during the 2016 presidential elections.

Fortunately, there are some obstacles that may dissuade North Korea from surpassing Russia and China as the prime cyber aggressor against the US:

  • China is North Korea’s primary Internet provider and may not support service in the event of a data breach.
  • North Korea’s fear of retaliation, such as the massive power disruption after the Sony Pictures hack, has its powers thinking twice about a large-scale cyber assault.

It’s difficult to synchronize traditional warfare with digital warfare, partially due to military forces spending less on cyber operations.