This week, U.S. President Donald Trump and Chinese President Xi Jinping will meet face to face for the first time. The expansive list of issues they might discuss is likely to include North Korea, the Chinese neighbor and ally that just launched its fourth missile test of the year, and is preparing for its sixth nuclear test. After conducting two nuclear tests and more than 20 missile launches last year, North Korea has faced mounting measures from the international community to stop.
Before leaving office, President Obama told Trump that North Korea should be treated as his number one national security priority. In turn, President Trump has clearly stated his administration’s determination to “resolve” North Korea, ideally with China’s help – but alone, if necessary.
Historically, North Korea has captured international attention with its erratic and dangerous actions, as well as its saber-rattling tone of diplomatic discourse, particularly regarding nuclear weapons. While the country continues to invest heavily in nuclear technology, it has also emerged as a significant cybersecurity threat on an international scale. Though North Korea has been called a “hermit kingdom,” it’s quite the opposite in cyberspace. The country has actively engaged across the globe, as seen in its attack on the international banking system known as SWIFT.
Computer attacks are likely appealing to North Korea (and other adversaries of the U.S.) because it can be hard to figure out who’s to blame. On the other hand, cyberspace also offers a new venue for North Korea to send signals to other countries about what it can do. The international community – and the U.S. and China in particular – should give serious thought to what might be North Korea’s cyberattack equivalent of a nuclear weapons test.
A determined regime
North Korea keeps its military capabilities secret, and is particularly cautious about revealing its cyberwarfare capabilities. South Korea’s Defense Ministry estimates that North Korea’s “cyber army” is 6,000 strong. That’s as big as the U.S. military’s Cyber Mission Force is planned to be.
North Korea’s efforts are undeterred by international economic sanctions. In fact, since the latest rounds of UN penalties – in March and November 2016 – North Korean cyberattacks have increased “in size, frequency and boldness.” In recent months, these attacks have targeted South Korea’s government and businesses, worrying officials in that country and even raising concerns in the Japanese government.
Operating in Pyongyang and with outposts in northeast China and Southeast Asia, North Korea launches its cyberattacks around the world, in an attempt to demonstrate to others that the country is much more than an isolated outpost on a small peninsula. They have even targeted major Western companies, including Sony Pictures Entertainment. That sort of activity is unlikely to decrease – particularly given recent reports of a “secret cyberwar” in which the U.S. is trying to electronically sabotage North Korea’s ballistic missile program. If anything, the revelations may spur North Korea to redouble its efforts.
Stepping up crime
As the world’s reserve of patience with North Korea wears ever thinner, we should be ready for a spike in North Korean cybercrime that is either directly sponsored, or indirectly supported, by the government. The country is no stranger to illicit counterfeiting of currency, pharmaceutical drugs and even cigarettes, all of which have helped fund the North Korean regime.
Last year’s international economic sanctions, plus China’s recent ban on coal imports from North Korea until the end of 2017, are intended to limit its access to funds. But North Korea remains defiant and has turned, of late, to cybercrime to raise money. The country is the prime suspect in a series of cyberattacks on global banks, including an attempt to steal $1 billion from the central bank of Bangladesh.
It’s not unheard of that criminal elements join forces with governments. Normally the lawbreakers seek official power. The North Korean regime, however, uses its country’s criminals and their computer skills to help ensure the survival of the government and its leadership. This blurring of the lines makes it hard to tell who is calling the shots and who is simply a proxy.
North Korea continues to act like an insurgent in the international community, rejecting generally accepted limits on behavior. The threats it poses are therefore all the more significant – and harder to predict. An appropriate response may be equally hard to choose: Should a particular cyberattack spark a military response or one more appropriate for fighting crime? The international community will need to work together on both fronts. Hopefully, this week’s meetings will strengthen U.S. and Chinese commitments to do that.
Frank J. Cilluffo, Director, Center for Cyber and Homeland Security, George Washington University and Sharon L. Cardash, Associate Director, Center for Cyber and Homeland Security, George Washington University