What’s the price of growing North Korean cyber capabilities?
21 Feb 2014|

There’s growing concern amongst analysts, and government officials alike that North Korea has begun to rapidly accelerate its development of advanced offensive cyber capabilities. I explored this in a recent journal article, which drew together open source material to provide an assessment of some of the motivations for North Korean developments in this area, and examine how they’ve used this capability. During 2013 evidence and sources emerged detailing North Korea’s prolonged targeting of its southern neighbours. You can read more about this in the article, but here I look at some of the potential impacts for South Korea and the region as a whole.

South Korea is in a strong economic situation, boasting one of the world’s most technologically advanced economies, with a well-developed broadband infrastructure and a strong digital economy across the public and private sectors. This highly networked economy brings increased vulnerabilities that are being exploited in cyberattacks. There are various consequences for South Korea, the most important of which is the reputational damage economically, politically and internationally that accompanies appearing vulnerable to cyberattacks.

There was a significant economic cost borne by the South Korean people as a result of the cyberattacks in 2013—estimated at 800 billion won (US$750 million) of economic damage. Absorbing the direct costs of attacks, even on a regular basis, isn’t catastrophic, but the damage it could do to potential economic investor perceptions could be grave. If investors decided to take their money elsewhere, it would lead to longer-term damage to the South Korean economy, a trend clearly advantageous to the North.

South Korea has responded through extensive policy and operational changes. But that doesn’t mean that the government will be entirely buffered from political damage from malicious cyber activity, and the North will continue to probe South Korea’s networks and attempt to embarrass and undermine the government. This situation isn’t assisted by the current scandal encompassing members of South Korea’s Cyberwarfare Command, where four officials were accused of posting political messages online during 2012’s general election in support of the now President Park Geun-hye. The mixed public and media perceptions of the agency and its activities could provide an opportunity for the North to exploit the situation and conduct further malicious cyber activity to undermine the credibility of the government.

Another potential area of reputational damage is in South Korea’s international security relationships, especially with the US. Persistent cyberattacks on South Korean government networks, particularly those which contain intelligence data important to military and security operations, could lead to allies being unwilling to share sensitive intelligence data with them.

However, through increased capability support and dialogues with allied partners, these fears can be mitigated. Certainly the North Korean regime’s willingness to carry out attacks on the US military systems of the Peninsula and beyond does not assist in undermining intelligence sharing. In fact it acts to strengthen cooperative resolve to counter the threat.

When dealing with a leadership as predictably aggressive as North Korea, there’s a concern that Pyongyang doesn’t have the ability to accurately calculate the risk that a cyberattack entails, leading to undesired or unexpected escalatory reactions from the South. Its willingness to perpetrate acts of aggression without regard for the consequence has been demonstrated many times, such as the 2010 sinking of a South Korean Naval vessel, killing 46 sailors, or the intentional GPS jamming of hundreds of civilian aircraft flights, and navigation systems on South Korean coast guard craft, fishing boats and passenger vessels during 2012. If the North can ‘get away’ with other potentially more serious actions they may believe a cyberattack wouldn’t warrant much consideration or consequence.

Added to the unpredictability of the North Korean mindset is the unpredictability of actors in cyberspace. In such a politically charged situation on the Peninsula, it’s of no comfort that so called hacktivists group Anonymous attempted to become embroiled in the situation by trying to hack into North Korean systems in 2013. They reportedly failed, but when added to the internal hacktivist activity in South Korea directed both at North and South Korean government websites, it’s clearly an unwelcome additional factor to have to manage, and has the potential to initiate an escalation from either side if the attacks are perceived to have originated from respective government sources.

North Korea’s ‘provocative and irresponsible’ behaviour that has seen it shun international norms in areas such as its nuclear program could equally manifest itself in cyberspace. The concept of the cascading effects of actions taken by a power such as North Korea, which cares little about the ultimate impact of what it does, demonstrates how seriously the international community should take North Korea’s activity in cyberspace. Unchallenged and unmanaged continued malicious activity by North Korea in cyberspace has the very real potential to exacerbate the situation on the Peninsula and worst case could lead to kinetic conflict involving major powers China and the US.

Regardless of what we know precisely in terms of the size of North Korean cyber activities, recent evidence that I explored in the paper illustrated a growing North Korean cyber capability, and a willingness to use it alongside its other traditional sabre-rattling tactics of low-level military attacks and strong rhetoric. The ability of South Korea to respond to these incidents as they arise without escalation taking place will be yet another challenge for strategic planners to consider on the Peninsula. The onus is on the South to develop an ever more sophisticated and mature cyber policy architecture and cyber resilience framework in order that in the face of extreme provocation they can remain resilient and, most difficult of all, remain clearheaded in their responses so it doesn’t become a precursor to large-scale military action.

Tobias Feakin is a senior analyst at ASPI and Director of the International Cyber Policy Centre. Image courtesy of Flickr user (stephan).