North Korea Looks to Provoke with Cyber Warfare Capability

September 14, 2015 2:17 PM
North Korean leader Kim Jong Un in an undated photo.
North Korean leader Kim Jong Un in an undated photo.

North Korea sees cyber operations as integrated with its irregular peacetime operations and valuable in disrupting the operations of its enemies, like command and control, the co-author of an upcoming report on the country’s cyber activities said Monday.

Scott LaFoy, speaking at the Center for Strategic and International Studies, a Washington, D.C., think tank said the way ahead for the Republic of Korea and the United States is to identify and leverage North Korea’s weakness in cyberspace to their advantage

The report, “North Korea Cyber Operations: Strategy and Responses,” will identify the Reconnaissance General Bureau as being the focal point of Pyongyang’s activities. The bureau is responsible for the entire range of clandestine operations. Jenny Jun, the other co-author, said in answer to a question that Pyongyang’s cyber activities are “organized very differently from how the United States is organized.”

While disruptive cyber operations can be seen as harassment, they are not necessary an act of war; but they can provoke a response that can lead to escalation. They “are low risk” operations for North Korea, he added.

James Lewis, director of CSIS’s strategic technology program, said North Korea and other countries such as China and Iran also see cyber as a valuable means of coercive action as Russia did in Estonia and is doing in Ukraine.

“Countries with a Leninist background have an obsession [with information operations],” he said.

Broadcast live streaming video on Ustream

But what has also changed in the last eight years or so is the United States’ ability to attribute where the intrusion or attack is coming from, he said, citing the very quick response 2014 hacking attack on Sony Entertainment. The private sector remains most concerned about defending against espionage intrusions, Jun added.

“The idea of proportional response won’t [necessarily] be confined to a cyber response,” Lewis said, mentioning very specific sanctions against groups or individuals.

With attribution becoming better, he said North Korea could miscalculate its chances of success. “We are in a very dynamic environment” when it comes to attribution.

While there is no “credible evidence” that Pyongyang is launching cyber probes from China, it has used Cambodia. There, the idea was to create illegal cyber gambling sites to generate revenue, Jun said. “That software did have a malware” component.

The Chinese attitude to North Korea’s cyber activities is, Lewis said: “Not worth the cost of disrupting our relations with [Pyongyang] to help you out.”

But the very limitations of the North Korean economy makes them less vulnerable to cyber response or attack, Lewis said.

The United States and the Republic of Korea should work on a proactive and defensive solution to North Korean cyber warfare threat, Jun said.

“We are not fear mongers” in writing the report that concentrates on military aspects of cyber, LaFoy said.

The Sony hacking was “not an isolated incident.” It should be regarded “as a natural progression of [North Korean] strategy” that is “unlikely to be abandoned in the future.” Jun said.

John Grady

John Grady

John Grady, a former managing editor of Navy Times, retired as director of communications for the Association of the United States Army. His reporting on national defense and national security has appeared on Breaking Defense,,,, Government Executive and USNI News.

Get USNI News updates delivered to your inbox