bibo:abstract |
Ⅰ. Introduction
Ⅱ. North Korea’s Cyber Threats: Objectives and Functions
Ⅲ. North Korea’s Cyber Capabilities
Ⅳ. The ROK Government’s Response and Collaboration with the International Community: Latest Developments
Ⅴ. Policy Recommendations
Ⅰ. Introduction
North Korea’s cross-border aggression in cyberspace is becoming a dangerous and evolving threat to many countries around the world. Pyongyang’s cyber attacks are growing in both technological sophistication and scale, forcing the international community to devise strong measures. North Korean cybercriminals infiltrate a broad range of targets, including government agencies, state infrastructure, tech firms, national security networks, defense industries, aerospace industries, supply chains, and virtual assets in numerous countries ranging from Korea, the U.S., Japan, China, Russia, Vietnam, the Middle East, Latin America to Africa.
North Korea’s cyber capabilities are being developed to ensure the regime’s survival, rather than as a means to become a tech powerhouse paving the way for economic growth. Cyber operations have enabled North Korea to not only disrupt its adversaries’ military but also undermine the targets’ economic and political systems. This is because, unlike other military means, cyber operations could take place in both peacetime and wartime and immediately cause damage to the target. North Korean cyber attacks have stolen vast sums of virtual assets from many institutions around the world to fund the regime’s nuclear and missile programs, and this inseparable link between Pyongyang’s cyber heist and its weapons of mass destruction explains why the international community has failed to effectively curb the North’s nuclear and missile provocations.
This article aims to identify the objectives of North Korean cyber activities, how they function, and the level of North Korea’s cyber offensive capabilities; discuss the latest developments in the ROK government’s response to North Korean cyber threats and its collaboration with the U.S. and the international community in the cyber domain; and introduce a set of measures the ROK government could take to deal with ever-evolving cyber threats posed by the North Korean regime.
Ⅱ. North Korea’s Cyber Threats: Objectives and Functions
1. Asymmetric Capability to Achieve Strategic Goals
Cyber capabilities, alongside nuclear and biochemical weapons, provide a critical asymmetric capability for the Kim Jong Un regime. With an increasingly sophisticated set of cyber capabilities giving the regime effective leverage to advance its political, military, and economic goals, Pyongyang resorts to various cyber crimes to achieve financial gains and attain strategic goals at the same time.
Being one of the most isolated countries in the world, North Korea finds it challenging to advance policy goals through diplomatic means. For this reason, North Korea uses cyber attacks to disrupt and paralyze key infrastructures in South Korea and other adversaries; steal sensitive information to outmaneuver an adversary; disrupt an adversary’s military operation in wartime; secure funds for its weapons development and economic development initiatives; conduct cyber espionage and influence operations to stoke chaos and conflicts in a target country and interfere in elections; steal critical information related to science and technology and defense industry; and promote the regime’s propaganda campaigns.
2. Source of Funding for Nuclear Programs
In recent years, sanctions-hit North Korea has launched cyber attacks on the global digital financial system to generate income for sustaining its national economy and developing weapons of mass destruction. In 2015, the regime came to realize that cyber theft could be an effective revenue generator for the cash-strapped government of North Korea, and since then, Pyongyang has doubled down on cyber capabilities and crypto theft as a means to generate cash in the face of international sanctions. On top of that, the outbreak of the Covid-19 pandemic and subsequent closures of Chinese and Russian borders have caused an extreme shortage of daily necessities in North Korea and drastically reduced black market activities including drug trading. This has prompted a surge in the prices of goods, pushing the regime to ramp up its cyber operations to offset the economic fallout caused by the pandemic.
In 2022, North Korea pulled off a record-setting theft of virtual assets with its hackers stealing $1.7bn of crypto. This accounts for 43.4 percent of the total losses arising from global cryptocurrency hacks. Given this latest data, it is not an overstatement to say that the North Korean economy runs on cryptocurrency heists.
3. Cyber Espionage Using Social Engineering Techniques
North Korea’s state-sponsored cyber actors conduct espionage with social engineering techniques and phishing schemes. While cyber espionage does not instantly inflict damage on a target country, it steals personal or classified government information, paving the way for an actual cyber attack. North Korean IT workers use fake IDs and accounts to pose as non-North Korean nationals to gain employment and win contracts in North America, Europe, and East Asia. They also closely monitor the political developments or controversial social issues unfolding in South Korea to seize an opportunity to launch cyber espionage or influence operations. The regime’s cyber espionage specifically targets government agencies in Korea, Japan, the U.S., and Europe as well as foreign policy, national security, defense, and aerospace experts in these target countries. At times, the North Korean leadership uses foreign experts’ analyses of North Korea collected through cyber espionage for reference in shaping its foreign policy strategy.
Ⅲ. North Korea’s Cyber Capabilities
The Belfer National Cyber Power Index (NCPI), which measures countries’ cyber capabilities in the context of seven national objectives, ranked North Korea 14th among 30 countries. Most of the North’s cyber capabilities are centered on launching cyber attacks and illicit financial activities. It should be noted that since North Korea’s cyber prowess is mostly focused on conducting attacks in the cyber domain rather than defending against an opponent’s cyber aggression, the isolated regime would arguably be extremely vulnerable to an adversary’s cyber attacks.
Ⅳ. The ROK Government’s Response and Collaboration with the International Community: Latest Developments
1. A Shift toward a More Aggressive Strategy in Cyberspace
As the South Korean government’s cyber security policies have largely been driven by a defensive posture, South Korea has not sought to retaliate against North Korea’s cyber aggression which began in the early 2000s. The Belfer National Cyber Power Index ranked Korea 7th among cyber powers and found that while South Korea possesses enough cyber prowess, it takes a largely defensive posture and uses its cyber capabilities passively in terms of attacking an adversary. The Korean government is shifting from defense-oriented cyber security policies to a more offensive posture in response to the rapidly growing cyber security threats around the world, including North Korea’s seizure of virtual assets for the development of its nuclear and missile programs. This policy shift has recently been noticeable in various areas of cooperation with its regional partners and allies including the U.S. and joint cyber security operations with the U.S. against North Korea’s cyber security threats.
2. Integrating Interagency Crisis Responses and Strengthening Public-Private Cooperation
The Korean government has pledged to boost efforts led by the Office of National Security to formulate a systematic cyber crisis response system and related legislation to respond to rapidly increasing cyber security threats. Although there has been competition among government agencies over the leadership of the Office of National Security, a fire that crippled Kakao Corp.’s servers last year served as a wake-up call for strengthening interagency cyber security cooperation and public-private cooperation. In December 2022, the Korean government issued “A Joint Advisory on DPRK IT Workers” as part of orchestrating and facilitating cooperation between ministries against the cyber security threats posed by North Korea. In addition, the signing of a memorandum of understanding (MOU) between the National Intelligence Service (NIS)’s National Cyber Security Center and the Korean military’s Cyber Operations Command on May 1, 2023, is meaningful in that it doubles a synergistic effect in combating cyber security threats. And in November 2022, the National Cyber Security Center under the NIS opened the “National Cyber Security Cooperation Center” in Pangyo to enhance public-private cooperation in responding to cyber threats.
3. Strengthening the ROK-U.S. Alliance and Cooperation with the International Community in the Cyber Security Domain
In October 2022, South Korea’s Cyber Operations Command participated in the Cyber Flag, a multinational defensive cyber exercise led by the United States Cyber Command (USCYBERCOM) for the first time, and the two sides agreed to craft a detailed joint cyber military training plan in the future. In addition, the two sides have discussed the North Korean nuclear issue and ways to block North Korea’s overseas IT workers from stealing virtual assets at the “U.S.-ROK Working Group Meetings on the DPRK Cyber Threat.” And in February 2023, South Korea and the U.S. released a joint cybersecurity advisory on North Korean state-sponsored ransomware operators to send out warning messages. The two countries also conducted joint operations to cut North Korean hackers’ money laundering attempts.
At the Korea-U.S. summit on April 26, 2023, the two sides announced a “strategic cybersecurity cooperation framework” to extend their cooperation to cyberspace, and vowed to elevate the level of their intelligence-sharing alliance to that of the Five Eyes. At the summit, the U.S. and Korea agreed to develop and implement countermeasures such as: facilitating information sharing; curbing malicious cyber activities; sophisticating deterrence, defense, and threat reduction measures; advancing cooperation to prevent money laundering and virtual asset theft; promoting international cooperation in urging an individual state’s responsible behavior during peacetime, enhancing cyber capabilities through cyber security exercises training; strengthening R&D cooperation for the protection and resilience of critical national infrastructure; boosting private sector cooperation; forging private-public-academia partnerships for cyber resilience; and promoting an open, interoperable, secure, and reliable Internet and stable cyberspace.
Ⅴ. Policy Recommendations
1. Need for Orchestrating Public-Private Cooperation Flexibly in Response to Various Cyber Threats Occurring at All Times: Blurred Lines between Peacetime and Wartime Situations
Offense and defense in cyberspace could be made both in peacetime and wartime. As virtual asset theft and supply chain attacks can occur during peacetime and wartime, dividing roles between the military, public, and private sectors seems pointless. Therefore, there is a pressing need to establish a response system that can aptly allocate resources and experts while prompt information sharing and the decision-making process during peacetime and wartime need to be integrated and operated.
2. The ROK’s Role as the Hub of the Comprehensive Information-Sharing Network to Tackle Growing Cyber Security Threats Posed by North Korea
The two Koreas speak the same language although it has diverged over the past decades, meaning that South Korea can identify and understand North Korea’s cyber espionage activities and insinuation in its rhetoric better than any other country. These cultural and linguistic similarities will likely work to the Korean government’s advantage by underscoring and elevating its role in international cooperation against Pyongyang’s malicious activities in cyberspace. Therefore, it is advised that the Korean government establish a cyber-security situation room or strategic communication center to fulfill its role as the hub for the intelligence-sharing network and cooperation against various cyber-security threats in the region.
3. The ROK’s Need for Linking up Mini- and Multi-lateral Cybersecurity Cooperation in the Indo-Pacific Region and Working with Like-minded Regional Partners to Formulate Effective Joint Responses
As formulating and implementing effective responses to transnational cybersecurity threats go beyond an individual state’s initiatives and efforts, it is recommended that the Korean government explore and bring up the key agendas in terms of cybersecurity cooperation that could link up its interests with a wide spectrum of the agendas discussed in the mini- and multi-lateral consultative bodies within QUAD and AUKUS. In line with such efforts, it is also advised that the Korean government should endeavor to form cybersecurity alliances with major players in the Indo-Pacific, build a consensus on and codify the concept of mutual defense in cyberspace, and deepen its cooperation with like-minded countries regarding the issue.
4. Raise Public Awareness of the Importance of Cyberspace Security: On Values and Principles of Promoting Security in Cyberspace Shared by the International Community
The Korean government needs to raise public awareness of Pyongyang’s cyber espionage activities by improving the public’s access to necessary information so that private-sector actors, both domestic and international, can identify and respond to North Korea’s cyber crime in a timely and adequate manner. It also bears noting that private-sector actors’ threat perception of national security interests in cyberspace is closely or directly related to efforts at advancing national security interests. So, it is important for the private sector to share situational awareness with governments and the international community. In this regard, the Korean government needs to ensure that the guidelines for information-sharing, training, and providing advice regarding cybersecurity issues will be provided on a regular, round-the-clock basis. On top of that, it is advised to continue efforts to disseminate the international community’s shared values and principles in cyberspace to raise private sector actors’ awareness for better responses to the existing and emerging cyber security threats.
* Attached the File
|