| bibo:abstract |
Introduction
Why Pyongyang Masterminds Illicit Cyber Activities
North Korea’s Cyber Capabilities and Vulnerability to External Attacks
The ROK Government's Response
Policy Recommendations
Introduction
North Korea’s illicit cyber activities and attacks in recent years have posed mounting global security threats in terms of exponentially evolving technology, scale, attack techniques, and targets. As state actors, terrorist organizations, and criminal syndicates could model on North Korean cyber-attacks, or even join hands with North Korea to scale up the level and scope of threats, the international community is calling for proactive and assertive responses to stay one step ahead of the growing threat of cyber-attacks. Various cyber threats from North Korea do not mean one-shot attacks. It is more accurate to define them as systematically conducted cyber operations orchestrated by the Reconnaissance General Bureau (RGB), a North Korean intelligence agency, to achieve political, military, and economic objectives. A specific focus of North Korea’s extensive and multi-directional cyber operations has been on government agencies, national infrastructure, IT companies, the defense and aerospace industries, supply chains, and digital financial services and networks of South Korea, the U.S., Japan, China, Russia, Vietnam, the Middle East, and Africa.
North Korea initiated state-sponsored efforts to enhance its cyber capabilities in the 1990s. However, the successive Pyongyang regimes have primarily focused on bolstering cyber capabilities for regime survival instead of promoting economic growth as an IT powerhouse. North Korea’s cyber capabilities are not limited to military aspects but are also highly effective in posing political and economic threats to its targets. Cyber weapons give North Korea an asymmetric advantage in pursuing its objectives through political and economic coercion as they can be readily employed during peacetime and wartime and show effects immediately unlike other forms of military weapons.
The fact that virtual assets seized by North Korea have been used to develop weapons of mass destruction (WMDs) showed why international sanctions on North Korea have failed to deter its nuclear and missile provocations. This has also recently caused changes in Pyongyang’s cyber policy. Korea has veered from its past defense-oriented policy, pursuing aggressive cyber policies. Before its recent change toward more offensive cybersecurity policy, South Korea had implemented defensive-oriented policies described as ‘defense by denial,’ without retaliating against waves of cyber-attacks orchestrated by Pyongyang since the early 2000s.
In February 2023, the Korean government decided to impose independent sanctions against North Korean individuals and institutions for carrying out illegal cyber activities including illicit activities aimed at winning project contracts. In addition, on April 24, 2023, the Korean and the U.S. governments simultaneously sanctioned North Korean hackers ahead of the summit, which was the second time since 2016 that the two countries have sanctioned North Korea together and the first sanction imposed in the field of cyber security. Seoul and Washington have held working-group meetings to discuss ways to thwart Pyongyang’s attempts to secure funds for its nuclear and missile development through operations conducted by overseas IT workers and cryptocurrency theft, alongside the broader North Korean nuclear issue. The two countries have forged close cooperation to come up with measures such as expanding cooperation with the public and private sectors such as virtual asset exchanges, adding independent sanctions, strengthening investigation cooperation, and issuing joint warnings. They have explored various avenues such as expanding cooperation with the private sector, adding more entities to the sanctions list, strengthening cooperation in cybercrime investigation, and issuing a joint cybersecurity alert.
* Attached File
|
