By Alexis Lavi and Matthew Flug
America’s attention has quickly shifted from the Middle East to East Asia, where North Korea recently launched an intercontinental ballistic missile. The Democratic People’s Republic of Korea (DPRK) has had several missile launches over the past few years, regardless of UN sanctions and pressure from the west. However, the most recent on Sunday launch was unsuccessful. Failed missile tests for the North Korean regime are routine. According to the New York Times, “Eighty-eight percent of the launches of the North’s most threatening missiles have self-destructed since the covert American program [targeting DPRK’s strategic weapons research] was accelerated three years ago.” Notwithstanding these failed attempts, many analysts and observers are seeing signs of the North’s growing nuclear capabilities. In 2016, North Korea conducted nuclear tests – which detonated more than twice the destructive force of the Hiroshima bomb during WWII. And Sunday’s military showcase, honoring the nation’s founder, Kim Il-sung, Kim Jung-un’s grandfather, was going to be another marker in North Korea’s public military technology strength.
The goal of this showcase was to signal to the world – both allies and enemies – the North Korean military prowess and technological advancements. Last Sunday’s missile launches had the chance to exemplify North Korea’s credible engineering and evolving technologies, similar to how the 2014 Sony cyber-attacks confirmed U.S. concern over North Korea’s cyber capabilities. Instead, last Sunday’s failed missile launches reignited discussions on the U.S.’s cyber offensive capabilities and willingness to employ preemptive measures.
While the failed launch could simply be blamed on poor engineering or human error, the prospect of intentional efforts of intervention through cyber means to disrupt these tests is also a feasible notion. A U.S. offensive program within the U.S. Cyber Command and National Security Agency designed to degrade North Korea’s nuclear capabilities now seems more likely than ever before. Such precedent exists, for example, when the U.S. along with Israeli counterparts engineered the Stuxnet cyber weapon to disrupt Iran’s nuclear program. If the U.S. is actively targeting Pyongyang’s nuclear program or disrupting one-off tests, then a combination of human intelligence, signals intelligence, and cyber tactics are undoubtedly necessary. Regardless of whether the possible U.S. interference last week was an isolated event or an indication of a crippling nuclear the program, if an intentional effort was made to covertly thwart North Korea’s militaristic efforts, it would require a combination of the following factors:
- Intimate knowledge of the programmable logic controls of their missile systems
- Vulnerabilities and points of failure within military computer networks;
- Insight into the supply chain to manipulate, tamper, or corrupt hardware, firmware, or software before reaching the North;
- A craft exploit to target missile launching capabilities;
- Spies and strategic reconnaissance that have penetrated North Korea’s most elite offices and programs; and/or
- Electronic warfare.
James Acton of the Carnegie Endowment for International Peace assessed that use of cyber- attacks against North Korea is less likely to force Kim Jung-un into a “dangerous, immediate response”, though it “might set off dangerous longer-term consequences.” The longer-term consequences may include a steady cyber arms race, destructive attacks against U.S. critical infrastructure or commerce (e.g. Sony), or casting a cloud over a Cuban Missile Crisis 2.0, as David Sanger and William Broad have said. However, the U.S. has vested interest in disrupting the nuclear program of a rogue state while concurrently signaling the sheer power of an active U.S. cyber program. The North Korean of today is not the same nation in 2008 who blew up on of its own nuclear plant in return for relieved sanction. Nine years later the nation is attempting to set and abide by its own agenda.
The potential strike or dedicated campaign against North Korea’s nuclear capabilities signals an erosion of President Trump’s “America First” approach of isolationism. This change in policy can alter the Administration’s course of action, especially with key partners like China. As Vice President Pence alluded, the “era of strategic patience is over” between the two nations. The U.S. appears ready to act with military might, which certainly includes a strong cyber front, to ensure North Korea’s position in the region does not expand. Expanding economic sanctions and working multilaterally with the UN has turned futile; therefore, the U.S. has a limited set of unilateral actions to keep Kim Jung-un in his place. Whether a clever political strategy or not, the U.S. has reawakened its standoffish relationship with one of the most secretive and erratic nations in the world. Public attention on North Korea and a presumed use of hard power to counter a rogue nation will certainly change the U.S. position with respect to China, Japan, and South Korea and, perhaps more importantly, the future cyberwarfare rules of engagement.
Alexis Lavi is a cybersecurity technology and policy professional with experience analyzing cyber risk, planning offensive engagements, and designing cyber governance programs. Alexis is a graduate of American University and University College London.
Matthew Flug spent nearly seven years in the U.S. Intelligence Community, focusing primarily on counterterrorism in Europe and the Middle East. Despite a recent transition to the private sector, Matthew continues to follow and share insights on U.S. foreign policy. He holds degrees from both American University and Johns Hopkins University.