North Korea’s shadowy hacking army is back in the spotlight.
A congressional hearing, new legislation and South Korean President Park Geun-hye’s visit are bringing renewed attention to Pyongyang’s cyber program, nearly a year after the once tech-averse state was blamed for a destructive cyberattack on Sony Pictures Entertainment.
The Obama administration and lawmakers are looking to South Korea to help thwart Pyongyang’s attempts to transition from digital vandal to digital warrior.
“Given the increasing cyber threats to both our nations, including from the Democratic People’s Republic of Korea, we are stepping up our efforts to increase our cyber defenses,” President Obama said during a joint press conference with Park on Friday, referring to North Korea by its alternate name.
The topic has also been on the minds of lawmakers in recent weeks, with new legislation that would require the White House to develop a strategy to counter North Korean hackers.
“We can’t go any longer without a serious plan to deal with this threat,” said Sen. Cory GardnerCory GardnerMcConnell huddles with GOP rep to discuss possible ND Senate opening GOP senator: Congress will ‘undo the damage’ from Obama Senate GOP to Obama: Stop issuing new rules MORE (R-Colo.), who chairs a subcommittee on East Asia and cybersecurity and introduced the bill with Sens. Jim RischJim RischGOP senators avoid Trump questions on rigged election GOP to Obama: Sanction Chinese entities to get to North Korea Research: Infrastructure systems easy to hack, a little slow to patch MORE (R-Idaho) and Marco RubioMarco RubioWhat Trump's Cabinet picks reveal House passes water bill with Flint aid, drought relief What the 2016 election can tell us about 2018 midterms MORE (R-Fla.). “It’s time to get serious.”
These lawmakers saw Friday’s visit as an ideal place for Obama to start.
“Like the United States, South Korea has suffered damaging cyberattacks against targets of strategic and commercial importance,” Rubio, who is running for president, said ahead of the meeting.
“President Obama should seek closer cooperation with South Korea in coordinating an international response to such attacks.”
Washington and Seoul have been working to strengthen their joint cybersecurity efforts for some time. During Secretary of State John KerryJohn KerryDepleted Dems look to Senate for 2020 nominee Voters want to drain the swamp? They can start with Louisiana GOP As Congress adjusts to Trump, Iran put under the pressure it deserves MORE’s visit to the South Korean capital in May, the two countries pledged to tighten “cooperation on a range of new frontiers that will help define the 21st century, including science and technology, space exploration, cyber issues,” Kerry said.
But lawmakers, experts and many in the administration itself believe Obama must go further with South Korea to fully stymie Pyongyang.
Although little is known about North Korea’s hacking abilities, experts are cautioning not to underestimate the mercurial regime.
“This is half guesswork,” said Victor Cha, Korea chair at the Center for Strategic and International Studies (CSIS). “But we cannot discount the idea that they're building this capability not just to pester people, but eventually to integrate it into some type of asymmetric military strategy.”
Few hard numbers exist on how many cyber soldiers North Korea has developed. Reports put it somewhere in the low thousands, although those estimates may be significantly outdated.
What is known is that in a country with fewer IP addresses than a city block in New York and less Internet traffic than the 3,000-person Falkland Islands, Pyongyang has nonetheless focused its limited resources on developing elite digital warriors.
The country’s advancements have been on display in a variety of increasingly severe hacks over the years, mostly targeting South Korea.
Seoul blames North Korea for at least six notable cyberattacks since 2007. The digital assaults have wiped out hard drives, frozen banking systems and blocked access to websites. One of the more severe attacks took out a South Korean bank’s online services for more than two weeks, The Associated Press reported.
More recently, a string of North Korean cyberattacks targeted South Korean media companies, defacing their websites. And just this month, a South Korean legislator said the North was likely behind a months-long hack of Seoul’s subway system last year.
“What they’re doing now is more small and commercial based,” said Cha.
But perhaps the most concerning sign came last December, when suspected North Korean hackers infiltrated one of the South's nuclear power plants. The intruders disrupted important computer networks, but didn’t harm the reactors or make off with any critical data.
Pyongyang officials, Cha explained, want to “basically use their capabilities to disrupt the peaceful status quo.”
But researchers at CSIS see evidence of a looming military shift. The organization recently briefed the administration and Congress on its findings about Pyongyang's cyber program.
North Korea can’t match the U.S. and South Korea “tank for tank,” Cha said. Cyber prowess would give the country a way to punch above its weight class.
It could allow Pyongyang “to disable missile defense systems,” Cha explained, “to blind [the U.S.] and make it difficult to communicate.”
Cha estimates North Korea is decades, not months or years, away from having this capacity.
Still, he cautioned, “I don’t want to be alarmist, but we shouldn’t underestimate their capabilities to move quickly in doing this.”
Some lawmakers are concerned that the White House is, in fact, underestimating the North Korean cyber threat.
Distracted by China’s alleged massive cyber campaign to pilfer hundreds of millions of dollars in American corporate secrets, the Obama administration has been mostly quiet on the North Korean threat since imposing economic sanctions in the wake of the Sony hack.
“The sanctions against North Korea are of limited utility since we don’t have much commerce [with the country],” Rep. Adam SchiffAdam SchiffWhite House orders intelligence report of election cyberattacks McCarthy’s ghost smiles as Dems point the finger at Russia Budowsky: Did Putin elect Trump? MORE (D-Calif.), the House Intelligence Committee’s top Democrat, told The Hill.
“I do think we need a strategy in dealing with North Korea,” he added.
The Gardner-Risch-Rubio bill would both codify Obama’s North Korean sanctions, and also require the White House to develop a longer-term strategy.
“It’s time to immediately reverse course and begin applying more pressure to the North Korean regime,” Gardner said at a Senate Foreign Relations subcommittee's hearingearlier this month.
South Korea would invariably be a vital part of this strategy, agreed experts and lawmakers.
“The more we can collaborate and align our activities and our response to hacking, the better off we will be,” Rep. Jim Langevin (D-R.I.), who co-chairs the Congressional Cybersecurity Caucus, told The Hill. “I’d like to see more international rules of the road established, either joint agreements country-by-country, or broad international agreements.
“I see the South Koreans as a partner in that,” Langevin added.
Obama echoed this sentiment following an Oval Office meeting with Park and several U.S. national security officials, including Defense Secretary Ash Carter and National Security Advisor Susan Rice.
The White House and the Blue House, South Korea’s executive office, will establish a “cyber coordination channel” to make sure “we are in sync” in combating cyber threats, Obama said.
The two administrations also issued a long list of cyber pledges, committing both sides to joint cyber military operations, collaborative cybersecurity research and the side-by-side development of international cyber norms.
“Our alliance remains a linchpin of peace and security not just on the Korean Peninsula, but across the region, and so South Korea plays a central role in America's rebalance to the Asia-Pacific, and we continued that work today,” Obama said.