Monday’s announcement that the United States would label North Korea a “state sponsor of terrorism” may see a heated response from Pyongyang. For months, President Trump and North Korean supreme leader Kim Jong Un have been trading insults and threats, raising concerns about an open military confrontation to halt Pyongyang’s missile and nuclear programs.
Most of the discussion about potential war scenarios has focused on North Korea’s formidable ground force (the fourth largest in the world), its 11,000 pieces of artillery threatening Seoul, and its emerging nuclear capability.
There’s another threat: Pyongyang’s rapidly expanding cyber-capabilities. North Korea’s 3,000 to 6,000 hackers and the 10 to 20 percent of its military budget going toward online operations mean the country’s cyberthreat to the United States stands only behind that of China, Russia and Iran. If the current tensions continue to escalate, could the United States or North Korea use their cyber-capabilities as a “force multiplier” to conventional military systems?
[interstitial_link url=”https://www.washingtonpost.com/news/monkey-cage/wp/2017/09/27/four-paths-to-a-strategic-miscalculation-over-north-korea/?utm_term=.b390dafb30f7″]Four paths to a ‘strategic miscalculation’ over North Korea[/interstitial_link]
How much does cyber matter on the battlefield?
Analysts who see cyberattacks as the “weapons of the future” argue that hackers can support operations on the ground by disrupting opponents’ command and control, collecting operations intelligence and creating opportunities for conventional forces to exploit.
The big question is whether cyber and conventional forces can coordinate their activities effectively enough to shape battlefield events.
Our recent research on wartime cyber-campaigns in Ukraine and Syria — forthcoming in the Journal of Conflict Resolution — suggests that cyberattacks generally have little or no impact on fighting. We looked at events in Ukraine and Syria, where actors on all sides of each conflict extensively deployed cyberattacks, along with traditional tools of war.
Using a combination of news reports and anonymous attack traffic data, we identified 1,841 cyber-incidents from 2013 to 2016, then merged these data with 26,289 violent events from Ukraine’s Donbas region. We focused our inquiry on disruptive attacks, aimed at directly sabotaging opponents’ ability to operate in the physical or electronic realm (as opposed to strictly propagandistic activities).
These attacks ranged from inundating communications systems with floods of text messages or phone calls, using firewalls and proxies to block access to websites, to using malicious code to inflict physical damage or compromise infrastructure and military objects. We also gathered analogous event data from Syria, to test our analysis in a more protracted, higher-intensity conflict.
Cyberattacks don’t change the battlefield much
Here’s what we found: Increases in cyberattacks had no impact on the timing or intensity of subsequent military operations, and each cyberattack neither provoked nor deterred responses by hackers on the other side.
[interstitial_link url=”https://www.washingtonpost.com/news/monkey-cage/wp/2017/09/20/would-trump-attack-north-korea-heres-what-we-learned-from-his-rocket-man-speech-at-the-u-n/?utm_term=.3b216d40a036″]Would Trump attack North Korea? Here’s what we learned from his ‘Rocket Man’ speech at the U.N.[/interstitial_link]
There’s a lack of coordination, it turns out. We interviewed a number of Russian and Ukrainian security experts, who cautioned that governments don’t always coordinate closely with hackers, perhaps because the military places low priority on cyber-operations.
True, the Kremlin has cultivated extensive ties with nonstate hacktivists. But it’s not clear how these activities tie into military operations. There’s another factor to consider: Russia may be reluctant to compromise ongoing cyberespionage campaigns and its access to Ukraine’s information and telecommunication networks — many of which rely on Russian hardware and software, dating back to Soviet times.
What do these findings tell us about North Korea?
A country like Ukraine, where only 44.1 percent of the population has Internet access, has some built-in buffers to cyber-campaigns. And North Korea’s extremely low Internet penetration rates mean very few North Koreans actually would see or receive any U.S. cyber-propaganda efforts. Attacking the 30 North Korean government websites (and a few commercial ones) will have little effect on people’s lives.
But while Russia enjoyed a lopsided cyber-advantage in Ukraine, U.S. Cyber Command faces a more daunting opponent. North Korea’s government has been heavily investing in cyber-capabilities.
[interstitial_link url=”https://www.washingtonpost.com/news/monkey-cage/wp/2017/07/13/cyber-warfare-has-taken-a-new-turn-yes-its-time-to-worry/?utm_term=.a360e53e3fd3″]Cyberwarfare has taken a new turn. Yes, it’s time to worry.[/interstitial_link]
Pyongyang has a track record of increasingly daring cyberattacks — like the distributed-denial-of-service attacks against South Korean institutions in 2009, the 2014 Sony hack, the WannaCry malware and a penetration of the South’s military networks.
The United States, unlike North Korea, remains highly vulnerable to cyber-campaigns aimed at swaying public opinion — as evidenced by Russian interference in the 2016 presidential elections. A combination of inadequate cybersecurity measures, heavy reliance on the Internet, a hands-off state and extensive private sector exposure makes the United States an easy target. For instance, a North Korean cyberattack could aim to disrupt U.S. power grid operations.
North Korea probably won’t get much out of cyberattacks on the battlefield
Though it may appear as if North Korea has the cyber-upper hand, the regime is unlikely to successfully employ cyberattacks in tandem with conventional military operations, for three reasons:
1) The China factor: China is North Korea’s primary Internet provider. There’s no guarantee Beijing would continue this service in the event of conflict with the United States.
2) Retaliation would be swift: Despite its limited connectivity, North Korea still fears retaliation. After the Sony hack, North Korea experienced massive network outages. While questions of attribution remain, Pyongyang understands that any cyber-operation carries the risk of disproportionate response.
3) Synchronizing cyber- and military operations is difficult: Experts often compare this challenge to that of air power in World War I, when armies increasingly used aircraft for reconnaissance and surveillance, but not for ground combat support or strategic bombing. When air power finally reached this potential 25 years later — in World War II — the effect was utterly devastating.
A similar revolution may eventually reach the cyber-domain. The pace of this transition will benefit from relatively low costs of investment, which makes cyber-capabilities far more accessible than air power was during its adolescent stage. The United States may be taking some steps in this direction, but evidence from contemporary armed conflicts suggests we are not quite there yet.
Nadiya Kostyuk is a fellow with the Cyber Security Project at the Belfer Center and is completing her PhD at the University of Michigan in political science and public policy.
Yuri M. Zhukov is assistant professor of political science at the University of Michigan, Ann Arbor, and faculty associate at the Center for Political Studies at the Institute for Social Research.