Former President Donald Trump and North Korean Supreme Leader Kim Jong-un may have shared a “deep and special friendship,” but it’s become abundantly clear in the last few months that the North Korean government feels no similar warm fuzzies toward Joe Biden. Between supposedly “ghosting” the new administration’s calls, launching ballistic missiles and warning the United States “not to cause a stink,” North Korea is doing its best to play hardball with the new administration, choosing to a strike a tone of bravado and intimidation as opposed to one of collaboration. This will undoubtedly hinder U.S. efforts to check North Korea’s nuclear program through diplomatic methods. But summits and talks aren’t the only way to curb Pyongyang’s nuclear ambitions. Biden can still achieve a foreign policy win by cracking down on the country’s state-sponsored cybercrime—crime that directly supports the nuclear program.
It’s often tempting to dismiss North Korea as a small, impoverished nation who likes to rant and rave. But this problematic caricature blinds us to the legitimate threats posed by North Korean hackers. Based out of the Reconnaissance General Bureau, North Korean hackers have reportedly been busy with everything from attacking banks to attempting to steal information about coronavirus vaccines. Despite its poverty and relatively small size, North Korea likes the idea of punching above its weight. And thanks to its state hackers, when it comes to cyber, Pyongyang finally can.
Although experts trace North Korea’s hacking abilities back to 2010, Pyongyang’s cyber abilities really hit the main stage in 2014, with their famous hack of Sony Pictures. Less discussed is what they’ve been up to since. Between 2019 and 2020 alone, North Korean hackers stole about $316.4 million in virtual assets, mostly targeting financial institutions in the hope of attaining cryptocurrencies. But even more concerning is where this stolen cryptocurrency is going—North Korea’s nuclear program. The UN Report of 2019 reported that in addition to stealing currency, much of the hacking also allowed them to seek material and technology for producing fissile material, maintaining nuclear facilities and upgrading its ballistic missile infrastructure.
The Obama and Trump administrations tried to constrain malicious North Korean cyber activity by means of sanctions. Most recently, the U.S. Department of Justice indicted three North Korean military hackers for conspiring to steal $1.3 billion in cash and cryptocurrency. As John Demers, currently Assistant Attorney General for the Department of Justice’s National Security Division, stated, North Korea’s hackers “have become the world’s leading bank robbers.”
A thriving nuclear program isn’t the only potential threat stemming from North Korea’s cyber sprees. While the majority of their cyber activity is currently limited to stealing cryptocurrency, their willingness to use cyber weapons in response to any action they dislike—even the release of a less-than-flattering movie—shows Washington cannot afford to be complacent about America’s cyber posture. A North Korean-led SolarWinds-type hack of sensitive U.S. government systems, or a hack of American critical infrastructure—such as a more horrific variant of the attempt to poison Oldsmar’s water supply—could be devastating in its own right.
If the Biden administration wants to counter North Korea in cyberspace, it will need a two-pronged approach. First, it will need to find ways to hold Pyongyang accountable without escalating tensions to dangerous levels. This will mean attributing malicious cyber behavior as quickly as possible while simultaneously developing proportional direct responses, preferably in alliance with South Korea and other regional powers, to encourage deterrence.
Even more important, the Biden administration needs to build American cyber resilience. In today’s world, cyber attacks are an inevitability, whether they come from North Korea or somewhere else. It is imperative, therefore, that the United States protects its networks. This will require a variety of long-term efforts, including the adoption of a zero-trust approach to network security in many government agencies, bolstering the Cybersecurity and Infrastructure Security Agency’s resources and authority, and improving supply chain security—the vulnerability that led to SolarWinds. And to better understand America’s cyber vulnerabilities, Biden should establish a Bureau of Cyber Statistics, which would analyze and study information regarding cyber attacks on both the public and private sector.
Many people have called cyber warfare the “great equalizer” when it comes to recentering the balance of power in conflict. And historically, dominant global players fall behind when focusing on their past achievements rather than the world ahead. While it’s important for the United States to focus on dominant players in cyber—namely, China—Washington can’t afford to ignore smaller players. If the United States doesn’t want to fall into that trap, then the Biden administration needs to prioritize cyber in its foreign policy strategy for handling North Korea.
Kathryn Waldron is a fellow with the Cybersecurity & Emerging Threats team at the R Street Institute. Follow her on Twitter @Waldron_Kathryn.
Franklin Lee is a research associate with the Cybersecurity & Emerging Threats team at the R Street Institute. Follow him on Twitter @frankeellins.