Christian Whiton: Direct cyber-retaliation against North Korea poses challenges
Whiton: Responding to cyberattacks is a new area for statecraft
United States should maintain escalatory dominance, he says
Editor’s Note: Christian Whiton is a former deputy special envoy for human rights in North Korea for the George W. Bush administration. He is president of the Hamilton Foundation, a principal with DC Advisory, a public policy consultancy, and the author of “Smart Power: Between Diplomacy and War.” The views expressed are his own.
A quote often attributed to Leon Trotsky reads, “You may not be interested in war, but war is interested in you.” Although Washington would like very much to ignore North Korea, Pyongyang has just brought Trotsky’s axiom into the 21st century with a seminal cyberattack that will have an immediate economic and cultural impact.
On Wednesday, the U.S. government reportedly concluded that North Korea was “centrally involved” in the hacking of Sony Pictures. The attack is believed to have involved stealing and publicizing emails between high-level Sony executives and talent, as well as at least two government officials. When combined with a threat of violence against would-be viewers of a comedy mocking the North Korean dictator Kim Jong Un, Pyongyang’s hackers effected the cancellation of the movie’s release.
More than just costing Sony as much as $100 million by some estimates, the cancellation and other fallout from the hack attack will likely end careers in Hollywood and Tokyo and put a chill on creative satires or other media aimed at dictatorships. A Hollywood that already increasingly toadied repressive governments like China’s may now be completely defanged. What happens in film also affects music, publishing and the news media. Using modest cybercapabilities and an American-Japanese target wholly lacking in moral courage, North Korea has aided itself and every other dictatorship on Earth mightily.
Washington has developed a de facto policy of ignoring North Korea, especially after talks to disarm that nation failed during the Bush administration. In 2010, after North Korea sank a South Korean Navy ship, President Barack Obama said Pyongyang must be “held to account.” In 2013, after North Korea’s third nuclear test, President Obama vowed “swift and credible” action. But aside from the umpteenth condemnation by the U.N. Security Council – to which North Korea is indifferent – the world mostly goes back to ignoring Pyongyang after headlines change.
But in this case, ignorance isn’t bliss. This year alone, North Korea has fired shells toward South Korea, apparently engaged in illicit arms transfers with Cuba, and is suspected by America’s top general in South Korea of potentially having developed the skill to weaponize the nuclear devices it has been working on.
Then, of course, came Pyongyang’s cyberattack on Sony, a remarkable feat in a country where Internet access is tightly controlled and there is no commercial software market to create a private supply of programmers. The state reportedly makes up for this by employing its own small army of hackers, who according to defectors train in Russia and China, and even operate from abroad.
The free world should react. Responding to cyberattacks is a new area for statecraft, but ought to be seen in the same light as dealing with any other nonlethal attack on a nation’s economic or security interests.
First, the United States and its allies should retaliate against their attackers in order to deter future attacks. The response should be similar to, but of a greater magnitude than the initial attack – a common feature of deterrence. Second, the United States should maintain escalatory dominance, making clear that it is always willing and able to ascend to the next higher level of conflict if so forced.
A direct cyber-retaliation against North Korea may pose challenges; the nation is less networked and less reliant on intellectual property than free nations. But any modern communications system has vulnerabilities that can be exploited. Furthermore, North Korea’s two alleged primary cyberenablers, Russia and China, could be covertly targeted with electronic means for aiding an attack on the United States.
For example, the United States could disrupt communications or even the electricity grid in Pyongyang and temporarily disrupt a small number of Chinese or Russian firms that depend on Web commerce. Taking steps like these may require transforming the young U.S. Cyber Command from an extra tool for U.S. military commanders in a regular war into an agency that fights more in peacetime. Sometimes the best defense is a good offense.
In this way, cyberwar and deterrence could come to resemble espionage-related contests during the Cold War. One side responds to provocations with counterprovocations. An understanding and an unwritten code of conduct develops among adversaries. Short-term stability is generally achieved, pending further resolution that is hopefully peaceful and conducted at our initiative – like the end of the Cold War.
But with North Korea we should go further still, ceasing ever again to ignore the regime. Ultimately, improved cybersecurity will only come with the regime’s replacement. Freedom and accountable government work for Koreans, a fact that is obvious from the shining example of South Korea. Helping North Koreans replicate this by peacefully replacing the Kim dynasty ought to be the free world’s primary goal on the Korean Peninsula.
Ironically, one of the best ways to achieve this change is with the type of cultural and electronic warfare North Korea has just waged against us. Supporting the free flow of information back into North Korea – especially by defectors who can encourage and explain the truth to the repressed Koreans they left behind – is a proven way of eroding tyrannical regimes. It will also put Pyongyang on the defensive at home – fully aware that it is no longer being ignored.