How is the increasing spread of artificial intelligence (AI) likely to shape the cyber capabilities of the Democratic People’s Republic of Korea (DPRK; North Korea) in the coming years? Over the past decade, cyber tools have become an important enabler of the Kim Jong Un regime’s quest to achieve its policy objectives. Today, as a result of sustained investments by Pyongyang, the DPRK has developed an increasingly sophisticated set of cyber capabilities, which it has used to substantial effect against foreign militaries, banks, companies, media outlets, and individuals. While the regime has been able to achieve much through cyberattacks relying on traditional human operators, there are some areas where automating cyberattacks may prove attractive to the North. At the same time, demand for trained cybersecurity professionals usually far outstrips supply, and AI for cyberdefense may be an area where the regime ultimately feels compelled to invest, either to offset human capital shortfalls, or as adversary AI-enabled cyberattacks grow more sophisticated. Is North Korea about to make the leap to AI-enabled cyberattacks or cyber defense? Or will the country’s international isolation impair its ability to pair up AI with its existing cyber capabilities?
Recognizing the challenges posed by Pyongyang’s computer network operations, official national security documents from the United States, the Republic of Korea (ROK; South Korea), and Japan have all identified the DPRK’s cyber operations as a serious concern. For example, the 2021 Worldwide Threat Assessment by the U.S. Director of National Intelligence noted that North Korea’s cyber program “poses a growing espionage, theft, and attack threat.” For its part, the ROK Ministry of National Defense (MND), in its 2020 Defense White Paper, noted that North Korea is “operating a 6,800-strong unit of trained cyber-warfare specialists and is working to enhance cyber capabilities by continuing R&D on [the] latest technologies.” In 2020, Japan’s Ministry of Defense concluded that North Korea possesses “large-scale cyber units as part of its asymmetric military capabilities, engaging in theft of military secrets and developing capabilities to attack critical infrastructure of foreign countries.” And as the ROK’s MND has further noted, the North is also “fostering specialists and continuing R&D in [the] latest technologies” related to cyber technologies.9 One such “latest technology” is AI: the use of computer software programs to sift through large volumes of data to identify patterns, predict behavior or results, and adjust and improve its predictions of outcomes in terms of data feedback.
There are a number of possibilities for how AI might relate to North Korea’s cyber capabilities. For example, if Pyongyang augments its cyberattacks with AI, the North might be able to rapidly accelerate and expand its intrusion sets by using algorithms to identify weaknesses in adversary systems or improve the effectiveness of its attacks. On the other hand, U.S., South Korean, or other nations that employ AI for cyber defense may become more proficient at detecting and defeating North Korea’s human-developed cyber intrusion sets, eroding the value of Pyongyang’s cyber arsenal unless it improves its offensive cyber tactics, techniques, and procedures (TTP), possibly by employing AI for offensive cyber in novel ways. The regime could also seek to employ AI to improve its own cyber defenses, hoping to detect and defeat the United States’, South Koreans’, or other nations’ efforts to probe or penetrate the limited systems that actors in the North use to connect to the Internet. Finally, and in response to the automation of its own cyberattacks or cyber defenses, Pyongyang might target adversary AI training data or models themselves.
To date, we find that there is very limited direct evidence that the DPRK has moved to pair AI with its cyber capabilities, but compelling logic and significant circumstantial evidence indicate that it will do so in the years ahead. Given the nature of the DPRK as a closed “hard target” country, with the details of its cyber programs as presumably among the most closely-held secrets of state, a lack of direct evidence about its cutting-edge capabilities is hardly diagnostic. As has been shown time and again by progress in North Korea’s strategic weapons programs, Pyongyang’s technical knowledge base or intent to develop an advanced capability can be good markers of its ultimate goals. We did find significant circumstantial evidence, precedent, and logic that points to the possibility that North Korea has, or in the future likely will, pair its cyber capabilities with AI. Meanwhile, we found no evidence or compelling logic to support hypotheses that the DPRK would choose not to pursue such capabilities, or that the DPRK would be unable to develop and employ such capabilities.
In the absence of concrete evidence, there are very good reasons to think that the regime is moving in this direction based on its interests; trends in broader technology, espionage, and warfare; statements by regime leaders; a survey of academic writings on AI by DPRK researchers; as well as past evidence from how the North has embraced other strategic technologies and how other nations are treating AI and cyber. While Pyongyang’s human-conducted cyberattacks have been quite effective to date, there are nonetheless some good reasons to think that in the future it may seek to incorporate AI its offensive cyber operations, especially if its targets begin to degrade the effectiveness of Pyongyang’s cyberattacks by adopting AI-enabled anomaly detection. And though the North is connected to the global Internet through only a fairly limited number of access points today, should its own economy develop greater touchpoints with the outside internet, the North would likely see increased value in AI-enabled cyber defenses. Finally, an examination of the experiences of North Korea and other similar malign actors finds no evidence that the cost of AI development, access to cutting edge research or training sets, or availability of electricity supply are likely to constrain the regime should it choose to develop AI for cyber, while access to talent and computing power could be somewhat more substantial chokepoints in AI development, though the former would potentially just further incentivize the North to press ahead even faster.
The remainder of this article unfolds in three parts.
First, we ground our discussion in an explanation of North Korea’s overall policy goals and its political-military strategy. We then describe what is known or believed to be true about the role of cyber tools in supporting the regime’s goals.
Second, we lay out what we know or can reasonably infer about North Korea’s interest in and access to AI and machine learning (ML), as well as how these appear to fit with its overall cyber strategy. To characterize the DPRK’s ambitions and capabilities in this area, we look at North Korean leadership statements and North Korean efforts to develop other strategic technologies. We then supplement these with an examination of insights drawn from a novel dataset we built of forty-eight technical articles written by researchers at Kim Il Sung University, the premiere school for the study of AI in North Korea, published between 2018 and 2020. Additionally, we compare North Korea’s situation with that of other countries seeking controlled strategic technologies and assess how a series of factors may or may not constrain the regime’s adoption of AI-enabled cyber.
Finally, the article explores how North Korea’s cyber capabilities might evolve if combined with AI over the coming half-decade.