Search All Site Content

Total Index: 6153 publications.

Subscribe to our Mailing List!

Sign up for our mailing list to keep up to date on all the latest developments.

The Peninsula

Should the Proposed New Cyber Norms Address North Korea?

Published September 23, 2015
Category: North Korea

By Troy Stangarone

Recent news reports have indicated that the United States and China hope to announce an initial code of conduct governing the use of cyber weapons in advance of President Xi Jinping’s summit meeting with President Barack Obama, while President Xi in Seattle stated that he was willing to work with the United States to address cybercrime. Although short of being a treaty, the agreement would represent the first attempt to develop an arms control agreement for cyberspace and could have longer-term implications, including for addressing cyber threats from North Korea.

Unlike nuclear, chemical, and biological weapons, there are no international norms or agreements governing the actions of state actors in cyberspace.  Instead, cyberspace in a sense is a modern version of the Wild West – an ungoverned land of promise. While the internet has changed the way people communicate and shop, it also holds the potential to be weaponized in the case of war between states. However, because damage from cyber attacks is difficult to attribute and disputes exist over what are legitimate forms of espionage through the internet and what crosses the line into belligerency, states have been unable to craft norms for the use of cyber weapons.

As the United States and China begin to shape an informal, and perhaps later formal, understanding of what is and not acceptable in cyberspace, North Korea should receive special attention in any discussions and ought to be a topic that President Obama raises in his meeting with President Xi. If President Xi is sincere about cooperating with the United States on cybercrime, North Korea is one area where China could play a unique role as North Korea’s access to the internet primarily runs through China with a satellite link to Germany sometimes used to boost the connection. It is also believed that Pyongyang’s cyber division, Bureau 121, operates out of China.

While last year’s attack on Sony Pictures and subsequent threats by North Korea to go after theaters that showed “The Interview” are well known, a study of cyber incidents between states from 2001-2011 indicates that after China most come from North Korea. Of the 111 cyber incidents initiated during that period 14 were initiated by North Korea. Ten were against South Korea, three against the United States, and one against Japan. In the case of South Korea, North Korea is believed to have previously attacked South Korea’s banking and media outlets in 2013.

In the cyber discussions between the United States and China, the talks are believed to focus on a code of conduct put forward earlier this year by the United Nations. While the two sides may not embrace all aspects of the UN recommendations, two could potentially apply to North Korea if adopted in the upcoming summit or in future talks. The first deals with the rules and norms of cyberspace and calls for states to “… not knowingly allow their territory to be used for internationally wrongful acts using ICTs.” The second, dealing with confidence building measures, calls on states to “Cooperate, in a manner consistent with domestic and international law, with requests from other States in investigating ICT-related crime or use of ICTs for terrorist purposes or to mitigate malicious ICT activity emanating from their territory.”

These norms and confidence building measures could apply to North Korea in two ways. In regards to norms, the United States and South Korea should encourage China to not allow its territory to be used for “wrongful acts” and to close down Bureau 121’s operations inside China. While from the perspective of confidence building measures, it would be a positive step in addressing potential cybercrime if China were to agree to cooperate in investigating suspected North Korean attacks and to shut off North Korea’s access to the internet if there is a strong evidence that an ongoing attack is emanating from North Korea.

Of course, even if China were to take these steps North Korea would have other options for conducting cyber warfare. North Korea also borders Russia which could provide potential internet access if China were to curtail Pyongyang’s access and other states, such as Iran, could potentially offer to host North Korean cyber units. However, despite these challenges, steps by the United States and China to develop international norms for conduct in cyberspace could in the long-run help to address the problem of North Korean cyber attacks.

Troy Stangarone is the Senior Director of Congressional Affairs and Trade at the Korea Economic Institute of America. The views expressed here are the author’s alone.

Photo from U.S. Embassy The Hague’s photostream on flickr Creative Commons.

Return to the Peninsula

Stay Informed
Register to receive updates from KEI