On July 4 this year, timed to coincide with America’s Independence Day, North Korea launched its first intercontinental ballistic missile. It was a gift, said leader Kim Jong Un, for the “American bastards” on their national holiday. He encouraged the military to “frequently send big and small gift packages”, and this call was heeded, with the longest-range test launched a month later. It was capable, in theory, of reaching Los Angeles, Denver or Chicago.
President Donald Trump’s response so far has been to challenge China to do more to rein in its neighbour. This week, he changed tack and promised to meet any more threats from the hermit kingdom with “fire and fury like the world has never seen”. The problem? Outright nuclear war would be devastating for both sides. Then again, neither leader is known for backing down. So what’s the alternative?
North Korea’s missile tests are about a show of strength – and the ultimate show of strength is a long-range nuclear missile. But what the North reportedly lacks is the technological accuracy and the ability to shrink that nuclear power to fit into a warhead. These are things that will come with time. But what if progress could be slowed, or even halted, using cyber warfare? According to a New York Times report published in March, the Obama administration spent years ramping up its cyber sabotage, with suggestions that it was responsible for an 88 per cent failure rate of mid-range missile tests in North Korea. So can the US simply flick a switch and shut down the North Korean nuclear programme from 11,000km away?
The short answer, is no.
“What you can achieve through cyber means is a little unclear because so little of North Korea’s critical infrastructure is online,” says Tim Stevens, lecturer in global security at King’s College London. As a result of how North Korea is connected to the rest of the world, many of its military units are likely based outside of the country in China and Southeast Asia, Stevens says. It doesn’t matter if US intelligence shows that attacks are originating from within those countries, he adds. “What are you going to do? Wade in somewhere and arrest these people or get them arrested by the host country? That’s not going to happen. So it’s a good ploy on part of North Korea.”
Part of that 88 per cent missile failure rate could probably be attributed to the US, Stevens says. But because the military operations are not networked, it’s doubtful they are susceptible to a full-scale cyber attack. Either way, the US cannot take credit without being shown to escalate aggression – something Kim Jong Un has already said will result in a retaliatory strike from North Korea. “If the US was responsible for that failure rate, that programme clearly got closed down because it ultimately failed,” Stevens says.
Cyber will, nevertheless, continue to be part of the US arsenal combatting North Korean aggression. National security adviser H.R. McMaster has reaffirmed that the US continues to explore “all options” for preventative warfare. If outright cyber attacks that could switch off an entire military operation are not possible, there is another more likely tactic on the table.
“The intention behind Stuxnet was to introduce uncertainty in the minds of Iranians,” Stevens says, alluding to the biggest known cyber attack perpetrated by the US and Israel against Iran’s nuclear programme. Iran could not find the cause of its plant’s repeated failures, something that “sent a few of them round the bend” and resulted in executions. “This may have been one of the intentions with North Korea – to introduce that layer of uncertainty. Because we don’t know how networked they are, and whether they are amenable to an external cyber attack, there are other things you can do to make them doubt their tech is reliable. I would be thinking about destabilising confidence in those systems.”
When North Korea has already stated that any indication of preventive warfare on the part of the Americans would be taken as an open act of war, and responded to accordingly, these kinds of surreptitious maneuvers could potentially work best. Make the North Koreans question everything: their experts, their expertise, their capabilities. Since there are no obvious targets in the North to attack through cyber warfare – no always-online banking system or power grid – attack the periphery to create an atmosphere of uncertainty that is, potentially, equally damaging.
“I suspect there has been attempted cyber warfare probably ongoing for as much as a decade,” says Andrew Futter, associate professor of international politics at the University of Leicester, who agrees that the US likely created malware similar to Stuxnet with the express intention of scuppering North Korea’s nuclear plans. “North Korea represents a slightly different challenge. In Iran you could get to contractors – it’s an open-ish society. North Korea is a lot more closed, so it’s difficult to get access to systems.” There’s not a great deal of coding that goes on for missiles, says Futter, so it’s more likely the US would try to infiltrate the missile supply chain. Psychological warfare, he agrees, is a viable option.
“They could tamper with the networks around Kim himself,” says Stevens. “We always think North Korea is not online, but we know the elite are on Facebook and Twitter. We could find out where the money trail is, or gain an intelligence picture of who is connected to who. US government intelligence agencies will be monitoring those networks and looking at different angles of attack. They could be chipping away and introducing uncertainty to the network around Kim.” South Korean intelligence assets might be able to assist, he adds. “Will it stop a war on its own? Of course it won’t.”
Herein lies the difficulty. There are no good options for countering North Korean aggression. The North continues to behave like an island, achieving this through diplomatic, as well as technological isolation. Despite economic sanctions, that isolation has benefits. Traditional methods of infiltrating the nation at its highest levels of leadership, either to assassinate key targets or locate missile locations, are nigh-on impossible. It also has the ability to constantly move its smaller missiles around and hide them underground. And, as Stevens suggests, its cyber operations may be placed out of reach due to the diplomatic rules of practice – residing in the hotel rooms of friendly nations, such as China.
The confusion means the US has spent years playing a game of cat and mouse with the hermit kingdom, avoiding direct dialogue that would cause further antagonisation. Now, Trump has no such qualms. He is engaging in what Futter refers to as the diplomacy of oneupmanship. “Threaten more and more to make your opponent to back down,” he says. But, crucially, he adds, Trump’s words are hollow. “Nothing has really happened under Donald Trump, modernisation happened under Obama.” What Trump has done, is place greater emphasis on nuclear strength, purely through rhetoric and the possibility of future investment.
Ultimately, cyber attacks are not a viable longterm form of defence. “If there is a rocket on a launchpad there is no real way of knowing your attack would stop it working, and that’s too big a risk,” says Futter. And what if North Korea discovered US-developed malware and found a patch for it in time? But neither Futter nor Stevens believe cyber should be discounted completely. “McMaster says all options are on the table, and cyber will be an option under Trump,” says Stevens. “Whether Trump listens, is another thing. He doesn’t have the nuanced grasp of cyber operations that Obama had – though that’s speculation on my part.”
Pyongyang VR teleports you inside North Korea, one of the world’s most secretive countries
So, what are the likely outcomes in the short term? Stevens says the usual deployment of US warships to the region is likely. But otherwise, it’s all about bluster. “There is zero indication anyone wants to go to war. Americans being evacuated from South Korea and Guam would be the first sign something bad is about to go down,” he adds. The US would only take severe military action if threatened with the same, and Kim Jong Un is unlikely to take it that far, despite outward appearances. “I don’t think we are going to have a war, for one simple reason: Kim knows perfectly well that if there is a war he is finished. There will be no more North Korea to speak of. There is the horrible potential for escalation, but I don’t think there is an appetite.”
Futter’s greatest concern is the inadvertent goings-on of global military maneuvers. “What happens if two aircraft collide by the border, or there is a naval skirmish? Then we have a real case of everybody getting very concerned. I really worry there will be some form of flashpoint that could set off a nasty train of events.” At this stage, the rationale of both leaders becomes irrelevant: the necessary chain of events would be beyond their control.
“Ultimately,” says Stevens, “this is not an issue that’s going to be resolved by force or cyber. It’s a diplomatic operation.” While that’s always been the case, for the first time in history both leaders seem intent on using the rhetoric of “fire and fury”.