3 November 2017


In 2004 I went to deliver a talk and chair a session on Cyber War at College of Defence Management, Secunderabad. After the session one of the participant officers of Higher Defence Management Course who was doing his dissertation on a relevant topic engaged me in a discussion that North Korea has no internet connection and how do they do business. My answer that in today’s world no country can afford to have complete disconnect seemed not to satisfy him. Of course Sony happened later. Now Russia is providing them with internet connectivity when others have blocked. 

Here is a take on North Korea’s Cyber capabilities. 


                                                                    - Maj Gen P K Mallick,VSM (Retd) 

Frequently, senior political leaders, cyber security professionals, and diplomats describe North Korean leaders or their respective actions as “crazy,” “erratic,” or “not rational.” This is not the case. When examined through the lens of North Korean military strategy, national goals, and security perceptions, cyber activities correspond to their larger approach. North Korean cyber actors are not crazy or irrational: they just have a wider operational scope than most other intelligence services. 

And just as Western analysts once scoffed at the potential of the North’s nuclear program, so did experts dismiss its cyber potential — only to now acknowledge that hacking is an almost perfect weapon for a Pyongyang that is isolated and has little to lose. The country’s primitive infrastructure is far less vulnerable to cyber retaliation. North Korean hackers operate outside the country, anyway. Sanctions offer no useful response, since a raft of sanctions are already imposed. And Mr. Kim’s advisers are betting that no one will respond to a cyberattack with a military attack, for fear of a catastrophic escalation between North and South Korea.

North Korea is emerging as a significant actor in cyberspace with both its clandestine and military organizations gaining the ability to conduct cyber operations. Cyber attacks in South Korea and the United States have recently been associated with North Korea. The U.S. and Republic of Korea (ROK) governments attribute recent incidents, including the November 2014 attack against Sony Pictures Entertainment and the March 2013 attacks against South Korean banks and media agencies, respectively, to North Korea. These attacks have shown that the country is capable of conducting damaging and disruptive cyber attacks during peacetime. North Korea seems heavily invested in growing and developing its cyber capabilities for both political and military purposes. 

Aa per the 2016 University of Washington study succinctly summarizes North Korea’s asymmetric military strategy: Since the end of the Korean War, North Korea has developed an asymmetric military strategy, weapons, and strength because its conventional military power is far weaker than that of the U.S. and South Korea. Thus, North Korea has developed three military strategic pillars: surprise attack; quick decisive war; mixed tactics. First, its surprise attack strategy refers to attacking the enemy at an unexpected time and place. Second, its quick decisive war strategy is to defeat the South Korean military before the U.S. military or international community could intervene. Lastly, its mixed tactics strategy is to use multiple tactics at the same time to achieve its strategic goal. 

Despite their near constant tirade of bellicose rhetoric and professions of strength, North Korea fundamentally views the world from a position of weakness and has developed a national strategy that utilizes its comparative strengths — complete control over a population of 25 million people and unflinching devotion to the Kim hereditary dynasty. 

In this context, criminality, terrorism, and destructive cyber attacks all fit within the North Korean asymmetric military strategy which emphasizes surprise attacks and mixed tactics. The criminality and cyber attacks also have the added bonus of enabling North Korea to undermine the very international economic and political systems that constrain and punish it. 

North Korea has relied on various asymmetric and irregular means to sidestep the conventional military deadlock on the peninsula while also preparing these means for use should a war break out. Cyber capabilities provide another means of exploiting U.S. and ROK vulnerabilities at relatively low intensity  while minimizing risk of retaliation or escalation. In this context, cyber capabilities are logical extensions of both North Korea’s peacetime and wartime operations 

Cyber Capabilities and Asymmetric Strategy. North Korea sees cyber operations as a relatively low-cost and low risk means of targeting the vulnerabilities of a state that relies heavily on cyberspace for national and military activity. Disruptive or destructive cyber attacks allow for direct power projection against a distant adversary without physical infiltration or attack. Cyber capabilities are also an effective means to severely disrupt or neutralize the benefits of having a networked military. Issues of attribution and the lack of firmly established norms make it hard for the defender to communicate red lines and threats. 

North Korea’s Cyber Strategy. Cyber operations should be thought of as an extension of North Korea’s broader national strategy. During peacetime, cyber capabilities allow the DPRK to upset the status quo with little risk of retaliation or immediate operational risk. During wartime, the DPRK would target U.S. and ROK command, control, communications, computers, intelligence, surveillance, and reconnaissance (C4ISR) in support of the DPRK’s “quick war, quick end” strategy. North Korean cyber doctrine, if one exists, may be premised on the idea that an extensively networked military is vulnerable to cyber capabilities. 

North Korea began identifying promising students at an early age for special training, sending many to China’s top computer science programs. In the late 1990s, the Federal Bureau of Investigation’s counterintelligence division noticed that North Koreans assigned to work at the United Nations were also quietly enrolling in university computer programming courses in New York. 

“Cyber is a tailor-made instrument of power for them,” said Chris Inglis, a former deputy director of the National Security Agency, who now teaches about security at the United States Naval Academy. “There’s a low cost of entry, it’s largely asymmetrical, there’s some degree of anonymity and stealth in its use. It can hold large swaths of nation state infrastructure and private-sector infrastructure at risk. It’s a source of income.” Mr. Inglis, speaking at the Cambridge Cyber Summit added: “You could argue that they have one of the most successful cyber programs on the planet, not because it’s technically sophisticated, but because it has achieved all of their aims at very low cost.” 

From Minor Leaguers to Serious Hackers 

Kim Jong-il, the father of the current dictator and the initiator of North Korea’s cyber operations, was a movie lover who became an internet enthusiast, a luxury reserved for the country’s elite. When Mr. Kim died in 2011, the country was estimated to have 1,024 IP addresses, fewer than on most New York City blocks. Mr. Kim, like the Chinese, initially saw the internet as a threat to his regime’s ironclad control over information. But his attitude began to change in the early 1990s, after a group of North Korean computer scientists returned from travel abroad proposing to use the web to spy on and attack enemies like the United States and South Korea, according to defectors. 

North Korea began identifying promising students at an early age for special training, sending many to China’s top computer science programs. “The North’s cyberwarfare unit gained priority after the 2003 invasion of Iraq by the United States. After watching the American “shock and awe” campaign on CNN, Kim Jong-il issued a warning to his military: “If warfare was about bullets and oil until now,” he told top commanders, warfare in the 21st century is about information.” 

When Kim Jong-un succeeded his father, in 2011, he expanded the cyber mission beyond serving as just a weapon of war, focusing also on theft, harassment and political-score settling. “Cyberwarfare, along with nuclear weapons and missiles, is an ‘all-purpose sword’ that guarantees our military’s capability to strike relentlessly,” Kim Jong-un reportedly declared 

“We’re already sanctioning anything and everything we can,” said Robert P. Silvers, the former assistant secretary for cyberpolicy at the Department of Homeland Security during the Obama administration. “They’re already the most isolated nation in the world.” By 2012, government officials and private researchers say North Korea had dispersed its hacking teams abroad, relying principally on China’s internet infrastructure. This allowed the North to exploit largely nonsecure internet connections and maintain a degree of plausible deniability. 

The Organization of DPRK’s Cyber Operations 

North Korea’s cyber operations are not ad hoc, isolated incidents. They are the result of deliberate and organized efforts under the direction of preexisting organizations with established goals and missions that directly support the country’s national strategy. Knowing which North Korean organizations plan and execute cyber operations is important because North Korea does not publish its own cyber strategy or doctrine. Examining an organization’s historic goals and missions as well as analyzing their known patterns of behavior are the next best option for predicting how North Korea will operationalize cyber capabilities. A top-down perspective on North Korea’s cyber operations shows which organizations conduct cyber operations and how strongly they influence operational purposes. The Reconnaissance General Bureau and the General Staff Department of the KPA generally control most of North Korea’s known cyber capabilities. These two organizations are responsible for peacetime provocations and wartime disruptive operations, respectively. 

1. The Reconnaissance General Bureau: The RGB is the primary intelligence and clandestine operations organ known within the North Korean government and is historically associated with peacetime commando raids, infiltrations, disruptions and other clandestine operations, including the 2014 Sony Pictures Entertainment attack. The RGB controls the bulk of known DPRK cyber capabilities, mainly under Bureau 121 or its potential successor, the Cyber Warfare Guidance Bureau. There may be a recent or ongoing reorganization within the RGB that promoted Bureau 121 to a higher rank or even established it as the centralized entity for cyber operations. RGB cyber capabilities are likely to be in direct support of the RGB’s aforementioned missions. In peacetime, it is also likely to be the more important or active of the two main organizations with cyber capabilities in the DPRK. 

2. The General Staff Department (GSD): The General Staff Department of the KPA oversees military operations and units, including the DPRK’s growing conventional military cyber capabilities. It is tasked with operational planning and ensuring the readiness of the KPA should war break out on the Korean peninsula. It is not currently associated with direct cyber provocations in the same way that the RGB is, but its cyber units may be tasked with preparing disruptive attacks and cyber operations in support of conventional military operations. North Korea’s emphasis on combined arms and mixed operations suggests that cyber units will coordinate with or be incorporated as elements within larger conventional military formations. 

3. North Korea’s Technology Base: The DPRK maintains an information technology base that can serve as a general research and development foundation for computer technology and programming. The existence of a software and computer industry means the DPRK’s technical industries are not as primitive as many think. 

The Reconnaissance General Bureau (RGB), also known as “Unit 586,” was formed in 2009 after a large restructure of several state, military, and party intelligence elements. It has since emerged as not just the dominant North Korean foreign intelligence service, but also the center for clandestine operations. 

As North Korea’s lead for clandestine operations, the RGB is also likely the primary cyber operations organization as well. As described by the Center for Strategic and International Studies in 2015 report
For the RGB to be in control of cyber assets indicates that the DPRK intends to use these assets for provocative purposes. The RGB probably consists of seven bureaus; six original bureaus and a new seventh (Bureau 121) that was likely added sometime after 2013. 

RGB organizational chart, compiled with information from The Korea Herald, 38 North, and CSIS. 
Bureau 121 is probably North Korea’s primary cyber operations unit, but there are other units within the KPA and KWP that may also conduct cyber operations. 

Lazarus Group, now known to be North Korean state-sponsored actors, have been conducting operations since at least 2009, with a DDoS attack on U.S. and South Korean websites using the MYDOOM worm. Until late 2015, Lazarus Group cyber activities primarily focused on South Korean and U.S. government and financial organizations, including destructive attacks on South Korean banking and media sectors in 2013 and highly publicized attack on Sony Pictures Entertainment in 2014. 

North Korean Cyber Activities 

Sony Cyber Attack. North Korea’s most famous cyberattack came in 2014, against Sony Pictures Entertainment, in a largely successful effort to block the release of a movie that satirized Mr. Kim. In August 2014, North Korean hackers went after a British broadcaster, Channel Four, which had announced plans for a television series about a British nuclear scientist kidnapped in Pyongyang. 

First, the North Koreans protested to the British government. “A scandalous farce,” North Korea called the series. When that was ignored, British authorities found that the North had hacked into the television network’s computer system. The attack was stopped before inflicting any damage, and David Abraham, the chief executive of Channel Four, initially vowed to continue the production. 

That attack, however, was just a prelude. When Sony Pictures Entertainment released a trailer for “The Interview,” Pyongyang wrote a letter of complaint to the secretary general of the United Nations to stop the production. Then came threats to Sony. In September 2014, while still attempting to crack Channel 4, North Korean hackers buried deep into Sony’s networks, lurking patiently for the next three months, as both Sony and American intelligence completely missed their presence. On Nov. 24, the attack on Sony began: Employees arriving at work that day found their computer screens taken over by a picture of a red skeleton with a message signed “GOP,” for “Guardians of Peace.” 

“We’ve obtained all your internal data including your secrets and top secrets,” the message said. “If you don’t obey us, we’ll release data shown below to the world.” That was actually a diversion: The code destroyed 70 percent of Sony Pictures’ laptops and computers. Sony employees were reduced to communicating via pen, paper and phone. 

Sony struggled to distribute the film as theaters were intimidated. In London, outside investors in Channel Four’s North Korea project suddenly dried up, and the project effectively died. The Obama White House responded to the Sony hack with sanctions that the North barely noticed, but with no other retaliation. 

Stealing of Operational Plan of South Korea. 

North Korean hackers stole a huge trove of classified U.S. and South Korean military documents last year, including a plan to “decapitate” the leadership in Pyongyang in the event of war. North Korean hackers broke into the Defense Integrated Data Center in September last year to steal secret files, including American and South Korean “operational plans” for wartime action. The data center is the main headquarters of South Korea’s defense network. The stolen documents included OPLAN 5015, a plan drafted two years ago for dealing with full-blown war with North Korea and said to include procedures to “decapitate” the North Korean leadership. The cache also included OPLAN 3100, outlining the military response to infiltration by North Korean commandos or another local provocation, as well as a contingency plan in case of a sudden change in North Korea. Yonhap News Agency reported that the hackers took 235 gigabytes of military documents and that almost 80 percent of the stolen documents have not yet been identified. The documents also included reports on key South Korean and U.S. military personnel, the minutes of meetings about South Korean-U.S. military drills, and data on military installations and power plants in South Korea, reported the Chosun Ilbo, South Korea’s largest newspaper. In May, the Defense Ministry disclosed that the South Korean military’s intranet had been hacked by people “presumed to be North Koreans.” But the military said that only 53 gigabytes of information were stolen, and it did not reveal what was included. The previous month, reports emerged that North Korean hackers had broken into the Defense Ministry network and infected more than 3,000 computers, including the defense minister’s, with malware. At the time, South Korean newspapers, quoting unnamed government officials, reported that parts of one operational plan, OPLAN 5027, which outlines troop deployment plans and key North Korean targets, were stolen. 

Information War 

North Korea was potentially behind phony evacuation messages sent via cellphones and social media to military families and defense personnel in South Korea last month. That incident opens the possibility that last year’s breach may have led to the harvest of personal information used for the notifications. 

This is hardly the first time that Kim’s regime has been accused of cyberattacks. The country’s spy agency, the Reconnaissance General Bureau, is thought to have assembled a large cyber army, assumed to be based in China, to launch such hacks.

To be continued....

Afghan War Data, Once Public, Is Censored in U.S. Military Report

The American military command in Afghanistan has decided to keep secret key figures related to the growth and progress of local security forces, redacting the numbers at the behest of Afghan officials from the latest report by the government’s watchdog for spending. The move clouds measures of progress for the Afghan security forces, the primary benefactor of the $120 billion that the United States has spent on reconstruction since the start of the war and the linchpin of President Trump’s new strategy in Afghanistan. Backed by the American military and its NATO allies, the Afghans are responsible for turning the tide of the war against the Taliban in the coming years.

* China's Expansionist View of Geopolitics

By Zhixing Zhang

Former U.S. national security adviser Zbigniew Brzezinski managed to capture thousands of years of Chinese history in about 10 words. In his seminal work, The Grand Chessboard, Brzezinski characterized China's geopolitics through the ages as "cycles of reunifications and expansions, followed by decay and fragmentations." The assessment gets at the heart of the the country's recurring struggle to unify an insurmountably vast landmass under a centralized authority — a struggle that continues to this day. Nearly 70 years after its most recent unification, following more than two centuries of decay and five decades of fragmentation, China is now on the verge of another period of expansion. And as its influence on the global stage increases, China will have to adapt to a new view of geopolitics.

Grand Designs: Does China have a ‘Grand Strategy’?Publication

By Angela Stanzel, Nadège Rolland, Jabin Jacob, Melanie Hart 

Do China’s leaders have a strategy for the long-term direction of their country? For a while now Chinese thinkers have been discussing this very question, even speaking about the parameters of an all-encompassing “grand strategy” (大战略 da zhanlue) for China. As early as 2011, one of China’s leading thinkers, Wang Jisi, Dean of the School of International Studies at Peking University, wrote that any country’s grand strategy must, at the very least, answer what the nation’s core interests are, what external forces pose a threat, and how the leadership can safeguard its interests.Wang, however, also noted that: “Whether China has any such strategy today is open to debate” and that “(…) the Chinese government has yet to disclose any document that comprehensively expounds the country’s strategic goals and the ways to achieve them.”

Belt And Road Initiative: EU Strategic Interests In Asia

Trans-Pacific View author Mercy Kuo regularly engages subject-matter experts, policy practitioners, and strategic thinkers across the globe for their diverse insights into U.S. Asia policy. This conversation with Richard Ghiasy – researcher in the Stockholm International Peace Research Institute (SIPRI) China and Global Security Program and co-author of The Silk Road Economic Belt – Considering Security Implications and EU-China Cooperation Prospects (SIPRI 2017) – is the 113th in “The Trans-Pacific View Insight Series.”

When China Leads


For the last 40 years, China has implemented a national strategy that, despite its many twists and turns, has produced the economic and political juggernaut we see today. It would be reckless to assume, as many still do in the US, Europe, and elsewhere, that China’s transition to global preeminence will somehow simply implode, under the weight of the political and economic contradictions they believe to be inherent to the Chinese model. 

America Is Finally Punishing China over North Korea's Deadly Missile Launchers

Bill Gertz

This is the first time the US government has formally acknowledged the strategic missile transfers that were first reported by the United Nations in 2013. This October, the US government for the first time imposed economic sanctions on a Chinese company for providing vehicles for transfer North Korean road-mobile missiles. The Treasury Department’s little noticed October 13 announcement of sanctions on the Wuhan Sanjiang Import and Export Co. Ltd., focused on the company’s sale of equipment to Iran, however. It only mentions the launcher transfers in passing – a symptom of Washington’s aversion to calling out Beijing on its covert support for the regime in North Korea.

'All Terrorism is Revolutionary’


The United States has been at war against terrorist groups such as al Qaeda and ISIS for over 15 years now, with every violent attack that takes place on the streets of the West prompting fears of a renewed terrorist threat. But not all heinous acts of violence are considered terrorism. The Cipher Brief’s Levi Maxey spoke with Bruce Hoffman, a professor at Georgetown University and director at the Center for Security Studies, about how to define terrorism and what distinguishes it from other forms of political violence.

Will Congress Ever Limit the Forever-Expanding 9/11 War?

The law, commonly called the A.U.M.F., on its face provided congressional authorization to use military force only against nations, groups or individuals responsible for the attacks. But while the specific enemy lawmakers were thinking about in September 2001 was the original Al Qaeda and its Taliban host in Afghanistan, three presidents of both parties have since invoked the 9/11 war authority to justify battle against Islamist militants in many other places.

Iraqi Kurds’ Independence Dreams Dashed as President Steps Down

by Isabel Coles and Ali Nabhan

Masoud Barzani is to step down as president of Iraq’s semiautonomous Kurdish region just a month after an independence referendum reversed years of political and military gains made by the Kurds and dashed their dreams of statehood. Mr. Barzani “refused to remain” in office beyond Nov. 1, in a letter read to the Kurdish parliament on Sunday before a session to discuss how the president’s powers should be redistributed. He will continue to play a role in politics without holding any formal position, a member of parliament said, but didn’t give more details.

Islamic State Guerrilla Attacks Point To Its Future Strategy

by Angus McDowall and Tom Perry 

Syrian and Iraqi forces closing in on the last scraps of Islamic State’s caliphate straddling the remote border area between the two countries have already witnessed the jihadists’ likely response. While their comrades mounted last stands in their Syrian capital of Raqqa and the city of Hawija in Iraq, IS militants seized the Syrian town of al-Qaryatayn and launched its biggest attack for months in Ramadi late last month. That is the kind of guerrilla insurgency both countries foresee IS turning to.


By Kanga Kong

A North Korean soldier holds binoculars before the military demarcation line separating North and South Korea at the truce village of Panmunjom on Oct. 12, 2017. North Korea stole blueprints of missile-equipped ships and unspecified submarines in a heist last year of classified documents from the world’s biggest shipbuilder, Dong-A Ilbo newspaper reported, citing opposition party lawmaker Kyeong Dae-soo.

Defense Industry Moves Toward Multi-Material 3D Printing

By Vivienne Machi

As additive manufacturing technology becomes more prevalent, engineers are now working on ways to 3D print different materials together to produce cost-efficient and sustainable parts for the aerospace industry. Additive manufacturing involves the process of using modeling software and specialized equipment to build layers of material into a three-dimensional object. 

Former intelligence chief James Clapper says President Trump is dead wrong about Russian interference in America’s elections. And they’re going to get away with it again, he warns.

Susan B. Glasser

America’s former top spymaster has a few things he’d like to clear up about the Russia investigation. James Clapper, a crusty ex-cargo pilot who rose through the Air Force ranks and retired as director of national intelligence in January, only to emerge publicly as one of President Donald Trump’s foremost critics, wants you to know that no matter how much Trump rants about the “Russia hoax,” the 2016 hacking was not only real and aimed at electing Trump but constituted a major victory for a dangerous foreign adversary. “The Russians,” he said, have “succeeded beyond their wildest expectations.”uld be a good thing.”

Russia Field-Tested Hybrid Warfare in Ukraine. Why That Matters for US.

By Nolan Peterson

Since 2014 Russia has used Ukraine as a testing ground for its hybrid warfare doctrine, underscoring what some security experts say is a case study for the new kinds of security threats the U.S. and its Western allies can anticipate from Moscow. “The threats Ukraine faces are harbingers of things to come for the U.S. and its other allies,” said Junaid Islam, chief technology officer and president of Vidder, a California-based cybersecurity firm that does work in Ukraine.

The Catalan dream will not be extinguished by force

It’s remarkable what you can learn in Slovenia. At a conference on politics, security and development in Bled earlier this year, I was lucky enough to chat to the Catalan delegates, proudly representing the interests and wisdom of their ancient principality. With considerable poise and dignity, they seemed to me to be channelling Pericles on the Athenians: we do not imitate, but are a model to others.

Social Media: The Fifth Column in the Fifth Domain

The key question as representatives from Facebook, Twitter and Google testify Tuesday and Wednesday before Congress is not how Russia used social media to interfere in last year’s presidential election, but rather what role U.S. voters, the federal government and social media companies should play in building resiliency against such disinformation campaigns in the future. However, in the short-term, collaboration between the government and private industry to institute transparency of ads may minimize the impact of nefarious foreign actors.

Neuroscience—and the new weapons of the mind


The Netflix series Stranger Things, launching its second season today, centers on Eleven, a girl with psychic powers who has escaped a dark and psychologically abusive government program that seeks to harness and weaponize her powers. While Stranger Things is a work of science fiction, it is not as far removed from reality as it initially seems. The series is rooted in a decades-long (but long defunct) CIA research program called MKULTRA, which involved bizarre, top-secret research on how to deliberately produce behaviors and emotions—such as fear, anxiety, or confusion. While MKULTRA is infamous for its attempts to control the mind through hypnosis and paranormal phenomena, its researchers primarily concentrated on the use of pharmaceuticals and mind-bending drugs such as hallucinogenic mushrooms, marijuana, heroin, LSD, and truth serums to make intelligence targets more cooperative in questioning and more willing to act as agents of the United States. Ultimately, the project failed because of a lack of scientific understanding of the inner workings of the brain and how to manipulate it.

The IoT wars

Siddharth Pai
Most of us are familiar with Bluetooth headphones which we use with our cellular devices. While the communication between the Bluetooth device and the cellular device is limited to a few feet, it is the cellular device, in turn, that maintains the connection with the long-range telecommunications network.

A Maginot Line in Cyberspace: The Binding Operational Directive BOD-18-01 DMARC Mandate

by Robert Zager
On 16 October 2017 the Department of Homeland Security issued Binding Operational Directive BOD-18-01. Among the measures mandated in BOD 18-01 is a requirement that federal agencies adopt Domain-based Message Authentication, Reporting & Conformance (DMARC) to defend the federal government against phishing. The DMARC mandate has been positively received by the cyber security community.

Ransomware Attacks: An Increasingly Common Threat

Source Link

Ransomware attacks sourced to the Wanna Decryptor (a.k.a. Wannacrypt) virus have been identified in over 70 countries across Europe and Asia, as well as in the United States. Over 36,000 Wannacrypt cases have been detected worldwide. The ransomware exploits a vulnerability in Microsoft systems discovered initially by the U.S. National Security Agency, reportedly around 2013. This hacking tool was lifted in the summer of 2016 by a previously obscure group calling itself the “Shadow Brokers.”