How summit talks may affect North Korean hacking

The international community is gearing up for the highly anticipated June 12 summit between North Korea and the United States. Despite a couple of false starts and cold feet, US President Donald Trump and North Korean leader Kim Jong-un have agreed to meet in Singapore to begin important, and unprecedented, talks on the future of the North Korean nuclear weapons program. Though immediate denuclearization after years of “maximum pressure” may not be on the agenda, the White House is eager to start a process that may ultimately result in a ramping-down of North Korea’s weapons of mass destruction (WMD) capabilities. And while there is some evidence that dismantlement has already begun, a successful summit could help to set up a managed and verified plan for ensuring that the North Koreans halt their nuclear progress.

If the Trump administration is able to successfully engage in discussions with the Kim regime on the nuclear issues, what can we expect from North Korea? Unfortunately, one possible consequence of a successful summit may be the ramping-up of North Korea’s other dangerous activities, including hacking aimed at disrupting governmental, commercial, and financial sites.

A broader summit agenda. As part of the buildup for the upcoming talks, policy makers and observers in the United States have sought to learn whether the scope of the talks could include other aspects of North Korean foreign policy—including the country’s foray into hacking. Republican Senator Cory Gardner of Colorado, for example, lobbied for a broader policy agenda for the summit, stating, “I hope it’s not just a summit to turn a blind eye to other malign activities of North Korea… I think you’ve got an opportunity to do some good things here.” Republican Senator Bob Corker of Tennessee reiterated this, saying he expects the hacking issue to be raised at the summit: “I’ve got to believe that’s going to be one of the things they talk about.”

Aside from whether this issue is actually raised at the summit (and whether it is even a good idea to do so), questions remain about how the talks will impact North Korea’s development of non-nuclear capabilities, including expanding its cyber arsenal. If the summit goes well, one possible outcome could be that North Korea steps up its development of other capabilities that could replace nuclear weapons as a credible deterrent: cyber weapons that could disrupt nuclear command and control systems, for example.

The growing cyber threat. There are three reasons why the summit might actually make the cyber threat worse. First, and most directly, despite pressure from some US policymakers, the Trump administration may choose to delink the nuclear and cyber issues. Reports from the White House (amid some initial fumbles) suggest that the Trump administration, perhaps rightly so, is going to focus its efforts on North Korea’s kinetic capabilities—especially its recent barrage of nuclear and medium- and long-range ballistic missile testing. Without linking the nuclear and cyber issues in the negotiations, there is little to give Kim Jong-un an incentive to ease up on Pyongyang’s cyber activities. The North Korean “cyber army” has been particularly active and successful in a series of digital thefts from foreign banks and extortion schemes like the “WannaCry” attack, and is unlikely to desist without coercive pressures.

Second, the lack of cross-domain coercion may extend to China as well. China remains North Korea’s primary political and economic ally in the international system. And despite being relatively sidelined in the Singapore negotiations, China is now more at ease about the longer-term stability of North Korea that could result from these talks. Chaos, conflict, or even the collapse of the Kim regime would pose a significant threat to China. But if the summit goes as planned, the Chinese may dial down their (often idiosyncratic) pressure and resume their historically friendly and financially fruitful relationship with Pyongyang. This is unlikely to yield any admonishment for North Korean cyber activities. Though the Chinese cyber activity footprint has faded a little, as a result of a 2015 agreement between Presidents Obama and Xi, Beijing is unlikely to exert its diplomatic influence to persuade North Korea to do the same. A non-nuclear North Korea engaging in aggressive hacking may be an acceptable compromise for China, given its complex relationship with its protégé.

Third, and finally, even if the summit goes well, North Korea may still want to threaten or challenge the US-led world order—and cyber weapons may be the best (and potentially only) tool available. Though the summit’s intention is to dismantle North Korea’s nuclear weapons infrastructure, it is unlikely to abate North Korea’s desire to disrupt the international system as a proud “rogue state.” Without nuclear weapons, North Korea will likely broaden its cyber toolkit and range of activities. And while the United States, China, and the international community remain focused on North Korea’s nuclear weapons program, they can expect Pyongyang to engage in more foreign-bank hacking and to develop even more sophisticated malware and ransomware. As some experts argue, negotiations with the United States are unlikely to impact North Korea’s dangerous behavior writ large.

What if the talks fail? Prospects for cyberwar look similarly dismal if the summit does not go well and Kim Jong-un rejects the proposed process for denuclearization. Not only will North Korea maintain its nuclear weapons program, but Pyongyang may also decide to continue its investments in cross-domain deterrent capabilities—including extending its cyber activity throughout the international system to reach new state and commercial targets. And with growing international clout and access, including possible meetings with Russian President Vladimir Putin and Syrian leader Bashar al-Assad, Kim Jong-un may feel emboldened to engage in even more belligerent behavior against the United States and its allies.

What happens next for North Korea’s cyber progress relies in part on how well the summit goes next week. Success with the nuclear talks may yield an evolving North Korean threat—one that the United States, and other major world powers, must work to counter more effectively. Failure in Singapore may worsen an already tense situation that may require a similarly cross-domain strategy. Regardless, managing this complex dynamic requires a thoughtful and deliberate approach that could, if successful, yield significant progress in one of the most difficult regions in the world.