Critical Read

Gauging North Korea's cyber operations

Photo credit: GongTo /

What: A report on North Korea's cyberspace operations from the Center for Strategic and International Studies

Why: When ranking nation-states' cyber capabilities, U.S. officials often put North Korea in the second tier with Iran, somewhere behind Russia and China. With reports this week of South Korea being on high alert for cyberattacks from the North, a new CSIS report examines what Kim Jong Un's regime is capable of in the digital realm.

The destructive cyberattack in November 2014 on Sony Pictures Entertainment, attributed by federal officals to North Korea, brought renewed attention on Pyongyang's capabilities in cyberspace. North Korea has also been blamed for March 2013 cyberattacks on South Korean banks and media organizations.

Those two offensives have shown that North Korea is "capable of conducting damaging and disruptive cyberattacks during peacetime," the CSIS report states. "North Korea seems heavily invested in growing and developing its cyber capabilities for both political and military purposes."

The report regards North Korea's pursuit of cyber capabilities as another example of the Hermit Kingdom's quest for asymmetric military advantage on the Korean peninsula. That pursuit exploits a truism of cyberspace: it can cost inordinately more to recover from an attack than it does to execute one.

In wartime, the North Korean regime would shift to targeting the command and control networks of the South Korean and American militaries, the report predicts.

"North Korean cyber doctrine, if one exists, may be premised on the idea that an extensively networked military is vulnerable to cyber capabilities," the authors write. A recognition of the U.S. military's reliance on networked communications for operations is precisely what has spurred U.S. defense officials to invest more heavily in cyber defense.  

Most of the North Korea government's cyber capabilities generally reside in two organizations, according to the report: the Reconnaissance General Bureau handles peacetime operations while the General Staff Department in the North Korean army calls the digitals shots in wartime.

RGB had a hand in the Sony Pictures hack, according to the report, while the army unit may be preparing to couple future kinetic assaults with computer attacks. Pyongyang will likely further integrate cyber units into conventional military forces, the report predicts.

Verbatim: "In response to the cyberattack against Sony [Pictures] in November 2014, policymakers did not have an established menu of proportional response options, thus hindering the ability of the United States to respond quickly and send a clear signal. Establishing a declared policy allows for more timely responses and may have deterrent effects."

Click here to read the full report. 

About the Author

Sean Lyngaas is a former FCW staff writer.


  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected