With a budding arsenal of cyberweapons and a growing number of digital warriors, North Korea can allegedly shutdown websites. Alter bank records thousands of miles away. Cancel the release of a Hollywood movie.
This sounds like a potent threat needing immediate attention, but lawmakers and experts warn that discussing cybersecurity during a planned June 12 summit with North Korean leader Kim Jong Un could spell doom for President Donald Trump.
“The nuclear topic is far too important on its own to bring cyber in, at this point,” said Jason Healey, a former White House official in the Bush administration and professor at Columbia University.
Recently, North Korean cyber prowess appears to have grown to new heights. In late 2017, the Trump administration blamed North Korea for the WannaCry cyberattack, which affected more than 300,000 computers in 150 countries.
On Tuesday, lawmakers and experts were skeptical of broadening the scope of the Trump-Kim talks to cybersecurity.
The United States Institute of Peace’s Joseph Yun advised prioritizing denuclearization and against attempting too much. “I really think it would be a mistake to overload the agenda,” Yun said.
In a domain where the rules of engagement are largely unwritten, creating a roadmap for cyberconflict may limit American offensive capabilities. That may be a non-starter, according to Ross Rustici, Senior Director of Intelligence Services for Cybereason, a security company based out of Massachusetts.
“The United States and the world in general is unwilling to limit their own cyber capabilities,” Rustici said, warning that discussing cyberconflict may throw a “wildcard” into already tense negotiations.
“If North Korea’s cyber program was going to be reined in, it would be through a demand to reduce operations through China. I don’t see that pressure being great enough to have that conversation.”
Capitol Hill push a nuclear focus
Asked Tuesday if North Korea’s cyber capabilities needed to be part of the denuclearization talks, Senate Armed Services Cyber Subcommittee Chairman Mike Rounds, R-SD., was blunt: “No.”
Instead, Rounds said the cyberthreat is best tackled more broadly, with a strong deterrence capability. “If you’re going to have rogue nations out there interfering with our ability to communicate and use our internet and our systems, we need to address that,” said Rounds.
But Sen. Cory Gardner, R-Colo., who chairs the Senate Subcommittee on East Asia, the Pacific, and International Cybersecurity Policy, said the June 12 summit could include a diverse set of topics even though it is headlined by discussions of conventional weapons. “Human rights should be brought up, cyber absolutely should be brought up. But the bottom line is denuclearization,” Gardner told reporters.
There are anywhere between 3,000 and 6,000 hackers working directly for the North Korean government, according to a 2015 report from the Center for Naval Analyses. North Korea’s cyberoperations are headquartered in the Reconnaissance General Bureau.
In response to questions from Fifth Domain, a spokesman for the National Security Council left open the possibility that Trump could discuss North Korean cyber prowess. “We’re not going to get ahead of the president on the agenda,” Marc Raimondi said.
In December 2017, then-White House homeland security advisor Tom Bossert wrote in a Wall Street Journal op-ed that North Korea “is increasingly using cyberattacks to fund its reckless behavior and cause disruption across the world.”
“Mr. Trump has already pulled many levers of pressure to address North Korea’s unacceptable nuclear and missile developments, and we will continue to use our maximum pressure strategy to curb Pyongyang’s ability to mount attacks, cyber or otherwise,” Bossert stated.
Justin Lynch is the Associate Editor at Fifth Domain. He has written for the New Yorker, the Associated Press, Foreign Policy, the Atlantic, and others. Follow him on Twitter @just1nlynch.
Joe Gould was the senior Pentagon reporter for Defense News, covering the intersection of national security policy, politics and the defense industry. He had previously served as Congress reporter.