Outside the Beltway

In Responding To North Korea’s Cyber Attacks, The U.S. Has Limited Options

There's not a whole lot the United States can do to respond effectively and proportionally to North Korea's hacking attack against Sony.

Doug Mataconis · Sunday, December 21, 2014 · 7 comments

Although careful not to call it an act of war, President Obama has made clear that he does intend for their to be some sort of response by the United States to the hacking attack against Sony Pictures and the related threats of unspecified acts of terror if Sony released the move ‘The Interview,” which depicts the assassination of North Korean leader Kim Jong Un and which the F.B.I. has specifically tied to North Korea. As The Atlantic’s Adam Chandler notes, though, our options may be quite limited:

As Reuters points out, Washington may not have a lot of options. Despite decades of sanctions against the isolated communist regime, “the U.S. Treasury has so far directly sanctioned only 41 companies and entities and 22 individuals.”

Compare that to Russia or Iran, whose economies have been laid low by a strenuous sanctions regime across several industries and against countless companies and individuals. Part of it is that North Korea doesn’t have much of an economy to punish. According to CIA figures, the country ranks 198 out of 228 in gross domestic product with just 1.3 percent growth in 2012. Reuters also pointed to Pyongyang’s aversion to traditional banks, saying that the country has “become expert in hiding its often criminal money-raising activities.”

But there’s much more to it than that. Scott Snyder, a Senior Fellow for Korea Studies and Director of the Program on U.S.-Korea Policy at the Council for Foreign Relations, has his own take on l’affaire Sony.

He explained that part of why it’s difficult to sanction and further isolate North Korea is that Pyongyang “isn’t integrated with the rest of the world.” That has made the country difficult to sanction or punish in the past as well. As Snyder reminds us, this isn’t the first time we’ve had trouble with North Korea.

Historically, I think that North Korea has a record of having engaged in provocations that have international ramifications with relative impunity. So if we go back and look at the record of controversial provocations, we see the difficulty and the challenge of holding them to account. It goes back decades.

Those transgressions have included, at least recently, the holding of American hostages, the (alleged) sinking of a South Korean boat in 2010, along with thebombardment of a South Korean island. Given that the United States has now named North Korea in the Sony hacks and given what’s already happened, Snyder says we shouldn’t expect much to come of it.

“All of these are examples of cases that have resulted in behavior or responses that are pretty exceptional compared to the way that other countries have been dealt with in similar circumstances,” Snyder explains.

These factors are not unique to the fact that we are dealing with an act that has largely taken place in cyberspace, of course. Rather, they are issues that the United States and the West have had to deal with for some time now when deciding what to do about any number of the many North Korean provocations that have seem to occur every few years going back some twenty years now when the still largely reclusive regime seemingly emerged back into the headlines with news that it was seeking to develop a nuclear energy program, and later nuclear weapons and a missile system that would be capable of delivering those weapons. Because the DPRK is already so separated from the rest of the world in ways that Iran, China, and the Russia are not, or indeed even the Soviet Union and the Warsaw Pact were not during the height of the Cold War, Over the years, we have done much to cut the North Koreans off from the limited contact that they do have with the outside world when they misbehave, such as by withholding aid or attempting to cut off their access to foreign currency markets or to the foreign luxuries that Kim Jong Un, his father, his grandfather, and their cronies have long known to be fond of. However, thanks to the fact that the country has never been integrated into the wold economy to begin with, that it really doesn’t have access to the Internet, and that will continue to be able to weather whatever economic sanctions might be imposed against it as long as the regime is being propped up by China, which largely sees the DPRK as a buffer zone between itself and the prospect of a pro-U.S. regime just across the Yalu river in the event that the Pyongyang regime collapses.

As the same time, of course, military responses seem to be off the table except in the most egregious of theoretical circumstances. For one thing, the idea a limited military engagement with North Korea seems unlikely, or at least quite hard to guarantee. Yes, there have been a few occasions on which the North and South Koreans have traded artillery fire over disputed islands and such, but for the most part the West has been very restrained in using military force in these situations precisely because the North Koreans have been so unpredictable that one can never know how they will respond in such a situation. As has been noted before, while it’s fairly clear that the DPRK would lose a full-scale military engagement with the South and the United States, it would be able to inflict serious damage on the South, and most likely on parts of Japan and American military bases in the area as well, in the process. Because of that, it’s generally been the strategy of the West to tread lightly when it comes to confronting North Korea militarily. Added into this, of course, is the question of whether or not military action can be considered a proportional response to a cyber attack. As James Joyner noted this morning, a cyber attack directed against “critical infrastructure (power grids, transportation systems, and the like) or major military systems” in order to rise to the level of the type of attack that may require considering a military response. Hacking into corporate servers and revealing confidential information, even when combined with the threats related to the movie, doesn’t seem to rise to that level even if it does warrant a response of some kind. Even in those cases, though, the choice to engage in military action against the North is one that would have to be considered very carefully because of the potential consequences of such action.

The North Koreans, of course, are well aware of their relative isolation from the world and the fact that there seems to be very little that the world can do to respond when they do something irresponsible and outrageous as has occurred here. No doubt, that’s one reason they feel free to engage in such activity. Responding to those actions by, say, putting North Korea back on the list of state sponsors of terrorism, which is apparently one of the options that the United States is considering in response to the hacking attack, likely matters very little to them. As long as that happens, and until the Chinese decide they’ve had enough, controlling North Korea is going to continue to prove to be a difficult nation to control to say the least.