January 12, 2015 | Commentary on National Security and Defense, Cyber Security, North Korea

On North Korea, a one-shot's not enough

The media is under assault in the United States and abroad. The terrorist attacks in France are more shocking, but the cyberwar on Sony is more dangerous: none of us are isolated from the Internet. The Obama administration's response to the Sony hack pointed in the right direction, but it wasn't enough.

One of the problems with cyber-attacks is that it's hard to know who's coming after you. Invading electrons carry no flags. Skeptics still question whether North Korea was behind the attack on Sony.

But Pyongyang has strong cyber-attack capabilities and a history of threatening violent responses to "insults" to their leaders. And the FBI certainly isn't going to release all of its classified evidence.

True, it's not like companies haven't been hacked before. From Target to Apple, the cyber-victims are legion. And it's not as if other nations aren't going after our defense firms every day.

But the Sony hack was new: a deliberate effort to squelch free speech with extortion and the threat of mass violence. To its credit, the administration did respond, as part of President Barack Obama's promise of a "proportional response," by imposing sanctions on 10 regime officials and three organizations.

There's less to that than meets the eye, however. The three organizations already were under U.S. sanctions, and the officials work either in North Korea or countries like Russia and Syria, which are not going to help us out. The real U.S. response may have come a few days later, when North Korea's Internet went dark. If that wasn't a "proportional response," I don't know what is.

Yet if the North Korean outage was our doing, it was neither wise nor sufficient. Yes, they deserved it. But that kind of retaliation means we had a back door into North Korea's systems.

Unfortunately, the operative word is "had." The North Koreans are smart. They will figure out how they were hacked, and close the door. We've given up an advantage we could have used in a crisis -- say, before a North Korean missile launch -- for the sake of a one-shot retaliation.

And we probably won't be allowed to use this approach anywhere else. There's no objection to attacking the North Korean Internet, because only the regime has access to it. But in most countries, flipping the switch would shut down hospitals and power stations. Administration lawyers would surely complain.

But we can, and should, do more than killing North Korea's net. Kurt Campbell, the Obama official formerly responsible for East Asia, admits: "I thought North Korea was the most sanctioned country in the world, but I was wrong. Myanmar is sanctioned about 10 times [more than] North Korea."

As Bruce Klingner, my colleague at The Heritage Foundation, notes, we have nearly three times as many Zimbabwean entities on the U.S. sanctions list as we do North Korean ones.

North Korea is a state sponsor of terrorism: We should designate them accordingly. Obama officials have stated on the record that North Korea counterfeits U.S. currency: We have never made a formal charge.

Washington has sanctioned the presidents of Zimbabwe and Congo for human rights violations but taken no action against North Korea, in spite of a UN. Commission of Inquiry credibly accusing Pyongyang of crimes against humanity.

The point isn't to be tough for the sake of being tough. It's to impose pain on the regime so it will change its behavior and negotiate in good faith. In the mid-2000s, when the United States briefly cracked down on North Korean money-laundering, a North Korean negotiator admitted that the United States had "finally found a way to hurt us."

If we don't get back to hurting them, they'll keep on hurting us.

 - Ted R. Bromund is a senior research fellow in The Heritage Foundation's Thatcher Center for Freedom.

About the Author

Theodore R. Bromund, Ph.D. Senior Research Fellow in Anglo-American Relations
The Margaret Thatcher Center for Freedom

Originally appeared in Long Island Newsday