An Assessment of North Korean Threats and Vulnerabilities in Cyberspace
Total Page:16
File Type:pdf, Size:1020Kb
BearWorks MSU Graduate Theses Fall 2017 An Assessment of North Korean Threats and Vulnerabilities in Cyberspace Jeremiah van Rossum Missouri State University, [email protected] As with any intellectual project, the content and views expressed in this thesis may be considered objectionable by some readers. However, this student-scholar’s work has been judged to have academic value by the student’s thesis committee members trained in the discipline. The content and views expressed in this thesis are those of the student-scholar and are not endorsed by Missouri State University, its Graduate College, or its employees. Follow this and additional works at: https://bearworks.missouristate.edu/theses Part of the Defense and Security Studies Commons Recommended Citation van Rossum, Jeremiah, "An Assessment of North Korean Threats and Vulnerabilities in Cyberspace" (2017). MSU Graduate Theses. 3212. https://bearworks.missouristate.edu/theses/3212 This article or document was made available through BearWorks, the institutional repository of Missouri State University. The work contained in it may be protected by copyright and require permission of the copyright holder for reuse or redistribution. For more information, please contact [email protected]. AN ASSESSMENT OF NORTH KOREAN THREATS AND VULNERABILITIES IN CYBERSPACE A Master’s Thesis Presented to The Graduate College of Missouri State University In Partial Fulfillment Of the Requirements for the Degree Master of Science, Defense and Strategic Studies By Jeremiah Adam van Rossum December 2017 Copyright 2017 by Jeremiah Adam van Rossum ii AN ASSESSMENT OF NORTH KOREAN THREATS AND VULNERABILITIES IN CYBERSPACE Defense and Strategic Studies Missouri State University, December 2017 Master of Science Jeremiah Adam van Rossum ABSTRACT This thesis answers the fundamental questions of what North Korean capabilities and intent in cyberspace are and what North Korean threats and vulnerabilities are associated with these. It argues that although North Korea’s cyberspace resources and capabilities have increased and reached a level that represents an advanced persistent threat, its cyberspace operations have remained restrained and regional. It also argues that North Korea’s valuable assets include its ability to control cyberspace within North Korea and its ability to engage in cyberspace activities and operations from abroad. The thesis recommends that the United States government exploit these assets by denying and disrupting the use of cyberspace by covert cyber units outside of North Korea, as well as by enabling and ensuring the less monitored and less controlled use of cyberspace by civilians inside of North Korea. KEYWORDS: North Korea, South Korea, cyberspace, cyber conflict, offensive cyberspace operation, cyberattack, cyber espionage, DarkSeoul Gang, Lazarus Group, advanced persistent threat This abstract is approved as to form and content _______________________________________ Brian Mazanec, PhD Chairperson, Advisory Committee Missouri State University iii AN ASSESSMENT OF NORTH KOREAN THREATS AND VULNERABILITIES IN CYBERSPACE By Jeremiah Adam van Rossum A Master’s Thesis Submitted to the Graduate College Of Missouri State University In Partial Fulfillment of the Requirements For the Degree of Master of Science, Defense and Strategic Studies December 2017 Approved: _______________________________________ Brian Mazanec, PhD: Professor, Department of Defense and Strategic Studies _______________________________________ David Peck, MA: Professor, Department of Defense and Strategic Studies _______________________________________ Andrei Shoumikhin, PhD: Professor, Department of Defense and Strategic Studies _______________________________________ Julie Masterson, PhD: Dean, Graduate College In the interest of academic freedom and the principle of free speech, approval of this thesis indicates the format is acceptable and meets the academic criteria for the discipline as determined by the faculty that constitute the thesis committee. The content and views expressed in this thesis are those of the student- scholar and are not endorsed by Missouri State University, its Graduate College, or its employees. iv ACKNOWLEDGEMENTS I would like to thank the faculty and staff in the Department of Defense and Strategic Studies for their immense support during my graduate studies. Although difficult at times, I have gained much through this program, academically, professionally, and personally. In particular, I would also like to thank my first reader, Dr. Brian Mazanec, as well as my second and third readers, Prof. David Peck and Dr. Andrei Shoumikhin, for their guidance and feedback. I dedicate this thesis to my niece, Lily Poole. v TABLE OF CONTENTS Chapter I: Introduction ........................................................................................................ 1 Arguments ............................................................................................................... 2 Research Approaches and Challenges .................................................................... 3 Significance............................................................................................................. 4 Chapter II: Background....................................................................................................... 6 Conflict in Cyberspace ............................................................................................ 6 North Korean National Security Environment ..................................................... 10 North Korean Conventional Capabilities and Strategy ......................................... 12 Chapter III: Frameworks and Methodologies ................................................................... 15 Conceptualizing Risk ............................................................................................ 15 Defining Cyberspace and Cyberspace Operations ................................................ 17 Characterizing the Cyber Threat ........................................................................... 22 Analyzing the Target............................................................................................. 28 Chapter IV: Analysis of Cyber Power .............................................................................. 29 Civilian Cyber Resources and Activities .............................................................. 30 Military Cyber Resources and Operations ............................................................ 36 Cyber Strategy ...................................................................................................... 40 Assessment of Cyberpower................................................................................... 42 Chapter V: Analysis of Cyberspace Capabilities and Intent ............................................. 46 Cyberspace Operations by North Korea ............................................................... 48 Cyberspace Operations against North Korea ........................................................ 66 Assessment of Cyberspace Capabilities................................................................ 70 Chapter VI: Conclusion .................................................................................................... 74 Results ................................................................................................................... 74 Counterarguments ................................................................................................. 81 Chapter VII: Discussion .................................................................................................... 83 National Security Implications ............................................................................. 83 Policy Recommendations...................................................................................... 86 Directions for Future Research ............................................................................. 90 Works Cited ...................................................................................................................... 92 vi LIST OF TABLES Table 1. Operational Threat Assessment Generic Threat Matrix. .................................... 23 Table 2. Valeriano and Maness Methods of Cyberspace Operations. .............................. 27 Table 3. Cyberpower and Ranking According to Clark. .................................................. 43 Table 4. Cyberpower and Ranking According to Valeriano and Maness. ........................ 43 Table 5. Cyberpower and Ranking According to Australian Strategic Policy Institute. .. 44 Table 6. Assessment of Cyberspace Operations by North Korea. .................................... 65 Table 7. Valeriano and Maness Assessment of Cyberspace Operations by North Korea. 66 Table 8. Assessment of Cyberspace Operations against North Korea.............................. 70 Table 9. North Korean Threat Profile as of April 2011 .................................................... 71 Table 10. North Korean Threat Profile as of May 2017 ................................................... 72 vii LIST OF FIGURES Figure 1. Department of Homeland Security Elements of Risk. ...................................... 16 Figure 2. Factors and Types for Dyadic Cyber Incident and Dispute Dataset. ................ 25 Figure 3. Cyber Units under the Reconnaissance General Bureau. .................................. 38 Figure 4. Cyber Units under the General