What is the Democratic People's Republic of Korea's (DPRK) policy and doctrine for cyberspace operations, and what specific cyber actions by other nation-states would cross DPRK's red lines and trigger an escalation to military force? To understand the execution of this doctrine, how does the DPRK process and develop its cyber tools, and what are the locations, numbers, and structure of its cyber organizations? Finally, do these various DPRK cyber entities coordinate operations among themselves, and do they cooperate with other foreign state cyber actors?
- Bireley Jr., Robert E, "Constant Contact: The Rationale Behind the US Shift to Persistent Engagement in the Cyber Domain,". SAASS 2024, 97 pgs.
- Bireley answers the question regarding DPRK cyber policy by noting that North Korea views cyberspace as a medium to exert influence, project power, and generate revenue while successfully avoiding escalation outside the cyber domain. While their doctrine heavily prioritizes ransomware and electronic currency theft for financial gain, Bireley highlights that their policy also encompasses retaliatory attacks to protect the regime's image. This was demonstrated in the 2014 cyber-attack against Sony Pictures Entertainment, which was uniquely spurred by a movie plot depicting the assassination of Kim Jong Un rather than traditional financial motivations.
- Davis, Maj. Donald A., "Emerging Fronts: A Systematic Approach to Identifying and Addressing Homeland Defense Vulnerabilities," AFGC thesis, 2023, 64 pgs.
- Touches on the DPRK's cyber threat but does not delve into its doctrine or red lines. The paper notes that in the event of a conflict on the Korean Peninsula, a highly likely scenario is that North Korea would execute sustained cyber-attacks against United States infrastructure to disrupt the logistics channels of military equipment and personnel. The author points out that the DPRK has already proven its willingness and capability to conduct such operations, specifically citing the 2014 cyber-attack on Sony Pictures and the 2017 WannaCry ransomware attack that affected 250,000 computer systems across 150 countries.
- Hulshizer, Lt. Col. Eric D, "Every Wallet a Target: Fusing Financial and Military Targeting in Strategy for the Decisive Decade," SAASS thesis, 2024, 115 pgs.
- This paper addresses the DPRK's cyber policy by explaining that its offensive cyber capabilities are primarily utilized as a tool for financial warfare and sanctions evasion. To ensure the Kim regime's survival, North Korea dedicates up to 20 percent of its total budget to maintain a 6,800-person cyber force whose strategic intent is to act as a financial lifeline for the state. By executing large-scale attacks on cryptocurrency exchanges and exploiting the global banking system—such as generating fraudulent SWIFT transactions—the DPRK's doctrine treats cyberspace as a vital, alternative domain to generate billions in revenue and achieve strategic results absent the use of traditional terrestrial force.
- Khasilev, Eugene, "If Drugs Meet Digits: Anticipating the Adoption of Cybercrime by Transnational Criminal Organizations," AFGC thesis, 2024, 48 pgs.
-
This paper contributes to answering the question by contrasting the DPRK's cyber doctrine with other nations, noting that the North Korean government actively cultivates, approves, and supports cybercriminals as a direct instrument of state policy. The strategic doctrine of North Korea's cyber operations is to engage in both widespread theft and extortion against private-sector entities and foreign government agencies worldwide to fund specific national objectives, most notably its ambition to become a nuclear power.
- Kim, Lt. Col. Daniel J., "Building Partner Capacity in Cyberspace to Enhance Deterrence," SAASS thesis, 2021, 68 pgs.
- Addresses DPRK cyber policy by explaining that its doctrine relies heavily on low-risk, low-cost cyber-crime to circumvent United Nations sanctions. The paper notes that North Korean cyber actors target banks (such as exploiting SWIFT banking software), cryptocurrency exchanges, and pharmaceutical companies to garner illicit funds for the regime's expensive nuclear and ballistic missile programs. Although Kim does not outline specific cyber red lines for military escalation, he highlights that North Korea focuses on this cyber-crime doctrine because outright kinetic actions risk severe international condemnation and military responses.
- McDermott, Maj. Dylan, "The Myth of Cyber Dominance," ACSC CARS, 2019, 31 pgs.
- Answers the questions regarding the DPRK's cyber policy, doctrine, and escalation triggers. McDermott explains that North Korean doctrine emphasizes denial and deception, viewing its cyber force of 3,000 to 6,000 personnel as a strategic counterbalance to international restrictions. The regime actively uses cyberspace for intelligence collection, to threaten critical infrastructure, and to coerce hostile actors. Regarding escalation, the paper notes that North Korea manifests clear policy reactions to "cyberspace intrusions, especially when they perceive its aim to alter their behavior". Because the regime fears collapse and is materially constrained, external threats or cyber actions that challenge its domestic control could cause the DPRK to "act first in a crisis" out of desperation, using asymmetric advantages in cyberspace to offset its conventional weaknesses.
- Ramtahal, LTC Eldred K., "Power Projection Platforms: Protecting Critical Infrastructure against Cyber Intrusion to Maintain America's Strategic Military Advantage," AWC SSP, 2021, 23 pgs.
- Partially answers the question by outlining the DPRK's policy and doctrine for cyberspace operations. Ramtahal notes that North Korea uses cyber operations for "cohesion, attacks against financial institutions, retaliation, and espionage". Utilizing an estimated 3,000 to 6,000 hackers in its Reconnaissance General Bureau (RGB) and military, the DPRK's doctrine employs cyber-attacks—such as the WannaCry ransomware—as an asymmetric alternative to conventional provocation. While the paper does not explicitly discuss cyber red lines or military escalation, it emphasizes that the low cost and deniability of cyber warfare embolden the regime's belligerent behavior without crossing the threshold of armed conflict.