Published by The Lawfare Institute
in Cooperation With

According to this report from Reuters, the Unites States tried, but failed, to implant a Stuxnet-like virus within the North Korean nuclear weapons program operating system. The effort failed due, it is said, to North Korea’s extreme isolation of its communication system. What are we to make of this report (which, I hasten to add, is lightly sourced — much more lightly than, say, the original New York Times piece outing Stuxnet) assuming it is true? Some thoughts:

1) I wonder if the North Koreans knew about this effort before today? One of the singular advantages of cyber operations is that they are inherently more covert than kinetic ops. It is at least plausible that this disclosure was the first that they heard of it, which, of course raises the question of who leaked this now, and why?

2) On the other hand, cyber ops do leave traces and it is equally plausible that North Korea’s cyber defenders might have seen some unusual activity on their network that prompted investigation and they may even have made a successful effort to attribute this operation to the United States.

3) IF (and it is a big IF) that is the case, then that possibility puts the entire Sony/North Korean operation in a different perspective. What was formerly seen exclusively as a “revenge” operation for a bad movie might now have a dual character as a “message sending” operation to US cyber forces. It also may explain why it is that the US government was so certain that North Korea was behind the Sony intrusion when others outside of government were less definitive. And it may also shed light on the USG reaction of imposing additional economic controls on North Korea — in which case we are seeing an instance of the cyber escalatory ladder getting out of control.

4) As with Stuxnet itself, one has to wonder about the international law implications of the intrusion. Most observers agree that Stuxnet involved the use of force and that to justify it the United States had to assert a plausible argument for self-defense (which some thought wanting). What would be the legal justification for the intrusion into North Korea?

Lots of questions … no real answers though.

Paul Rosenzweig is the founder of Red Branch Consulting PLLC, a homeland security consulting company and a Senior Advisor to The Chertoff Group. Mr. Rosenzweig formerly served as Deputy Assistant Secretary for Policy in the Department of Homeland Security. He is a Professorial Lecturer in Law at George Washington University, a Senior Fellow in the Tech, Law & Security program at American University, and a Board Member of the Journal of National Security Law and Policy.

Subscribe to Lawfare