After the U.S. officially blamed North Korea last week for the cyberattack on Sony Pictures, Pyongyang’s cybercapabilities and growing threats from them came into the spotlight.

The communist state has nearly doubled the number of its cyberwarfare operatives to around 5,900 over the last two years, military authorities in the South estimate, as Pyongyang seeks to strengthen its asymmetric military capabilities.

Through a series of educational facilities based in the North and abroad, Pyongyang has nurtured what it calls cyberwarriors. The North is known to have started cyberwarfare education and training from the mid-1980s. 

With its debilitated economy, the North has sought the most cost-effective ways to handle its more affluent, better-equipped adversaries: South Korea and the U.S. For the North, building cyberskills is one of the most inexpensive ways to counter its security challenges.

The increasing cyberthreats from the unpredictable regime have been shared by the South, the U.S. and other countries as malicious cyberincursions could seriously impact people’s lives by paralyzing financial, traffic, aviation and power supply centers, broadcasting networks, communications channels and state governance apparatus.

Pyongyang has proved its will and capability to mount such cyberattacks against the South in recent years, exploiting the easy accessibility and anonymity of the transnational cyber domain, and the difficulty of singling out a culprit for cybercrimes.

In recent years, the North launched a series of cyberattacks on South Korean banks and websites of major South Korean businesses and government agencies including Cheong Wa Dae and the Defense Ministry.

The North has always denied responsibility, calling Seoul’s argument a complete “fabrication.” For the attack on Sony Pictures, the North also denied its culpability, proposing a joint investigation into the incident.

The North’s cyberwarfare organs belong to the General Staff of the North Korean People’s Army and the General Bureau of Reconnaissance, its premier military intelligence and propaganda agency. The two entities operate under the country’s powerful National Defense Commission.

Among the organs under the GBR is Unit 121, which is tasked with penetrating enemy computer networks to secure confidential documents or spread viruses.

Also under the GBR are Offices Nos. 91 and 3132, in charge of hacking missions and electronic psychological warfare, respectively. Lab 110 of the GBR is tasked with launching cyberattacks on the enemy’s military or other strategic installations.

According to defectors and reports, the North selects cybersavvy students from across the country at an early age, and sends them to Geumseong Middle School in Pyongyang to give them intensive cybersecurity training.

They are then sent to Kim Il-sung Military University, Command Automation University, Kim Chaek University of Technology or Moranbong University for further education. Upon graduation, they become elite cyberwarfare officers.

To counter the North’s cyberthreats, Seoul established the Cyberwarfare Command, headed by a one-star general, in 2010. In corps and higher-level units of each armed service, it runs the Computer Emergency Response Team to handle any cyberintrusions.

By Song Sang-ho (sshluck@heraldcorp.com)