Cybersecurity

Senate to sanction North Korea in rebuke of Obama policy

The Senate is set to sanction North Korea on Wednesday, using legislation supporters say counteracts Obama’s failure to hit back at the unpredictable regime.

The legislation comes amid a new round of belligerent behavior from Pyongyang that has returned the spotlight to the once tech-averse state. In recent weeks, the reclusive East Asian nation has fired a long-range rocket, restarted a nuclear reactor and claimed to have tested a hydrogen bomb.

{mosads}In conjunction with the contested H-bomb test, South Korean officials reported that its northern neighbor was also running a cyber campaign to plant malware on government networks.

“Months and months ago, I started to raise alarms about the forgotten maniac, Kim Jong Un, and the fact that we view their cyber capabilities as a new asymmetric threat,” bill sponsor Sen. Cory Gardner (R-Colo.) told The Hill, referencing the North Korean leader.

The Obama administration has already slapped Pyongyang with economic penalties for its surprising destructive cyberattack on Sony Pictures Entertainment. Several months later, Obama also signed an executive order giving the Treasury Department the permanent authority to crack down on individuals or entities behind hacks and digital espionage.

But those backing the so-called North Korea Sanctions and Policy Enhancement Act say the U.S. needs to turn the screws further on Pyongyang. The bill would mandate penalties on those caught aiding the country’s nefarious cyber campaigns.

“We’ve really seen nothing but executive inaction,” Gardner said, referencing the fact that the Obama administration has not yet wielded its new cyber sanctions authority. “Sure, he issued a couple executive orders, but have we actually seen anything be carried out underneath it?”

The measure would also sanction individuals involved in Pyongyang’s nuclear program or in the censorship of the regime’s well-documented human rights abuses.

“I think they are seeing weakness on behalf of the United States,” Gardner added.

North Korea burst onto the cyber scene just before Thanksgiving in 2014, when the country allegedly shut down Sony Pictures’ entire computer network and made off with troves of internal documents.

Over the course of the next few weeks, the hackers slowly leaked actors’ salary details and the emails of top Sony executives, which included a number or insulting and racially-tinged exchanges, setting off a media firestorm and straining relationships among Hollywood’s elite.

After some deliberation, the White House took the unprecedented step of blaming Pyongyang for the digital assault, which apparently was retaliation for the release of the “The Interview,” a film satirizing North Korean leader Kim Jong Un.

Obama then hit the country with economic sanctions in retaliation.

But several lawmakers worry the U.S. has become complacent in its approach to North Korea’s cyber army in the year since the headline-grabbing hack.

North Korea will only abate its cyber mission “if they know they pay a big price,” Sen. Lindsey Graham (R-S.C.) told The Hill.

Graham was a co-sponsor of a similar North Korean sanctions bill from Sen. Bob Menendez (D-N.J.) that was eventually merged with Gardner’s measure last month before the joint language passed out of the Senate Foreign Relations Committee.

“The only thing that will change their behavior is a calculation that if they go too far the regime’s at stake,” Graham said.

A recent long-term study from the Center for Strategic and International Studies (CSIS) agreed that “left unchecked,” Pyongyang will continue to integrate more advanced cyber capabilities into its military strategy.

“North Korea might be emboldened,” the report said, “and escalate the intensity of its cyber attacks.”

Experts say that although North Korea has fewer IP addresses than a city block in New York and less Internet traffic than the 3,000-person Falkland Islands, the regime has focused its limited resources on developing elite digital warriors.

The CISIS researchers explained that North Korea will increasingly tie together cyber operations with its bombastic claims, military exercises and missile tests.

The recent confluence of the disputed hydrogen bomb test and the barrage of cyberattacks on South Korea fit this pattern.

Eventually, the report concluded, North Korea’s strategy “could lead to crossing of the use of force threshold and an escalation of conflict with the United States and [South Korea].”

That’s why Congress should step in, said Menendez.

The New Jersey Democrat told The Hill the sanctions bill is “the most comprehensive response to North Korea’s violations of international will on both conventional, nuclear and cyber.”

And it can’t come soon enough, said Gardner, who chairs the Senate Foreign Relations Subcommittee on East Asia, the Pacific and International Cybersecurity.

“This is the first time we’ve ever had mandatory sanctions on cyberattacks,” he said. “It’s long overdue. This will be a model for what we do as other bad actors try to attack the United States through cyber means.”

North Korea must see that sanctions aren’t subject to the whim of the current administration, Graham said.

“Congress is a more enduring institution than a particular president,” he told The Hill. “And if we’re going be around after he leaves office, I want the North Koreans to know that enough’s enough.”

Lawmakers behind the bill don’t expect significant hurdles during Wednesday’s vote. The House’s companion legislation was approved, 418-2, last month.

On Tuesday, Senate Majority Leader Mitch McConnell (R-Ky.) took to the floor to encourage his colleagues to move on the bill.

“The regime’s most recent display of belligerent behavior only underlines that the administration’s approach has not worked,” he said. “So let’s work together to change it. Let’s vote to move American policy in a better and more successful direction.”