A Very Special Envoy

Why Obama should make Dennis Rodman his man in Pyongyang. Seriously.

Just back from quality time with Kim Jong Un, Dennis Rodman delivered a message: U.S. President Barack Obama should give North Korea's dictator a call. The administration has been quick to dismiss his suggestion, as has most of the press. And it certainly hasn't helped Rodman's argument that North Korea is now threatening to launch a pre-emptive nuclear strike against American targets in response to new United Nations sanctions. Still, while there is a strong element of truth to these criticisms, Rodman may be onto something here.

In the aftermath of the North's recent missile and nuclear tests, there is widespread agreement in Washington that the Obama administration's policy of strategic patience has failed. It has done nothing to stop North Korean provocations aimed at our South Korean ally or to slow down Pyongyang's growing weapons of mass destruction programs. Moreover, the cycle of action and reaction we have been caught in for the past several years (they test, we sanction), has had little effect on Pyongyang, its WMD programs, or its overall behavior despite the administration's claims to the contrary.

The latest developments in this time loop seem to have been lifted straight from the movie Groundhog Day, in which a TV weather forecaster finds himself repeating the same day over and over again. Following almost universal denunciation of the third North Korean nuclear test, the United States sought international sanctions. Speculation that China, Pyongyang's closest ally, had finally become fed up with North Korean misbehavior has proven to be untrue. After weeks of U.S.-Chinese haggling at the United Nations, sanctions now emerge that are much more limited than the United States wanted. American officials trumpet that this resolution will have an important impact on North Korea's nuclear program (just like the previous ones). Sound familiar?

One prominent Republican expert's recent observation that "strategic patience" is more like a "strategic coma" is an assessment that is shared by many Democrats as well. That consensus has manifested itself in a Senate bill passed at the end of February that calls for a comprehensive review of the administration's North Korea policy, including alternative approaches. The point is, since the current approach doesn't appear to be working, shouldn't the United States be seriously considering other ones? But the odds-on betting is that the State Department will just dust off a few well-worn talking points, meld them together, and send them to the Hill.

Which brings us back to Rodman. Granted, he doesn't know anything about North Korea except what he learned during his recent whirlwind tour of Pyongyang. But "Dennis the Menace" may have unwittingly stumbled onto an important truth about how to deal with Pyongyang. There can be a diplomatic upside to a political system based on one-person, one-family rule. North Korean leaders have a history of issuing "on-the-spot guidance" -- pronouncements that instantly set policy. So reaching out directly to Kim Jong Un might not be such a bad idea, particularly since he is still new on the job.

Historically, Jimmy Carter's meeting with Kim Il Sung during the dangerous nuclear crisis of 1994 helped steer Washington and Pyongyang back to a more peaceful trajectory. South Korean President Kim Young-sam, excited by the prospect of Seoul's first-summit ever with Kim Il Sung in summer 1994, banked on his counterpart issuing "on-the-spot guidance" that would alter history, only to have the North Korean leader die before the meeting. The ensuing summitry between Kim Jong Il and two South Korean presidents played a conspicuous role in building better relations beginning in the late 1990s. Even President Lee Myung-bak, second to none in his tough approach to the North, yearned for a summit, as does Park Geun-hye, the new South Korean leader.

Of course, no American president would just pick up the phone to call the leader of a country that had just conducted its third nuclear test in defiance of the international community. But this administration studiously avoided contact with the North Korean leadership for much of its first term, probably because of concerns about domestic political blowback. Former President Bill Clinton's visit to Pyongyang in summer 2009 to retrieve two American journalists detained by the North was a rare opportunity for a face-to-face meeting with Kim Jong Il. However, rather than allow the former president to explore solutions to the serious problems between Washington and Pyongyang, the administration tied his hands. Kurt Campbell, until recently the State Department official in charge of Asia, even recommended to the former president that he "channel his inner Dick Cheney" and "look as dour as possible whenever there were cameras around." That explains pictures of a smiling Kim with an uncharacteristically glum Clinton.

What does all this mean for U.S. policy? Rodman's trip highlighted a need, if I can use a basketball metaphor, to step up our game and adopt a "strong diplomacy, strong containment approach." An important part of such an approach would be a willingness to hold face-to-face meetings between authoritative officials from both countries. The third-ranking official in the State Department now meets regularly with Iranians in multilateral nuclear negotiations, while we talk to North Korea only through low-level diplomats at the United Nations or Foreign Ministry bureaucrats. Those meetings would clarify North Korean views, particularly on whether there is room to negotiate (we can't get that from Pyongyang's hyperbolic media) or to rebuild cooperation with a China that desperately wants to dampen tensions on the peninsula and, if possible, to reach agreements that serve U.S. interests.

To be effective, strong diplomacy must be backed by serious financial and material sanctions, military measures to bolster our defenses, others to stop Pyongyang's efforts to earn hard currency through illicit activities, and anything else we can think of to raise the costs of North Korean misbehavior. The Obama administration would argue that it is pursuing such an approach, but it's clear there is room for additional measures. That would be one objective of a policy review -- to evaluate steps already taken and to posit new ones. An added benefit is that if our diplomacy fails to stop Pyongyang, we will be in a strong position to contain the North.

Unfortunately, diplomacy has become a dirty word for a U.S. administration driven by domestic politics, not national interest. As former State Department official Vali Nasr observed this week in his revealing Foreign Policy article about his time inside the administration, "the president had a truly disturbing habit of funneling major foreign-policy decisions through a small cabal of relatively inexperienced White House advisors" whose primary concern was "how any action in Afghanistan or the Middle East would play on the nightly news or which talking point it would give the Republicans." If the Obama administration is more concerned with Republican criticism than the growing North Korean threat, maybe putting Dennis Rodman in charge of our North Korea policy is exactly what we need.


National Security

Inside the Black Box

How the NSA is helping companies fight back against Chinese hackers.

For China, U.S. government secrecy has been a boon. Cyber-warfare directed against American companies is reducing the gross domestic product by as much as $100 billion per year, according to a recent National Intelligence Estimate. Because companies are generally reluctant to admit they've been breached and because the National Security Agency, which works with these companies to assess Chinese cyber techniques, is surrounded by a cocoon of secrecy, China has been able to operate with impunity. 

That soon will change. 

In the coming weeks, the NSA, working with a Department of Homeland Security joint task force and the FBI, will release to select American telecommunication companies a wealth of information about China's cyber-espionage program, according to a U.S. intelligence official and two government consultants who work on cyber projects. Included: sophisticated tools that China uses, countermeasures developed by the NSA, and unique signature-detection software that previously had been used only to protect government networks. 

Press reports have indicated that the Obama administration plans to give certain companies a list of domain names China is known to use for network exploitation. But the coming effort is of an entirely different scope. These are American state secrets.

Very little that China does escapes the notice of the NSA, and virtually every technique it uses has been tracked and reverse-engineered. For years, and in secret, the NSA has also used the cover of some American companies -- with their permission -- to poke and prod at the hackers, leading them to respond in ways that reveal patterns and allow the United States to figure out, or "attribute," the precise origin of attacks. The NSA has even designed creative ways to allow subsequent attacks but prevent them from doing any damage. Watching these provoked exploits in real time lets the agency learn how China works.

Now, though, the cumulative effect of Chinese economic warfare -- American companies' proprietary secrets are essentially an open book to them -- has changed the secrecy calculus. An American official who has been read into the classified program -- conducted by cyber-warfare technicians from the Air Force's 315th Network Warfare Squadron and the CIA's secret Technology Management Office -- said that China has become the "Curtis LeMay" of the post-Cold War era: "It is not abiding by the rules of statecraft anymore, and that must change." 

"The Cold War enforced norms, and the Soviets and the U.S. didn't go outside a set of boundaries. But China is going outside those boundaries now. Homeostasis is being upset," the official said.

In essence, the NSA will give American companies the ability to fight back. The idea is two-fold. One: Behavior modification by exposing Chinese tactics, which, in theory, would embarrass the Chinese. Two: This will force China will develop new hacking avenues, but this will take time, giving U.S. companies the chance to catch up.

The NSA could do even more than this. It has some pretty nifty tools to use in terms of protecting cyberspace. In theory, it could probe devices at critical Internet hubs and inspect the patterns of data packets coming into the United States for signs of coordinated attacks. The recently declassified Comprehensive National Cyberspace Initiative describes the government's plan, informally known as Einstein 3, to address the threats to government data that run through private computer networks -- an admission that the NSA will have to perform deep packet inspection on private networks at some point. But, currently, the NSA only does this for a select group of companies that work with the Department of Defense. It is legally prohibited from setting up filters around all of the traffic entry points. 

Government agencies, however, are a different matter. To protect the feds, the NSA provides the Department of Homeland Security with the equipment and personnel to do to the packet inspection. DHS (using NSA personnel) analyzes the patterns, sanitizes the data, and sends the information back to Fort Meade, where the NSA can figure out how to respond to threats discovered. DHS's jurisdiction does not include the military and U.S. intelligence agencies. That's the NSA's province.

The agency has gathered a significant amount of intelligence on the ways sophisticated cyber-actors -- usually nation-states and, more often than not, China -- have written their code. Sometimes the NSA is able, through its collection of signals intelligence, to get advance notice of a major attack on a major company. It has very recently begun sharing this information with the FBI, which in turn shares it (or a sanitized form of it) with the companies that might be affected.

But it has been NSA policy to keep its information private. They're an intelligence agency, after all. They gather information in secret and use it to outfox the enemy. If the NSA were to share with the public what it knows about China's cyber capabilities, for example, then China would know what the NSA knows and would adjust its tactics accordingly, thus potentially rendering the Defense Department's Internet space more vulnerable. But the penetrations have become so frequent and so potentially economically devastating that the government has decided to take that risk.

The next step may be letting the NSA conduct deep-packet monitoring of private networks. It's undeniable that Congress and the public probably wouldn't be comfortable knowing that the NSA has its hardware at the gateways to the Internet. And yet there may be no other workable way to detect and defeat major attacks. Thanks to powerful technology lobbies, Congress is debating a bill that would give the private sector the tools to defend itself, and it has been slowly peeling back the degree of necessary government intervention. As it stands, DHS lacks the resources to secure the dot-com top-level domain even if it wanted to. It competes for engineering minds with the NSA and with private industry; the former has more cachet and the latter has better pay.

Some private-sector companies are good corporate citizens and spend money and time to secure their networks. But many don't. It's costly, both in terms of buying the protection systems necessary to make sure critical systems don't fail and also in terms of the interaction between the average employee and the software. Security and efficiency diverge, at least in the short run.

If the NSA were simply to share with the private sector en masse the signatures its intelligence collection obtains about potential cyber-attacks, cybersecurity could measurably improve in the near term. But outside the companies who regularly do business with the intelligence community and the military, few firms have people with the clearances required by the NSA to distribute threat information. (Under the new initiative, the NSA's intelligence will be filtered through the FBI and DHS.)

Also, because the NSA's reputation has been tarnished by its participation in warrantless surveillance, and because telecoms are wary of cooperating with the NSA beyond the scope of the law, companies are afraid to even admit that they've asked the agency for technical advice. As a senior executive at Google -- which asked the NSA to help contain an outbreak of Chinese network exploitation in 2008 -- admitted to me, "People don't really trust the NSA, and it will raise suspicions that we're letting them look at their search data, and other things. It's not in our interest."

But it was in their interest to work with the agency -- and in the months ahead the NSA is betting that will be true of many others.

Chung Sung-Jun/Getty Images