We do know North Korea's national television network had threatened KBS and MBC -- the South Korean networks -- a year ago, saying that they "will come under fire in an unimaginable and unusual way." North Korea also charged last week that the United States had hacked into its networks -- a charge that could have been made to justify a "counterattack" on an ally. And the North has often used its cyber skills to spread propaganda in the South. Its agents create false identities on South Korean websites to post comments favorable to the North or critical of the South, and the North also uses social media sites and YouTube to make its case against the West (a recent video used scenes from a video game showing Wall Street in ruins).
The exchange of accusations by North and South over cyber-activities shows increased cyber-activity that could point to the North as the author of the attacks. But it is hardly a smoking gun. And compared to, say, the evidence of China's cyber-spying or Iran's attacks on banks, it is very weak.
Regardless, it is not this specific attack that should concern us -- it is the trajectory of North Korean cyber-activity that is most disturbing. The North is committed to getting cyberattack capabilities. It may already have them. The intent to attack the South by engaging in covert and disruptive action is there. If North Korea was responsible for this incident, with its plans for penetrating networks and erasing data, it may soon have the capability to launch a damaging attack whenever it decides it is in its interest to do so.
The North has committed no shortage of hostile acts, and it does not always take credit for them. It has jammed the GPS guidance systems on hundreds of commercial airliners landing in Seoul, using truck-mounted jamming devices located on the north side of the border. This was probably a test of a military capability the North would use in war -- that the test might have caused hundreds of deaths does not seem to have been a worry.
Its latest action was to issue another round of nuclear threats, this time against U.S. Pacific bases. We need to ask how the cyberattacks fit with these latest threats from the North and the increased tensions on the Korean Peninsula. They may be an inept effort to increase pressure on the South, they may be a coincidence, or they may not be from North Korea at all. The North has a goal in making nuclear threats (probably to show defiance in the face of new sanctions), but it is hard to see how disrupting ATMs and television websites would contribute to that effort.
North Korea might be attracted by the relatively low cost of cyberattacks, by the high dependency of the South on the Internet (which creates numerous targets), by the difficulty of attribution for a quick attack, and by the ability to easily use cyber to make a political point. Strong cyberattack capabilities in either the South or the United States have no deterrent effect. A country that is not shy about using force in limited ways to make a negotiating or political point will be attracted to cyberattack.
From the North's perspective, its decisions are rational, but we should not overestimate Pyongyang's ability to correctly calculate the risks of its actions. The North is clearly willing to take greater risks than most nations, from sinking a South Korean patrol vessel to firing artillery at island villages. A cyberattack may not seem that risky from Pyongyang's perspective. Whether or not North Korea was behind this latest incident, it seems unavoidable that it will develop further cyberattack capabilities and use them the way it uses covert action, limited military assault, and nuclear threats -- as tools to shape the international environment.