Enable breadcrumbs token at /includes/pageheader.html.twig

Red Teaming in Korean Cyberspace

Truly effective efforts must incorporate a broad range of potential scenarios.

A conflict erupting on the Korean Peninsula could lead to any of a number of developments and outcomes, and its effects—including cyber operations—might not be limited to the Koreas and the U.N. forces involved there. By modeling a hypothetical conflict with North Korea, planners can examine different scenarios and validate assumptions to imagine a potential cyber situation on the peninsula that could have far-reaching implications that otherwise could go unrecognized.

It is no short list of cyberthreats emanating from the Asia-Pacific region, led by a busy China increasingly active in the cyber domain and North Korea following closely behind. Percolating tension on the Korean Peninsula makes it a most unpredictable area, punctuated by diplomatic and military antagonism between the two rival nations divided at about the 38th parallel and their respective allies.

The status quo creeps toward a brewing crisis. Is another war on the horizon?

For decades, experts have held strong to the supposition that China would intervene and side with North Korea in a Pacific-region military conflict. Red teaming dares to imagine a different outcome.

Given the large—and swelling—cyberthreat incubating in the Asia-Pacific region, red teaming helps military planners develop crisis-action responses and organize, train and equip forces for an uncertain future. Politicians and military planners have sets of assumptions and lists of scenarios for what the future could hold on the peninsula. Considering the area’s volatility, policy makers and planners generally use two predicted scenarios to describe a potential future for North Korea. Constructing multiple scenarios requires considering the widest range of possible outcomes—meaning planners should brainstorm all potential events to look for commonalities and expose schemes that rely upon faulty or incomplete logic. The ideas form a basis of whether to engage in war—and how best to fight and win one.

As North Korea advances its nuclear and missile programs, planners brainstorm countermeasures to conventional warfare. Yet cyberwarfare is just as probable, and politicians as well as military planners are embedded deeply in the process of drafting assumptions as to what the future might hold for the peninsula.

Many scholars and researchers believe either North Korea will invade South Korea at some future point, leading to all-out war that North Korea inevitably loses, or the North will implode under domestic and international pressures. More specifically, today’s status quo will not hold in the end. Each scenario likely has some number of assumptions concerning cyberwarfare originating from the North, either as a prelude to armed conflict or as a part of it. And leaders would be remiss to exclude a likely variable in the volatile situation: China.

The computer security firm Mandiant linked a long-standing cyber campaign against the United States and others to a specific Chinese military unit that generally targets intellectual property and likely exfiltrated hundreds of terabytes of information from numerous victims. “From our observations, it is one of the most prolific cyber espionage groups in terms of the sheer quantity of information stolen,” reads a portion of the firm’s 2013 report “APT1: Exposing One of China’s Cyber Espionage Units.”

Similarly, North Korea is quite engaged in nefarious cyberspace activity, and the dictatorship is a prime suspect behind years of cyber attacks against its neighbor to the south. Recently, South Korean officials stated that the 2013 attacks against South Korean banks, media outlets, telecommunications companies and government institutions caused an estimated $750 million in damages and lost revenue. With the cyber domain interconnected to the other warfighting domains as well as cyberwarfare’s low barriers to entry and the difficulty in identifying origins of attacks, cyberwarfare provides an asymmetric advantage that adversaries will continue to seek and use against one another.

The red team approach challenges an organization to improve effectiveness by looking for solutions from an adversary’s perspective and relying on techniques that avoid groupthink, foster cultural empathy and strengthen critical thinking throughout the planning process. Using scenario development, red team planners can shed light on previously discounted or omitted information and likely situations that could have far-reaching effects on original plans or estimations. Scenarios are powerful and thought-provoking tools, even if not an exact science, writes Robert M. Clark in Intelligence Analysis: A Target-Centric Approach. They can help define the unknown future and assist planners with preparing for uncertainty by reducing risk and surprise, states Clark, a former Air Force electronics warfare and intelligence officer. He also worked as a CIA analyst and served with the Office of the Director of National Intelligence, helping to develop the Intelligence Community Officer course.

Often, future behavior has a foundation in past behavior. Planners could review the past, when Chinese “volunteers” intervened on North Korea’s behalf during the Korean War, in an attempt to develop a scenario about how or why China might intercede in a new conflict. Given China’s more assertive behavior in the Pacific theater, China very well might have a vested strategic interest in North Korea today to maintain the status quo, and China certainly will be very interested during any crisis and post-conflict.

Stated scenarios concerning China’s participation in a new Korean conflict do not exist in unclassified U.S. military documents. Still, considering recent open-source reports of Chinese cyber activity and published Chinese cyberwarfare doctrine, underestimating Chinese cyber capabilities and intent would be a mistake for U.S. military planners and political decision makers. Not wanting to overtly provoke the United States to maintain the Korean Peninsula status quo, China could interfere either via a kinetic war or North Korean regime collapse.

If a Korean war scenario were to occur where China launches cyber operations, the United States could be prepared somewhat in terms of force posture, technology and doctrine if planners and analysts take the time to develop plausible scenarios based on the assumption of Chinese involvement. Recognizing that there might be a gap in planning assumptions vis-à-vis Chinese cyber actions, policy makers and military planners can call attention to risk.

If planners and analysts were to assume that China would not meddle, they would be wrong. Starting with an assumption that China could become involved—to include a cyber intervention—is a first step in looking at the problem differently. From there, planners and policy makers can test assumptions so the likelihood of each one faces scrutiny. Simply put, assuming Chinese cyber intervention is plausible, how does that shape each scenario?

U.S. government documents describe multiple techniques to dissect key assumptions. When information is unknown or uncertain, assumptions serve as surrogates for facts to allow planning to continue. Planners can solve the wrong problem or develop a suboptimal solution if they rely on untested or incorrect assumptions. Testing and validating assumptions through analytic rigor and multivariate scenario development can open the aperture for planning staffs to consider alternate futures.

If Chinese cyber intervention is a leading driver of the forecasted future, planners should ask several questions: Is North Korea mounting cyber attacks independently? Are cyber attacks being orchestrated from China? What would Chinese cyber operations look like, and who or what would be the target? Can the United States and South Korea mitigate North Korean or Chinese cyber attacks? Does the United States require additional capabilities to defend its networks? And if China perpetrated a cyber attack, is there a line China would need to cross before the United States responded militarily?

These are some questions that planners, analysts and even policy makers might ask when examining an assumption. More questions exist that planners could and should ask, and that is the point. Asking questions and determining answers provides a solid framework for strategic decision making.

The U.S. Army’s University of Foreign Military and Cultural Studies advocates using key assumption checks to assess the validity of an argument, expose faulty premises, explore main points that frame a situation and provide space for critical thinking.

In the Korean conflict scenario, identifying that China came to North Korea’s aid—coupled with the fact that China remains North Korea’s last friend—establishes the possibility of future Chinese intervention on the Korean Peninsula. Even if policy makers and military planners assume that China would not assist North Korea militarily, they can assume that past Chinese intervention might foreshadow future Chinese involvement to North Korea’s benefit.

After recognizing previous conditions, planners begin the task of validating new assumptions and challenging old assumptions as they start to weave possible story lines. It certainly is possible that China could remain neutral. If this were the case, analysts would need to revisit their assumptions, as both theories of neutrality and interference cannot be true.

Assumptions and scenarios concerning the Asia-Pacific region must be internally consistent; bridge past and present events with a view toward the future; be simple and plausible; illuminate events that have occurred but are not fully developed; and provide indicators and warnings that a particular scenario is developing or occurring. Red teaming can evaluate policy formulation and decisions, determine force allocation, define required capabilities, question and develop planning assumptions and identify additional concepts required.