In a world of instability, one reassuringly constant rule is that countries have tended to behave in cyber space much as they do in the real world. That Russia should try to undermine confidence in western democracy by its online disinformation campaign in the US and Europe, or extend its siege of Ukraine by attacking domestic power supplies and industrial control systems with cyber weapons, is entirely predictable. So too is Iran’s behaviour in destroying Saudi Aramco’s computers or attacking US banks.
The crucial difference about such activity is that, in a highly networked world, “collateral damage” is far more difficult to estimate than for conventional or nuclear weapons. This year we have experienced worldwide impact from attacks with unintended consequences. In disrupting Ukrainian networks in June, Russian state actors probably did not set out to cripple major companies like Maersk, or Reckitt Benckiser, or FedEx. But while the attackers may not care much, Russia does at least have a stake in the international financial system. North Korea does not.
Pyongyang’s use of cyber demonstrates the rationality of the regime. It invested many years ago in developing the necessary elite maths and computer science skills at school age; it saw that much of the activity could be run from outside the country, using the openness of the internet, the grey world of cyber crime and its flow of skills and tools. As with its nuclear weapons and missile programme, North Korea has had help. We have to assume that extensive military co-operation with Tehran includes cyber, a key capability of the Iranian Revolutionary Guard Corps.