As tensions with North Korea escalate into a full-on cold war, a cold cyberwar is playing out in tandem: Beneath the very public nuclear standoff, both the US and North Korea have privately ramped up their digital aggression, the Kim regime's hackers rampaging through networks around the globe and the US answering with its own attacks on the systems used by those hackers.

But despite the US government's dominating powers in the digital realm, security experts and former intelligence officials believe that battlefield favors North Korea. US hackers can take bites out of the edges of North Korea's infrastructure. But getting to its core—and anywhere close to disrupting or even delaying its nuclear capabilities—will be extremely difficult, they say, if not impossible.

Last week, The Washington Post reported that US Cyber Command had hit computers used by North Korea's Reconnaissance General Bureau (or RGB) and taken them offline at least temporarily, one element in a new, no-holds-barred directive to use all available tools to curtail the rogue state's aggression. And in fact, security analysts say that what little of the Hermit Kingdom's operations do connect to the internet are likely as vulnerable to US hacking operations as those of other adversaries, if not more so.

But even that successful RGB strike appears to have been a denial of service attack—in which junk traffic overwhelms a system—rather than a penetrating breach of North Korea's computers. And the vast majority of North Korea's overall infrastructure still remains disconnected, vastly reducing any footholds for hackers—and making the prospect of compromising its locked-down and air-gapped nuclear weapons systems all the more daunting.

Limited Impact

American cyber operations against North Korea break down into two parts: Those designed to hamper North Korea's own offensive hacking and intelligence capabilities and those designed to disrupt physical infrastructure like its missile program, says Atlantic Council fellow Jason Healey. The US can manage the first type well enough, albeit with mostly limited, temporary consequences. But the latter—what Healey describes as a "left of boom" strategy—can be exceedingly tough against an adversary as disconnected as the Kim regime.

"You can imagine we want to throw off their warmaking capability, get in and mess with their rockets, 'Stuxnet' them in very specific ways," says Healey, referring to the Stuxnet malware the NSA and Israeli intelligence used to sabotage Iranian enrichment facilities in 2009. "I think it would be incredibly, incredibly difficult."

In fact, the US did attempt Stuxnet-style sabotage against North Korea in 2010, years before the Kim regime had the combined ability to create a nuclear weapon and launch it across the Pacific, according to a 2015 Reuters report. The attempt failed. America's hackers simply couldn't reach the deeply isolated core computers that controlled North Korea's nuclear weapons program.

'Most government and military networks are not directly connected to the internet and it would be quite difficult to access them.' Priscilla Moriuchi, Former NSA Analyst

Much more recently, The New York Times has reported that the US attempted supply-chain attacks that would corrupt the North Korean missile launches, perhaps by tainting software or hardware components. In recent years, those missile launches have had failure rates as high as 88 percent, perhaps a sign that those programs worked at least in part. But over the last several months, North Korea has had repeated successes in launching intercontinental ballistic missiles that could reach the United States. If supply-chain sabotage did work at some point, those tests suggest it may well have been overcome.

Cut Off

For years, US officials and analysts have warned that North Korea's anachronistic separation from the internet would be transformed into an advantage in an age of state-sponsored hacking. In his 2010 book Cyberwar, former US counterterrorism czar Richard Clarke ranked countries by their cyber-conflict preparedness. He placed North Korea first, and the US dead last, based on their diametrically opposed reliance on the internet.

Even today, the country's connections remain extremely limited. Despite its new internet connection via Russia, North Korea has only about 1,500 available IP addresses, says Priscilla Moriuchi, a researcher at security intelligence firm Recorded Future, and a former NSA analyst focused on East Asia. Of those, nearly half are used by known propaganda and informational websites, Moriuchi says.