As you were doing your holiday shopping last December 18th, the Hwasong-18 missile was soaring into the upper atmosphere. Experts suggested after analyzing the flight that the North Koreans were testing a payload capable of carrying multiple nuclear warheads. Earlier versions of the Hwasong had already been assessed to have the capability of striking any American city with a nuclear warhead launched from North Korea.
Do not be reassured that the US could shoot down the Hwasong-18; we probably could not. Do not be reassured that no one would use nuclear weapons; it takes but the word from the mercurial Kim Jong Un, who has lately been telling his forces to prepare for war.
Wait, isn’t this the same country that just a few years ago was so impoverished and famine-stricken that its people were eating roots? Yes, it is the same benighted land. So, how did they get the money to make nuclear warheads and intercontinental ballistic missiles (ICBMs)?
One answer involves cryptocurrency. Crypto-related companies, those issuing the currency, holding it, or clearing it, have been repeatedly raided by North Korean military hackers. In the last two years, these hackers have stolen almost $3 billion, with a B, from almost two dozen crypto firms. Three billion US dollars goes a long way in North Korea, and so could their missiles, carrying their homemade nuclear weapons all the way to any part of the US.
You might then ask, why do crypto companies have such poor cybersecurity? There is, however, a prior question: why are there crypto companies and cryptocurrencies in the first place? Cryptocurrencies have been widely labeled “a solution looking for a problem.” Actually, they are the problem. Not only have they funded nuclear weapons pointed at American cities and controlled by a lunatic dictator, but the process of “creating” crypto requires so much computer processing and electricity that the currency is making a measurable contribution to global climate change.
According to the Biden White House, “As of August 2022, published estimates of the total global electricity usage for crypto-assets are between 120 and 240 billion kilowatt-hours per year, a range that exceeds the total annual electricity usage of many individual countries, such as Argentina or Australia.” The White House statement went on to admit that the crypto generated in the US alone may make it impossible for the United States to meet its international obligations to reduce carbon emissions.
Advocates of crypto currency stress that it offers a way of providing some people who are denied access to traditional banks a way of transacting without involving sovereign entities. Another way of saying that is that crypto allows criminals who cannot use banks to launder money and avoid government scrutiny, which would probably land them in jail. The President could, on his own authority, declare cryptocurrency to be an “unusual and extraordinary threat… to the national security, foreign policy, or economy of the United States” and ban it under the powers invested in him by the International Economic Emergency Powers Act (IEEPA). The SEC likewise has the authority to ban it.
Yet no US Congress, no US Administration, and no independent agency has had the fortitude to take on the “tech bros” and ban this plague. Well, if we cannot ban it for now, might we not at least insist that they have enough security in place to prevent North Korea from funding its nuclear arsenal? Using IEEPA or a variety of other statutory bases, the Administration could regulate crypto to require high levels of cybersecurity to block North Korean hackers.
And if the government is too timorous to even do that, could not the insurance industry refuse to cover theft from any crypto company that lacks high levels of cybersecurity?
The best solution might be to borrow from the environmental playbook and treat crypto breaches like oil spills. Post-Exxon Valdez, every oil tanker operating in US waters must provide proof of insurance coverage for the cost of cleaning up a total loss of the oil they carry. This insurance is purchased from private markets in the form of a bond sold through Lloyd’s of London. To make sure they never have to pay out for the catastrophic costs of an oil cleanup, the insurance syndicates have developed robust certification processes for oil tanker safety.
While we care little for protecting the losses of crypto investors engaged in history’s largest Ponzi scheme by requiring crypto brokers to maintain private insurance for the total loss of their holdings, market forces will be aligned to bring cryptocurrency to a gold standard of cybersecurity. If North Koreans were raiding Fort Knox on a nightly basis to fund their nuclear ambitions, we would demand better security. We must do the same for crypto-holding companies now. Putting the onus on the industry to improve their security by aligning market forces is the most immediately available approach while we wait for government regulators and policy officials to use their existing authorities to act to protect American investors and, dare we say it, American cities in range of North Korean missiles.
Robert Knake served in the Obama White House on the National Security Council staff and in the Biden White House as Deputy National Cyber Director. Richard Clarke served in the Bush (41), Clinton, and Bush (43) White House staffs, including as National Coordinator for Security. They are the co-authors of the books Cyber War and The Fifth Domain.
