Week 8: Knowledge-based policy

This week, we have been focusing on transferring the knowledge gained throughout the class into our final deliverable – a policy paper which we hope to present to decision makers in the field of DPRK sanction enforcement.

Why a policy paper:

“The government is slow to catch up on these things”

Former Treasury Expert

While there is a lot of subject-matter knowledge available through both classified and unclassified channels, throughout our journey we have touched upon a number of areas ranging from maritime interdiction, to traffic pattern mapping to tackling cryptocurrency-based money laundering schemes. We believe that all of them contribute towards our ability to exert maximum pressure on the North Korean Regime, and thus want to convey our gathered knowledge so that policymakers have a cross-spectrum grasp of actions that can be taken in the area.

Our Focus:

“North Korea’s stockpile of cryptocurrency is worth $700 Million, analysts say.”

United Press International

According to various estimates, this figure would place DPRK stockpile of cryptocurrency at ~3% of their GDP. This is a substantial amount, especially as with the evolution of the digital finance sector it becomes easier to use those funds for obtaining resources (such as refined petroleum, electronics or luxury goods) illegally. We have reasons to suspect that cryptocurrencies are also one of their main sources of fiat (hard) currency.

Paper outline:

  • Review of Applicable Sanctions Theory
  • Summary of North Korean Sanctions Environment
  • Description of cryptocurrency’s role in that space
  • Outline of potential avenues of disruption related to North Korean Cryptocurrency use
  • Recommendations related to how decision makers should be thinking about cryptocurrency tools and where responsibility for addressing the issue should lie

Intended presentation recipients:


As we’re preparing a policy-based solution, rather than a deployable software/hardware based product, we wouldn’t be following the traditional procurement approach or securing funding for setting up a company. However, for the purpose of familiarising the policymakers with our findings, we have created a proposed timeline of events if our proposals are to be implemented.

Same diagram as above with cost flows superimposed.

Interviews this week:

This week, we have focused on getting feedback on our suggested approach. We have talked to cryptocurrency investors, cybersecurity experts and Paul Syversant, the co-creator of TOR. Overall, the ultimate goal has been to obtain validation of the main ideas within our paper and fine-tuning some of the details of our approach.

Next Steps:

  • Finalize Final Presentation of Lessons Learned
  • Complete draft white paper and circulate for feedback
    • Week 10 validation focus on improving white paper
  • Seek buy-in for wide distribution
    • Leverage networks of previous interviewees, the H4D teaching team, and the greater Stanford and Hoover community

Week 6: Choosing the major. So, what’s normal?

Key Learning Moments

  1. The process of interagency coordination is actually very well structured. An interagency task force employs a unique model to coordinate all actors’ actions: private and public, foreign and domestic, strategic and operational.
  2. Illegal activity not linked to DPRK makes it harder to detect anomalies and generates a lot of (wasteful and costly) false positives.
  3. The seemingly only area that is not mapped well enough is DPRK’s illegal extraction, laundering and spending of cryptocurrencies (mainly Bitcoin).
  4. The operators on the ground distrust the intelligence passed down to them.

Our Major

Nothing on the sea meters if China opens another pipeline.

OSD Sponsor

Problem tackled:

The DPRK, faced with increased international pressure along their physical transportation routes (maritime and land) has reverted to circumventing the sanctions by:

  • Employing state-sponsored security professionals, including the Lazarus Group, refereed to commonly as APT (Advanced Persistent Threat) 38 to extract cryptocurrency from wallets, exchanges etc.
  • Rerouting the stolen currency through a mixture of commonly used (US-Based) and more obscure (mainly East-Asian) exchanges and clearing houses and gradually converting it to hard currency (USD, EUR, CNY)
  • Spending the illegally-obtained currency on luxury items, refined petroleum, industrial machines etc.

Currently, the sanction-enforcement authorities have little tools available to tackle this stream of DRPK financing.

If you are my private think tank, I want you to figure out a way to stop NK from making money using cyber tools. I want a mechanism that rivals in the cyberspace what we can already do in the physical space.

An individual experienced with the Interagency Task Force

Researching the policy vectors that could be applied along with the ways DPRK currently performs their operations will form the bedrock of the policy recommendations we will be presenting as our deliverable.

Experiment Results

While the previous lines of inquiry were largely focused on exploring the internal process of sanctions enforcement coordination, this week we have made significant findings that led us to believe that there is more potential in actual enforcement (upper part of the graph). Namely, we are focusing on better exploring the DPRK’s illegal activities in cyberspace as well as getting to know what does normal (legal and illegal) traffic look like in the East China Sea.

Where we stood and where we stand. How we chose our major.

Throughout the past weeks we have explored several different MVP ideas. Most of them have been abandoned, before we committed to the predictive modelling approach.

  • Improved blacklists have been proven to give negative value due to inability to fine-tune the pressure after inclusion on the list.
  • Flag state approval reform was ineffective as interdictions don’t actually happen (the US ships come close and photograph suspicious assets).
  • Process Improvement turns out to be ineffective due to the presence and efficiency of the interagency task force.
  • The Internal Wiki would overlap with solutions currently in existence.
  • Improved negotiation toolkit (providing better materials to negotiators) has proven to require access to information beyond our grasp.

Next Steps

Next week we’re intending to continue working to get a better understanding of the new problem space. We will be trying to learn:

  • What the most common vectors of cryptocurrency-related crime are in general and whether there are some distinguishing features DPRK employs.
  • How do nation-states currently regulate cryptocurrency security and if there are any mechanisms in use to tackle this kind of crimes.
  • Who are the individuals responsible for enforcement on the US side (and hopefully talk to them as well)

The key action items are listed below:

The main interviewees are going to be: Stanford Faculty, private sector security professionals, and people with relevant intelligence experience.

Interviews this week

This week’s interviews have been largely divided into three categories:

  • Military personnel and analysts who would validate our predictive modelling MVP
  • Specialists in cybercrime and cryptocurrencies-based money laundering who would help us better explore this new field
  • Process coordination insiders who helped us validate hypotheses from last week.

Week 2: What fuels DPRK?

What channels does North Korea use to bypass sanctions?

No cars on North Korea’s main highway Ships coming in and out the Wonsan port

  • Ensuring that the sponsor-provided problem is a key component in the wider issue of enforcing sanctions
  • (Dis)proving our ideas as to who are the actors relevant to the problem
  • Forming a hypothesis as to what form should our solution take

This week’s goals

Overall, while in the previous week our focus was largely on who we should serve, this week we were trying to get closer to establishing what they need.

Working hypothesis:

  • Illegal maritime trade in hydrocarbons is crucial to the DPRK sanctioned weapons programme

The hypothesis has been proven

“Devoiding North Korea of illegally smuggled petroleum would metaphorically and literally deprive the DPRK war machine of fuel.”

EU Office of the High Representative for Foreign Affairs and Security

“North Korea has a $3.4 billion dollar total import economy. When we stop a $1 million dollar refined petroleum shipment, that has a major impact.”

North Korea Policy Expert

The two interviews have strongly indicated that illegal maritime imports of refined petroleum are a key part of the problem. It is furthermore the only one that would seem to be under at least partial control of US and allied assets, as opposed to DPRK’s other suspected revenue sources.

  • The key obstacle towards efficient interdictions is the diplomatic/legal procedure involved (taking upwards of a day

The hypothesis has not yet been proven despite strong indications

The interviews have provided us with a thorough overview of the marine interdiction process and the legal/diplomatic aspects behind it. In further weeks, we will try to look for possible improvements in the procedure and look for potential time gains which would allow US/allied assets to increase their interdiction efficiency.

Post-interview summary

The team has conducted 11 interviews with relevant actors and contacted another 36. The noteworthy conversations were:

  1. Allen Weiner (Professor, International law, Former State Dept Legal Office)
  2. Tess Bridgeman (Professor, Sanctions Expert, Former State Dept)
  3. Andrzej Sikorski (Current Acting Polish Ambassador to DPRK)
  4. Matthew Kaseman (OSD Korea Policy Team)
  5. Richard Nephew (Former State Dept)
  6. Cliff Johnson (Former State Dept Legal Office)
  7. Newell Highsmith (Former State Dept Legal Office)
  8. Greg Terryn (Center for Arms Control and Non-Proliferation)
  9. Jennifer Chalmers (Department of State)
  10. Matthew Kaseman (Office of the Secretary of Defense)
  11. Official (preferred not to be identified), (EU Office of the High Representative for Foreign Affairs and Security)

Key Learnings

  • Interdiction of illicit importation of refined petroleum likely has significant impact on North Korean leadership decision making.
  • Maritime interdiction often requires extensive diplomatic clearance, even when pursuant to a Chapter 7 UNSCR.

Next steps

Evaluate Refined Petroleum Maritime Interdiction Effectiveness:

  • Continue to engage experts on how sanctions are being felt within the DPRK
  • Continue to build interview chain to State Dept Negotiators/White House actors

Improving Flag State Approvals:

  • Seek out ship commanders, State Department Desk officers, Flag State Post personnel, and common Flag state diplomats/experts to better understand the clearance process
  • Identify where standing Government groups have had success in similar areas
  • Formulate potential international agreement that might eliminate need for case-by-case Flag State approvals