Sony, North Korea, the US, and the Mistake of Hackers

Consumers were alerted to the cyber-attack on Sony evidently conducted by North Korea (NK) in return for a stoner movie called The Interview.  As it stands, the US seems to be doing little and Sony has round-filed the offending movie.  Sony executives had let their sharp tongues overrun their good judgment in emails that criticized Hollywood legends.  When hackers divulged those emails and posted copies of Sony’s unreleased movies, it set the stage for angry lawsuits and a financial nightmare for Sony.  Doubtless Sony is hiring hordes of defense attorneys.  They cannot keep Sony intact.  The lawsuit costs and plaintiff’s awards may pick clean any of Sony’s bones that the hackers left.

For pragmatic reasons, the US government may appear slow and unresponsive.  US cyber capabilities are probably far better than it’s prudent to reveal.  Indeed many industrial economies have impressive cyber-spying and cyber-attack software suites, but the value of those tools lies partly in masking their capabilities so that the target does not know what to expect or watch for.  The US government has the ability to identify the hackers and sponsors of the malware, and they have the ability to deactivate and remove the malware.

We’re good at the crime scene, but cannot prevent the crime.  The US private sector does not  have effective protection against state-sponsored grades of cyberattacks, and it is unclear what depth of protection our most important government departments have (e.g. FAA, US Treasury, Department of Energy, Federal Reserve System, and the Armed Forces).  The obvious take-home message is that we need cyber protections that work and that can be updated.  We do not have the luxury of taking years to develop perfection or to quibble about cost sharing or to decorate everything with political correctness.

Retribution in the Sony case is of secondary importance.  There is no handy target in NK that would be equivalent to Sony, and there are few digitally networked assets.  There are targets whose loss would be painful (airports, harbors, telecom systems, electric production plants, bridges, etc…), but the US probably does not want the fracas to escalate into attacks on critical infrastructure.  The heavy handed US response may come later and it will probably be unrelated to cyber assets, since NK has so few of significance.  The response may not even be identifiable as payback.

At the diplomat level, our State Department will want to respond in a sharply worded letter. That will be followed by a request that the UN mutter similar sharp words, but respectfully of course.  The UN might even consider disinviting NK from the annual Christmas Party.  Diplomacy can go no further.

NK would be wise to say little since further propaganda and bluster will motive a more vigorous response from the US.  Even NK should understand there are limits to how far they should go in protecting a fictional character in a stoner movie.

Alan Daley is a retired businessman who writes for The American Consumer Institute Center for Citizen Research