Lessons from the North Korean Cyber Attack

In his 2010 book Cyber War, former US counter-terrorism czar Richard Clarke described some very scary potential results from a foreign cyber attack on US infrastructure. Cyber attacks have happened both on their own (such as alleged Chinese attacks on the Pentagon) as well as to complement a larger conventional war (such as Russian cyber attacks against Georgia during the war in August, 2008).  The recent cyber attack against Sony has been likened to stifling free speech. President Obama criticized Sony’s decision to cancel the movie, stating  "We cannot have a society in which some dictator someplace can start imposing censorship in the United States."

North Korea threatened to launch attacks against the US if The Interview were released, because of the supposed dishonor to the North Korean leader it would be. As a resident of South Korea, I was of course initially slightly worried- even though I had a pretty good idea that would not happen, I’m still enough of a greenhorn in this country to at least think for a second about it. Of course, North Korea was rather upset at the release of Team America in 2004 (a movie which I found to be quite hilarious as an immature, pubescent high schooler). It seems, however, they’ve managed to do that without firing a shot or a missile.

The US Department of Defense issued a report stating that while North Korea likely had some sort of cyber warfare capabilities, the impoverished nation was unlikely to have enough capabilities for a powerful, large-scale attack. Conversely, it would stand to reason that as company like Sony would have the latest and most state-of-the-art cyber security capabilities. People’s general conception of cyber war has centered on the notion of national militaries using cyber capabilities to attack each other. Other incidents such as the Target Corporation data breach were seen more as criminal acts rather than acts of war. Newt Gingrich has been quick to assert that the US “just lost its first cyber war” in a famous tweet. I’m not sure this was “our first cyber war”, but it is a very telling incident.

I have no way of knowing if it really and truly was North Korea that carried out the attack, and not some techie sitting in a remote cabin in the mountains of Washington state (yes, I know someone like that). But I have to assume that US authorities are correct in assigning blame to North Korea. In which case, there are several valuable lessons to be learned from this whole fiasco. It’s interesting that something which was carried out by a state actor (North Korea) against a private corporation (Sony) is now being primarily handled by the US Justice Department (the FBI in particular). In fact, this type of attack in which law enforcement is the primary responder is usually a case of corporate espionage.

Thus, there are several fundamental points we can gather from this attack on Sony Pictures. The first is that we cannot afford to be complacent about the capabilities of a small, cash-strapped country to attack a much more powerful one. This is especially true because a cyber attack is a much more cost-effective solution to attacking a country than investing in conventional weapons. Also, it goes to show that in this day and age, there are no longer clear distinctions between the public and the private in national security. While much worse things could happen than the cyber attack against Sony, it’s clear that anything, and any one, can become a target, and that countries will have to be prepared to meet a variety of threats from a large number of sources to ensure their own security.