Ricochet is the best place on the internet to discuss the issues of the day, either through commenting on posts or writing your own for our active and dynamic community in a fully moderated environment. In addition, the Ricochet Audio Network offers over 50 original podcasts with new episodes released every day.
Hack Away
To the Washington Post’s report on the North Korean hack job (no, the other one), Drudge offers the following headline: “Cancellation sets worrying new precedent for cyber terror.”
Well, sure, it’s “new” in the sense that it just happened. And the attack did take a novel form, combining the data diarrhea of WikiLeaks with jihad’s pointedly obscure threats to silence opposition.
But we are already chock full of precedents, thank you. Cyber attacks from Russia and China over a course of decades have shown the world our response policy: “Pretty please?”
“Not so!” says Ellen Nakashima over at the Washington Post:
The administration has made clear for several years that it has a range of diplomatic, economic, legal and military options at its disposal in response to cyberattacks.
Oh? Do y’all remember our last action against foreign hackers? Because I sure don’t.
It is unlikely, however, that officials will announce the responses it is considering or the one it chooses. “There’s a lot of options,” the official said. “They likely won’t be discussed publicly anytime soon.”
I see. But they will be discussed eventually, right? Better yet, don’t tell me! After all, if you have to explain America’s punitive response, then it couldn’t have been very forceful. As my fiction teacher said years ago, “Show. Don’t tell.” And America’s cyber defense is nothing if not good fiction.
How many of you believe that the North Korean government will suffer any serious consequences for publishing an American company’s secrets, disrupting transactions that supported multi-million-dollar projects, and threatening the lives of American civilians across the country? How many of you believe America actually has a cyber defense policy with teeth?
The whole article by Nakashima is worth reading, by the way.
Published in General
“The suspected North Korea computer attack on Sony Pictures Entertainment is a ‘serious national security matter,’ White House press secretary Josh Earnest said Thursday, as officials said the Obama administration is preparing to announce who it believes is behind the devastating hack.
Earnest said that the White House is weighing options for a ‘proportional’ response to the attack whose ramifications President Obama is monitoring ‘very closely himself.’
Public attribution of the attack could come as early as this week, one national security official said. U.S. intelligence officials have concluded that the government of Kim Jong Un is behind the attack.”
So, they are half way to the Expression Of Grave Concern, the other half will come next week.
If Obama’s history is any clue, the “proportional” response will be a Sternly Worded Letter, which, nonetheless, will include an apology for America’s past insults towards, and lack of support for, North Korea.
Any further recalcitrance on the Norks’ part will demand calling out the Big Guns: Secretary of State John Kerry will call out North Korea for being “On The Wrong Side Of History.” Should North Korea respond by, say, taking out the American banking system, Kerry’s charges will likely be repeated by Samantha Power at the UN.
Oh, and by the way Obama’s “monitoring very closely himsellf” is having Valerie Jarrett prepare him a bullet-point presentation of every Presidential Daily Briefing re: NK, along with the talking points for Josh Earnest.
Also, this from WSJ: “The U.S. government is looking for ways to retaliate for North Korea’s apparent hacking of Sony Pictures but is struggling for an appropriate solution, according to people familiar with the discussions.”
I won’t pretend that the response is an easy choice. Tit for tat? Publish NK government secrets for all to see, WikiLeaks-style? Or should we bomb something since they dared to threaten our citizens?
If someone threatens your life in seriousness and has the power to do real harm, take him at his word and strike preemptively. It should be clear to all of our enemies around the world that they can talk tough if they want but a direct threat to Americans will result in a deadly response. Not every bluff can be accepted as such.
Aaron, that attitude is s-o-o-o 2008. We’ve joined the world community since then. Good times!…
Something isn’t right here. I can’t quite put my finger on it, but I think this whole North Korean thing is some kind of misdirection. While I am no fan of North Korea, I don’t believe that they are responsible for this cyber attack. This feels like some kind of test to judge the reaction of America. I don’t know the ultimate purpose of such a test or why Sony was chosen as a target, but it probably isn’t good.
Those two possibilities aren’t mutually exclusive. Intentionally or not, the public viewing of this disaster has definitely been a test run for other players.
Don’t be cute.
Do $120,000 worth of damage to NK leaders. Easy to find them. They have the lights on at night.
IF we bombed nations for cyber attacks, they would stop.
Who takes away what from this episode? China, for example, from whence these “NORK” hackers probably were hired? Our enemies have learned a lot — and none of it bodes well for us.
Well, there was the Stuxnet bug which took down a hefty chunk of Iran’s nuke program a couple years back and still hasn’t been officially claimed by U.S. officials, AFAIK. Further, I don’t expect that our intelligence community would ever publicize any successful cyber attacks, since a) the federal government has a huge over-classification and opacity problem, and b) whenever intelligence-gathering or covert operations stories go public the media screams and has to reach for the smelling salts. Of course I have no proof the feds are doing anything – though I find it hard to believe that a few thousand highly-trained mathematicians and computer scientists over at Fort Meade are just playing Titanfall all day – but I don’t take the absence of evidence in the public square to be evidence of total absence.
I’m sure our cyber warfare divisions do have real accomplishments under their belts. But a public attack requires a public counter-attack for the purpose of deterrence.
If we secretly strike back at North Korea, we can’t assume that Russia and the dozens of other nations that hate America (as the world’s foremost superpower during any era is hated) will learn about it and be intimidated.
Agreed that any response should be public, for the additional reason that Americans need to see someone with power taking an interest in an important problem.
But what kind of response is appropriate for this case? An American company in a non-essential industry got breached and will cost them millions or billions of dollars – that’s not a new or unique scenario. What’s the rationale for a different response now and not in previous cases?
Eh…I’m not so sure that having a deterrent be public would really be of help, especially concerning Russia or other authoritarian countries. We’re not trying to deter the “man in the street” because public opinion either doesn’t exist or is very tightly controlled in those countries. We’re trying to deter the highly-connected professional operators running those countries, who make all the real decisions anyway. Just as (I assume) our cyber-war people have world-wide contacts both professional and clandestine that keep them abreast of who’s doing what to whom, so will the ruling cliques of Russia, Iran, and China.
Make it public so that the other guy loses face. That is important to thugs
Good luck with bombing China and Russia or even North Korea for that matter. Besides…
“All warfare is based primarily on the deception of your enemy. To fight on the battlefield is the most primitive and barbaric way of achieving your goals. The highest art of war is not to fight at all, but to subvert anything of value in your enemy’s country.”
If a kid is being bullied, should he fail to make an example of his current bully on account of failing to stand up for himself in the past? If anything merits an explanation, it is his past failures and not his present defense.
True. But we’re not just facing an “Axis of Evil.” Sophisticated hacking “terrorism” does not require big national budgets or other rare resources. Though I admit that Russia and China have been our primary aggressors in this way.
In any case, Eric is correct that American citizens need to at least be assured by examples that these threats and attacks are being met with significant counteractions.
Again, what form these counteractions might take without needlessly risking lives and expending billions of dollars is a point of reasonable debate.
Ok, the “Awakened the Giant” story can work. But we’ll have to wait for another President, Obama could never pull that off!
I wish they were – the server populations drop pretty low at night, and there’s no one to play with. :(
While I would love to see a firm, punitive reaction (preferably in kind, to hint at our own cyberwar capabilities), it’s important to remember that we’re talking about a nuclear power run by a bat-guano crazy government.
(I’m referring to North Korea here. In the Age of Obama you have to be specific, I guess)
Oh that’s why I can’t be a hacker – I don’t have a balaclava!
My hacker shopping list
They’ll never catch me now!
I had to look “balaclava” up. I thought it might be a Greek donut.
Oh that’s why I can’t be a hacker – I don’t have a Greek donut!
My hacker shopping list
They’ll never catch me now! ;-)
Now I really want Greek donuts :(
Hey! A Christmas shopping list!
I am not even sure the North Korean government did this hack. and besides isn’t US cyber command supposed to protect the US government, is their mandate also foreign owned companies like Sony Entertainment?
This whole thing smells like an inside job to me. There is too much data over to many different systems to be a wired hack. Data security would go nuts if you tried to pull 100+ TB over the network. It almost has to be a premises breach of storage, maybe near line or back up systems by somebody with admin rights And the knowledge to use them. I suspect we are going to find another Snowden type person at the bottom of this.
Interesting. I can’t argue about the tech, but I asked a cyber security expert I know for his thoughts a few days ago (might not hear back from him).
If our government takes responsibility for protecting sea lanes so American companies can do business abroad, it seems comparable to protect American companies from online piracy and hacking by securing “virtual lanes”, so to speak. Even if the parent company is headquartered in Japan, Sony’s Hollywood film branch is essentially an American company and merits protection, I think.
Originally, the North Korean angle sounded like only Hollywood speculation that had become accepted as fact. But I accepted the FBI’s determination. Now, after your tech argument, I do have to wonder if this is a repeat of the Benghazi video scam.
This idea of “proportional response” has been, and will ever more be so, a recipe for disaster. At least, unless the point of determining what is proportional is used to make sure that the response is completely out of proportion. If you don’t make the offending party really, really sorry that he/she/they pulled that stunt, then they will do it again and again. Remember the memorable phrase, “If I dood it, I get a whippin’. I dood it.” (Bugs Bunny stole it from Red Skelton, BTW)? The whole concept of “proportional response” has Sun Tsu and Clausewitz spinning in their graves. “Don’t these idiots read our books?” No, no they don’t.
Couldn’t find black balaclavas in time for Christmas.