- The Review
- The Forum
- Special Issues
- About Us
A screenshot from the initial cyberattack against Sony. Source: techblogcorner.com
By Jason Rivera
All views and concepts expressed in this article originate solely with the author and do not represent the official positions or opinions of the US Army National Guard, or the US Department of Defense.
On November 24, 2014, Sony Pictures first received indication that their networks were hacked when a picture of skeletal fingers appeared on the screens of employee computers accompanied by the message stating, “This is just the beginning”. This was followed by a threat to release “top secrets” and sensitive internal data if the film The Interview was released. The Interview is a fictional comedy film directed by Seth Rogan about a couple of journalists who have been instructed by US government officials to assassinate North Korean leader, Kim Jung-un, after landing an interview with him. Over the following weeks, scores of sensitive Sony intellectual property and personal data were released to include four Sony films (most notably, The Interview), personal information about Sony employees, and private emails between top Sony executives. Initially, a hacker group known as the “Guardians of Peace” claimed responsibility for the Sony breach and stated that the breach was in response to Sony’s decision to release The Interview in theaters.
The fact that Sony pictures was breached and the fact that a hacker group sympathetic to North Korea’s political regime is, relative to the history of other cyberattacks against US equities, irrelevant. What is relevant, however, are two revelations that recently surfaced:
At face value, this may not shock a lot of people. It has long been suspected that foreign actors have been targeting US government and economic interests through cyberspace. Some historical cyberattacks and/or cyber breaches by foreign actors include Chinese exfiltration of US intellectual property, Iranian hacking attempts against US military and government officials, and links to Russian hackers in light of the Target and Home Depot breaches. The recently revealed North Korean breach, however, crosses a cyberspace threshold that no other nation has crossed before:
By invoking the memory of 9/11 and by issuing direct threats stating that moviegoers would suffer a “bitter fate”, North Korea has not only conducted a devastating cyberattack, but has combined that attack with the threat of terrorism.
This event represents an important decision point for the United States government. Never before has a cyberattack been successfully combined with the threat of terrorism. Moreover, never before has a cyberattack against the United States critically affected the commercial sector’s decision to exercise its right to free speech as the attack against Sony has. This cyberattack represents the beginning of what could be a slippery slope and, if the United States does not respond, it may be followed by similar tactics used by state and non-state actors throughout the globe. If the United States wishes to prevent what could be a catastrophic cascade of cyberattacks combined with threats of terrorism, then the American nation must respond and it must respond now. Many of us, at this point, are probably thinking of additional sanctions. This, however, will not be enough to deter future attacks using similar tactics.
The United States should deliver a retaliatory response through cyberspace to the North Korean nation. This retaliatory attack should be targeted against North Korean leadership and should transmit a clear signal that the United States will not tolerate cyberattack tactics combined with the use of terrorist threats. Accordingly, the United States should consider response options designed to debilitate the North Korean regime in such a manner as to cause internal instability. Some response options that should be considered are as follows:
Whether one of the above three cyber options are leveraged or whether another, equally stern option is employed, the United States must respond in order to deter future cyberattacks combined with terrorist threats. Today, it is North Korea. If nothing is done, tomorrow it will be the Islamic State. The effect of such cyber capabilities being wielded by terrorist organizations would be devastating – not just to the American economy, but to the American psyche and the nation’s fundamental human rights. To prevent this from happening, the United States must respond hard and fast by delivering a devastating response through cyberspace to the North Korean regime.
Jason Rivera is a Captain in the US Army National Guard and possesses a MA from Georgetown University in Security Studies, a M.A. from the University of Oklahoma in Economics, and two BA degrees in Political Science and Economics from the University of Nevada – Las Vegas.
 David Robb, (2014) “Sony Hack: A Timeline,” Deadline, http://deadline.com/2014/12/sony-hack-timeline-any-pascal-the-interview-north-korea-1201325501/ (accessed 17 Dec. 2014).
 Brian Stelter, (2014) “Sony cancels ‘The Interview’ after major theater pull out,” CNN Money, http://money.cnn.com/2014/12/17/media/the-interview-sony-theater-owners/index.html?hpt=hp_t2&hpt=hp_t1 (accessed 17 Dec. 2014).
 David Sanger and Nicole Perlroth, (2014) “U.S. Links North Korea to Sony Hacking,” The New York Times, http://www.nytimes.com/2014/12/18/world/asia/us-links-north-korea-to-sony-hacking.html?_r=0 (accessed 17 Dec. 2014).
 Jason Rivera, (2014) “Understanding and Countering Nation-State Use of Protracted Unconventional Warfare,” Small Wars Journal, http://smallwarsjournal.com/jrnl/art/understanding-and-countering-nation-state-use-of-protracted-unconventional-warfare (accessed 17 Dec. 2014)/
Feb 18, 2017 0By: Will Chim, Reporter Photo Credit: United States Institute of Peace (USIP) This month, the United States Institute of Peace hosted a discussion event with Douglas Lute to discuss “the wars of...