The electronic equivalent of war
North Korea’s state-run news agency claims that suggestions Pyongyang was behind the cyberattack on Sony Pictures are “wild rumor.” But, according to the New York Times and other media sources, U.S. intelligence officials have concluded otherwise. The attack, those officials say, “was both state-sponsored and far more destructive than any seen before on American soil.”
Now the question is: What is the United States going to do about it?
The cyberattack will cost Sony an estimated $100 million, not including the losses that will result after threats of violence by hackers caused the withdrawal of its movie “The Interview,” a Seth Rogen comedy featuring an assassination plot against North Korean leader Kim Jong-un.
Imagine a team of North Korean saboteurs planting explosives under Sony’s sound stages and information technology equipment — then blowing them all up in the dead of night. This cyberattack is a precise analogue. A company has been attacked on U.S. soil; our sovereignty has been violated.
The Sony attack is a watershed event. The pretending is over. There is a real cyberwar going on, and we should admit it and develop serious, transparent policies in response. The New York Times reported Thursday that some “administration officials said a direct confrontation with the North would provide North Korea with the kind of dispute it covets.”
Maybe, but that’s a minor issue. Far more important is to make it clear that the United States sees no difference between an attack using electronic weapons and one using gunpowder or plastic explosives. These attacks — sanctioned or committed by state actors or their surrogates or by non-state terrorists — should be treated not as crimes, like theft or fraud, but as what they are: military interventions, or, to paraphrase George Orwell, the electronic equivalent of war.
In the past several months, we’ve seen invasions of White House and State Department computers — with Russia under suspicion. Hackers are believed to have the power to throw our financial system and power grid into chaos and to disable some of our most powerful weapons.
We need to build deterrence, and the first step is to make it clear that the U.S. will not ignore attacks, as we have in the past, but will respond forcefully — just as we would to a physical attack on the homeland. The kind of response will vary: financial sanctions, an electronic counter-attack, expulsion of a country from the G20 or some other prestigious organization.
More attention and advanced technology must be devoted to discovering conclusively who the attackers are. In the past, we have been too concerned about revealing our methods. That timidity must end.
Finally, companies like Sony have to harden their targets — with the help of the U.S. government, if necessary. We live in an era when a few hackers can wreak extreme havoc, just as fewer than two dozen militants killed more than 3,000 Americans during 9/11. We need better back-up systems, more efficient ways to mitigate the damage that will inevitably result from future cyberattacks.
James K. Glassman, former under secretary of state for public diplomacy and public affairs in the George W. Bush administration, is a visiting fellow at the American Enterprise Institute.