Sony Hack: What Are US Options If North Korea Is Confirmed as Cyberterrorist?

Policy and security experts speak with TheWrap about the #GOP hackers’ potential act of war

The Interview movie poster, Sony logo, President Obama
Sony Pictures Entertainment/Getty Images

The hack of Sony Pictures Entertainment by what is now believed to be supporters of North Korea has significant national security and political implications,  but America’s options for response are limited, experts told TheWrap.

“There aren’t a lot of cards on the table,” Adam Segal, of the digital and cyberspace policy program at the Council on Foreign Relations said. “Perhaps the U.S. will try to indict people from the elite North Korean hacking [group],  but clearly we’re going to be worried about a response. We’ve already sanctioned them to the extent that we can.”

The United States has no diplomatic relations with North Korea, and has leveled significant economic sanctions against the Communist dictatorship because of its nuclear arsenal.

Segal pointed to the ineffective indictment in May of five Chinese military hackers found guilty of cyberespionage, as the Chinese government still denies involvement in their crimes. He also predicts President Obama will stay quiet on the issue, deferring to the departments of Justice or Defense.

“There aren’t any good policy options, so the President wouldn’t want to own anything we can’t make good on,” Segal said.

“North Korea and its supreme leader Kim Jong-un are subject to enough caricature in popular culture, one can forget they are a serious threat,” said Scott A. Snyder, a senior fellow for Korea studies at the Council.

Some experts have much broader interpretation of cyberterror.

“We’ve had state-sponsored industrial espionage for years,” said Steve Bucci of conservative think tank Heritage Foundation, who added that the U.S. Department of Defense may consider severe digital crimes to be acts of war.

“Cyberterrorism is a more efficient [terrorism],  because it’s so broad. The thing is, in this country we don’t have to fight cyber with cyber, we can do anything we want. Cyberterrorism is an act of war, and we can go and bomb the snot out of them if we want,” Bucci said.

Segal said though there have been calls for the U.S. government to step in to bolster companies’ security, current antitrust and privacy laws could make it difficult for unless Congress facilitates change.

“Without legislation there is not much more the Obama administration can do,” he said. “It’s easy to see how a private-sector company might not anticipate this type of threat. It’s the first time we’ve seen an operation of this size as an element of vengeance,”

Considerable evidence points to North Korean involvement in the security breach as retaliation for the fictional assassination of Kim Jong-un in the Sony comedy “The Interview.” On Tuesday, the hackers escalated their threat to violence promising a 9/11-like attack on theaters that show the film. And while Sony losses could amount to hundreds of millions of dollars, the implications could reach far beyond corporate financial results.

Japan, where Sony’s corporate headquarters is based, also has serious political- and national-security ramifications tied up in a potential North Korean conflict. A New York Times exposé published Dec. 14 suggested that Sony CEO Kazuo Hirai intervened in creative decisions for “The Interview” to avoid provoking Pyongyang:

“While many Americans seem to see North Korea as too distant to keep them awake at night, many Japanese see it as a very visible threat. Until three decades ago, North Korean agents occasionally snatched people off beaches in neighboring Japan to serve as Japanese-language teachers, and long-range North Korean rockets on test runs still fly ominously over Japan’s main islands.”

While the stakes are significant for all three countries, Bucci is quick to warn that determining the culprit with certainty can be tricky. Cyberculture is one that delights in illusions, he said.

“There are cyberactors,” Bucci said, referring to a 2009 computer virus allegedly disseminated by North Korea that threatened South Korean and American systems. No conclusive evidence ever pointed to North Korea after investigations.

“About six months later, some of my analyst friends said nothing pointed to North Korea, but then nothing pointed to anyone,”  Bucci said. “There are individuals,  there is organized crime or nation states — they are operating out there in the cyberarena. If they get pissed enough at you, they’ll do damage.”