How the U.S. Should Respond to North Korea’s Hacking of Sony
“‹North Korea’s cyberattack on Sony Pictures for the effrontery of making a movie criticizing Kim Jung Un could actually have a silver lining. That depends on whether America learns the right lessons and acts firmly and decisively. Our record so far is, at best, mixed.
“‹We must first grasp that Pyongyang engaged in asymmetric warfare. It ravaged a major firm’s information systems but thereby also demonstrated our vulnerability to grave and growing threats to critical but inadequately defended American IT and communications infrastructures. What North Korea can do, other adversaries, both rogue states and major powers, can also do. Our answer to Pyongyang must bear these global threats in mind.
The following should constitute our minimum initial response:
1. Respond disproportionally to North Korea’s attack. While Washington may have recently disrupted the North’s nongovernmental Internet, that step should merely be the first. We must also return North Korea to the state terrorism list (thereby enabling even stricter sanctions than do currently exist), enforce existing sanctions relentlessly and lean on Russia and China to do the same. Pyongyang has detonated three nuclear devices and is developing ballistic missiles that will soon be capable of reaching America. Contrary to President Obama’s call for a “proportional” response, North Korea needs to learn now that we give better than we get.
2. Create structures of deterrence to prevent future attacks. Punishing Pyongyang is important not only in its own right, but also to demonstrate worldwide that such forays are unacceptable. Washington must, by word and deed, dissuade others from even thinking about taking similar action. Deterrence requires longer-range strategy in cyberspace, just as for nuclear and conventional weapons. Starting immediately, we must substantially increase our intelligence and military resources for cyberwarfare, both offensive and defensive.
3. Develop greater conceptual clarity in assessing cyberattacks. In the physical world, we have rough notions of escalating levels of threats and violence — from vandalism, to crime, to clandestine intelligence acts, to terrorism, to war. These steps in the escalation ladder are inevitably not totally distinct, but millennia of human conflict have provided us far greater insight into characterizing hostile action than we now have in cyberspace. This needs to change.
4. America’s private sector must awaken to its vulnerability. Painful and embarrassing as North Korea’s attack may have been to Sony executives, the damage suffered was trivial compared to what a cyberattack could wreak on major financial institutions, aerospace and defense firms, or communications and power industries. The Pentagon has reported frequently on foreign penetration and exploitation efforts, demonstrating how at risk we are. Many key government programs are not in significantly better shape. North Korea’s attack is a fire bell in the night.
5. Trust the American people’s good sense, resolve and courage. The entertainment world’s initial craven response to Pyongyang’s assault stands in stark contrast to the real people who jammed theaters on Christmas Day to see the film. America’s virtually unanimous opinion outside Hollywood was to stand firm against Pyongyang’s ugly dictatorship. This is the most important lesson of all.
John Bolton is a senior fellow at the American Enterprise Institute. He previously served as U.S. permanent representative to the United Nations. This article was originally published by The Hollywood Reporter.