Countering Cyberattacks Without a Playbook
WASHINGTON — For years now, the Obama administration has warned of the risks of a “cyber-Pearl Harbor,” a nightmare attack that takes out America’s power grids and cellphone networks and looks like the opening battle in a full-scale digital war.
Such predictions go back at least 20 years, and perhaps that day will come. But over the past week, a far more immediate scenario has come into focus, first on the back lots of Sony Pictures and then in back-to-back strategy sessions in the White House Situation Room: a shadow war of nearly constant, low-level digital conflict, somewhere in the netherworld between what President Obama called “cybervandalism” and what others might call digital terrorism.
In that murky world, the attacks are carefully calibrated to be well short of war. The attackers are hard to identify with certainty, and the evidence cannot be made public. The counterstrike, if there is one, is equally hard to discern and often unsatisfying. The damage is largely economic and psychological. Deterrence is hard to establish. And because there are no international treaties or norms about how to use digital weapons — indeed, no acknowledgment by the United States government that it has ever used them itself — there are no rules about how to fight this kind of conflict.
“Until now, we’ve been pretty ad hoc in figuring out what’s an annoyance and what’s an attack,” James Lewis, a cyberexpert at the Center for Strategic and International Studies, said last week. “If there’s a lesson from this, it’s that we’re long overdue” for a national discussion about how to respond to cyberattacks — and how to use America’s own growing, if unacknowledged, arsenal of digital weaponry.
All those issues have been swirling in the background in the drama of North Korea’s effort to intimidate Sony Pictures, and the retaliation by the United States — if that was the case — against one of its oldest Cold War adversaries. “If you had told me that it would take a Seth Rogen movie to get our government to really confront these issues, I would have said you are crazy,” one senior defense official said a few days ago, referring to the Sony Pictures film “The Interview.” “But then again, this whole thing has been crazy.”
With Tuesday’s announcement that “The Interview,” a crude and poorly reviewed comedy about a C.I.A. effort to hire two bumbling journalists to knock off Kim Jong-un, the North Korean leader, will be shown in a limited number of theaters, it is very possible that this confrontation with the least predictable of the nine nations possessing nuclear weapons may not yet be over.
Like most cyberattacks, it started with a simple question: Who did it? But this was no ordinary effort to steal credit card data, like what happened at Target and Home Depot. What made the attack on Sony different was its destructive nature. By some accounts, it wiped out roughly two-thirds of the studio’s computer systems and servers — one of the most destructive cyberattacks on American soil.
It took three weeks for Mr. Obama to take the extraordinarily rare step of publicly identifying North Korea, and its leadership, as the culprit. And even now, the F.B.I. refuses to release much of its evidence, presumably because it could reveal the degree to which the United States had penetrated North Korea’s networks and the Chinese systems through which they are routed. The president’s decision to also mention the Chinese during a news conference last week in which he responded to the Sony attack was “itself part of the effort to create some deterrence,” one administration official said, “by making it clear we can cut through the fog.”
But because the government will not make the evidence public, there will be doubters.
“The N.S.A. has been trying to eavesdrop on North Korea’s government communications since the Korean War, and it’s reasonable to assume that its analysts are in pretty deep,” Bruce Schneier, one of the country’s leading cyberexperts, wrote in The Atlantic, referring to the National Security Agency. “The agency might have intelligence on the planning process for the hack. It might, say, have phone calls discussing the project, weekly PowerPoint status reports, or even Kim Jong-un’s sign-off on the plan.”
“On the other hand, maybe not,” he wrote. “I could have written the same thing about Iraq’s weapons-of-mass-destruction program.”
But Washington’s declaration that North Korea was the source came paired with Mr. Obama’s warning of a “proportionate response.” Within days, North Korean Internet connections sputtered and went dead — and after briefly reviving, they were out again on Tuesday.
An American attack? Did the Chinese pull the plug? Did the North Koreans take themselves offline to protect themselves? No one in Washington will say. But it is possible that to deter future attacks, the administration was not looking for subtlety. Instead, it might have simply wanted to remind Mr. Kim that the United States is training 6,000 “cyberwarriors” among its military units, and they all have North Korea’s Internet Protocol address.
Still, if North Korea did bear the brunt of an American counterstrike — a significant “if” — it will most likely prove more symbolic than anything else and serve to remind Mr. Kim that his family has miscalculated before.
In the summer of 1950, gambling that the Americans were too distracted to respond, the founder of the country, Kim Il-sung, invaded the South. It turned out he was wrong, and the devastating three-year conflict that followed ruined his nation. But, improbably, it left him and his family in power.
Over the past two years, his grandson — who has tailored his appearance to closely resemble the North’s revered Great Leader, who died 20 years ago — has embraced digital weapons precisely because they are far more subtle than sending troops over the 38th Parallel. In fact, cyberweapons are perfect for a failing state. Unlike North Korea’s small arsenal of six to 12 nuclear weapons, they can be used without risking an annihilating response. Unlike North Korea’s missile fleet, they are uncannily accurate. Just ask Sony, which is still trying to figure out whether its attackers had inside knowledge or just got lucky.
But that leaves Mr. Obama with a “short of war” conundrum. How much American power should be deployed to stop a cybervandal from becoming a cyberterrorist?
Until the past week, the president’s temptation has been to refrain from responding at all. But the combination of the destructive attack, the effort to silence American criticism of a brutal regime and the threats of attacks on American theaters made this one different.
The mystery now is whether the young, untested Mr. Kim will back off, or whether, like his grandfather, he will push ahead, figuring that an unpredictable North Korea has kept enemies at bay for six decades, and that his new weapon may extend the streak.
/https%3A%2F%2Fassets.over-blog.com%2Ft%2Fcedistic%2Fcamera.png)
/http%3A%2F%2Fs2.lemde.fr%2Fimage%2F2015%2F04%2F10%2F534x0%2F4614038_4_898f_le-contexte-de-l-apres-charlie-hebdo_5ec61db97324910e1f66988015af108c.jpg)