North Korea, we are told, hacked into Sony Pictures’ computer system. The hackers made off with a vast number of emails, brought film production to a halt by disrupting Sony’s ability to pay bills, and stole passcodes governing entry into the studio’s headquarters so that employees had to line up to gain admission, one by one. The hackers then caused two movies to be withdrawn from circulation by threatening terrorist attacks on theaters, almost certainly an empty threat. In response to these acts of war–if it really was North Korea–our newspapers carried on gleefully about whether Angelina Jolie really is a moron, and whether it is “racist” to speculate in childish fashion about whether Barack Obama likes movies featuring black characters.
I would say that the administration’s response was equally lame, except that so far there hasn’t been one. White House spokesman Josh Earnest, who is ineffective on his best days, was asked about the Sony matter. Here is the exchange:
Earnest says that “this is something that’s been treated as a serious national security matter.” Not so far, it hasn’t been. This concerns me, too: “[T]hey would be mindful of the fact that we need a proportional response and also mindful of the fact that sophisticated actors when they carry out actions like this are often times, not always, but often, seeking to provoke a response from the United States of America.” I never understand the concept of a proportional response. What are we going to do, knock out part of North Korea’s film industry? The response to any terrorist act should not be proportionate, but rather, should be massive enough to deter any future actor from even considering doing anything similar.
The striking thing about the Sony attack is how much worse it could have been. The film industry is relatively unimportant. What if North Korea, or some other adversary, carried out a similar attack against J.P. Morgan Chase, Bank of America, Citigroup and so on? They could bring America’s banking system to its knees. Or how about hacking into the computer systems of America’s utilities? Could a hostile regime turn off power to homes in the northern U.S. in mid-winter? Or maybe a hacker could disrupt the traffic lights in a major American city, and bring traffic to a standstill. The possibilities are endless. And North Korea is by no means the last word in computer expertise. The Chinese have state of the art technological capacity. Russia is a basket case in many ways, but software is like chess and Russians are great at it.
Was Sony Pictures’ computer system uniquely inadequate and therefore vulnerable to intrusion? I haven’t heard anyone say that. It appears that many companies could be vulnerable to similar attacks; indeed, as we have recently seen, major retailers have been vulnerable to hackers who sought profit rather than disruption. But the potential for disruption is the national security threat.
And if companies are vulnerable, then how about government agencies? What if North Korea hacked into the White House’s or State Department’s computers?
Maybe they already have. In October, we wrote here, here, here and here about a mysterious intrusion that brought down computers in the Executive Office of the President (which includes the White House and much more) and the State Department. The Obama administration was close-mouthed about the incident and refused our several requests for comment. Despite our efforts, the story was barely covered in the press, and disappeared without a trace. To my knowledge, no one has ever reported on the source of the intrusion or the cause of the outage.
It seems likely that the Obama administration wanted to suppress the story, which threatened to break days before the midterm elections. News of a hostile power invading the White House’s own computer system, if that is what happened, or may have happened, would have reinforced the perception that the Obama administration is weak. It is easy to imagine the press staying away from the story on political grounds. So, for all we know, the North Koreans–or the Russians, the Chinese, or some independent group–may already have carried out a highly destructive attack on the federal government’s computer system.
Be that as it may, the central questions arising out of the Sony Pictures story are 1) how widespread is the vulnerability to sophisticated hackers among corporations and government agencies, and 2) what can be done to secure our systems so that catastrophic attacks do not take place in the future? President Obama is scheduled to give a speech on several topics, including the Sony hack, later today. It will be interesting to see whether he addresses these questions, and if so, how.