The New Age of Cyberwarfare

Slate explains why we should expect more attacks on companies like Sony Pictures.

The hacking of Sony Pictures’ computer files, apparently in retaliation for a movie about a fictitious plot to assassinate North Korean leader Kim Jong-un, has cast a spotlight on the ever-evolving landscape of cybersecurity, cybercrime, and cyberwarfare. 

To date, cyberattacks have been launched by a variety of actors – from China, Russia, Iran, Syria, North Korea, Israel, the United States, and other nations, to criminal gangs and mischievous individuals – with the aim of stealing money, patents, credit card numbers, and national security secrets. 

The Sony hack, however, appears to be an attempt to influence free speech and alter American popular culture, and suppress constitutional rights. Matt Devost, president and CEO of FusionX LLC, a leading computer-security firm, commented in an email this morning, “This is the dawn of a new age. No longer do you have to worry just about the theft of money or intellectual property, but also about attacks that are designed to be as destructive as possible – and to influence your behavior.” Bob Gourley, co-founder and partner of Cognitio, another such firm, echoed this sentiment, saying, “I have tracked cyber threats since December 1998 and have never seen anything like this.” 

In response to the hack, Sony has cancelled the movie’s scheduled release due to terrorist threats against theaters, raising the question of whether hackers will now target other studios in order to suppress other movies, books, exhibitions, or albums. 

The Sony hack is not the first of its kind. Last February, Las Vegas Sands Corp. was hacked by Iranians in response to a speech given by its CEO, Sheldon Adelson, calling for a nuclear attack on Iran. The attack caused $40 million in damages, and the Sony attack could cost up to $100 million.

These developments are a cause for concern, as thousands, if not tens of thousands, of people around the world have the capability to hack into corporate computers, particularly those belonging to arts and entertainment companies, who have not taken the necessary precautions to protect themselves.

The hacking of Sony Pictures and Sheldon Adelson’s Las Vegas Sands Corp. has raised a host of questions about the role of government in cyber security. FireEye, one of the leading computer-security forensics companies, concluded that the Sony hacker was an outfit called DarkSeoul, believed to be a North Korean contractor. Adelson’s company, meanwhile, was attacked in response to his comments about Iran, and he attempted to keep the details of the attack hidden. 

These events have brought to the forefront a debate that has been ongoing for 30 years: should the government play a role in protecting companies from cyberattacks? In the 1990s, Bill Clinton’s advisor Richard Clarke argued for mandatory security requirements on companies and utilities, while economic advisers and CEOs resisted. The compromise was the creation of Information Sharing and Analysis Centers (ISACs) in which government agencies would help companies secure their servers and networks. 

Now, the question of a “red line” has been raised: when does a problem of commercial risk become an issue of national defense? The difficulty of attributing cyberattacks also complicates the matter. While North Korea has denied involvement in the Sony attack, U.S. investigators have determined that hackers working for the country were behind it. 

The Sony and Adelson hacks have highlighted the need for a serious debate about the costs, risks, benefits, and complexities of cyber security. With the potential for every American enterprise to be hacked by foreigners, the question of government assistance must be addressed. It remains to be seen how the debate will unfold.

Leave a Comment

Your email address will not be published. Required fields are marked *