The recent hack of Sony pictures is not a cyber Pearl Harbor as some commentators have opined, nor is it merely a criminal violation of intellectual property rights and a source of embarrassment for Sony executives and their Hollywood talent. It is the strongest public indicator yet of the potentially crippling effect cyber-attacks can have on our nation's critical infrastructures — particularly in light of North Korea's willingness to conduct such an attack against a simple entertainment company for the minor matter of bruising the ego of Kim Jong-un, North Korea's "Great Successor" in the Kim Cult of Personality.

Had a group without any nation state sponsorship conducted the Sony hack, it would be treated as a straightforward law-enforcement matter. Law enforcement agencies throughout the free world would work with the U.S. government to identify, locate and arrest the cyber criminals, then extradite them for trial, while Sony regrouped and released the "The Interview" on time along with all its other compromised films. After all, even bad publicity is publicity.

Advertisement

But given the apparent involvement and sponsorship of North Korea, President Barack Obama has indicated that he will send a clear message that this type of criminal behavior cannot be tolerated, nor can it set the stage for continued attempts at coercion or larger attacks. In the coming days the president will select a series of actions from a wide range of economic or diplomatic sanctions against North Korea, likely while ordering military and government network security managers put greater emphasis on computer and telecommunications network security. The Sony hack will almost certainly not result in military strikes on North Korea, however.

Private sector network security professionals, particularly those managing elements of our nation's critical infrastructure, are certainly watching closely as the repercussions of this hack unfold, and they all should be wondering whether they're next. North Korea's hackers, be they military professionals or hired guns, may choose our nation's power grid, banking infrastructure, air traffic control system, roadway traffic management systems or our national rail network as their next target, emboldened by their success against Sony.

The only effective approach to mitigating cyber threats from nation states is a close and well-defined relationship between the government and the private sector. Information security officers in private sector companies managing elements of our critical national infrastructure must receive classified threat warnings and intelligence from the government that contain sufficient technical details to thwart attacks without revealing classified sources and methods information. The Department of Homeland Security working in partnership with the Defense Information Systems Agency and the Director of National Intelligence could easily establish such a process, enabled by legislation and presidential order as needed.

The private sector must also do its part by providing the government with daily or weekly reports about attempted hacking attempts that originate outside their corporate network boundaries. The data provided to the government must also be limited to technical details such as the logical address the attack came from, the type of attack and the type of data exfiltrated, which can provide the government enough information to begin searching for a foreign actor or perpetrator behind the attack.

North Korea has just proven that any nation state lacking sufficient capability or capacity to attack and defeat the United States militarily can have an effect on more vital elements of our national critical infrastructure. While insignificant to the overall U.S. economy, the Sony hack is a major assault on Sony's business, and it does demonstrate on a smaller scale what might happen if North Korea or its proxies chose to conduct a more significant attack on our economy, our ability to project military force or our citizens' livelihoods.

It is past time for the government and the private sector to begin a more robust sharing of cyber-attack information. We need enabling, common sense legislation from Congress, the appropriate executive orders from the president and engagement in an environment of mutual trust between the government and the private sector before we really do face a "Cyber Pearl Harbor." If that happens, thousands could die on airliners or derailed trains and in widespread traffic accidents; or they could suffer widespread financial losses from an economic collapse as personal wealth in family bank and retirement accounts vanish, corporate coffers empty, streets go dark, our homes grow cold and grocery store shelves empty. Such a cyber attack would be the opening salvo of a war with the nation behind it, and the United States will start the fight with both hands tied behind its back.

Tom Wither is the author of the military/intelligence thrillers: "The Inheritor" (Turner Publishing, June 2014) and "Autumn Fire" (Turner Publishing, September 2014). He is also a 25-year veteran of the intelligence community. The views and opinions expressed are his own and are not those of any organization or element of the intelligence community or Department of Defense. His email is Tom@TomWither.com.

Advertisement
Advertisement
Advertisement