North korean cyber attack on sony poses tough security questions.

Author:Sicard, Sarah

Sony Pictures Entertainment in November fell victim to the all-too-common trend of cyber hacking. What was uncommon, however, was the alleged perpetrator--a nation state, North Korea.

While cyber attacks are on the rise around the world--both from inside and outside threats--this was the first known instance of a country deliberately causing destruction to a U.S. company's data.

"We've never seen a nation-state use its capability, albeit somewhat limited, in a way that actually destroyed data," former House Intelligence Committee Chairman Mike Rogers, R-Mich., said in a panel hosted by the Bipartisan Policy Center.

Although many entities, including governments, often bypass companies' cyber security defenses, they typically observe and may at worst interrupt service temporarily, panelists said.

"We've seen denial of service attacks, clearly," Rogers said. But North Korea "stole intellectual property, and it destroyed enough data to make it very difficult for Sony to operate."

In 2012, Iran reportedly tampered with data belonging to Saudi Arabian oil company Aramco. But there has been no confirmed case of a nation-state hacking a U.S. company prior to November, Rogers said.

Though President Obama confirmed that the attack was perpetrated by North Korea, he has described the event as one of "cyber vandalism" instead of terrorism.

President Obama had said in his response that the repercussions for this act of cyber vandalism would be handled "proportionally" --a word that former CIA director Gen. Mike Hayden said should have been removed from the speech.

"This has implications beyond cyber stuff," he said. "They [North Korea] have taught us to tolerate ever-more provocative actions."

Paul Stockton, managing director at Sonecon LLC and former assistant secretary of defense for homeland defense and Americas' security affairs under the Obama administration, disagreed.

He commended President Obama for his use of the word "proportional," calling it a wise move considering the absence of precedence in dealing with a crisis like this.

The U.S. response to the attack has been a source of much controversy, which is a direct consequence of being behind on codifying cyber definitions, policies and practices, domestically and internationally, Stockton said.

The impact of having no real laws in place to deal with cyber attacks is detrimental both economically and politically, he said.

Rogers said he expected a more offensive, reactionary response from the United States than...

To continue reading