Where Real and Cyber Warfare Meet

By Avi Deitcher

Probably the biggest story of the last few weeks has been the hack of Sony Pictures by North Korea (or the Democratic People's Republic of Korea / DPRK, naming convention courtesy of George Orwell). While hacks happen all of the time, this one is particularly notable for several reasons:

  1. It was directed by a state actor.
  2. The US Government officially responded and "named and shamed" the state actor, thus forcing itself to respond.
  3. The victim, Sony, had pulled its release, at least temporarily. Whether or not it was a good business decision, there is no question that it was cowed by cyber-warfare.

It is hard to know what the motivations of the North Koreans were; I do not view them as 100% rational in the Western sense, although they are far more rational than Hamas, IS or the Iranians. It is clear, however, that they had at least 2 interests:

  • Prevent release of the picture. In many ways, this is absurd, and shows their lack of understanding of Western audiences, who simply laugh (or groan, depending on how bad the film is) and move on.
  • Show that they can bring a large Western business to its knees. In this, they have been successful.

For those of us in business, and especially the technology business, what does this portend? A number of elements.

First, the blurring of lines between cyber warfare and real warfare. While we can say that this kind of incident can deteriorate into physical warfare, even of a limited kind, it is clear that DPRK does view the release of a film as a kind of "warfare". We should not find this surprising, coming from a state that imprisons people for publishing, saying, or even hearing politically incorrect statements. In many ways, modern civilizations (which invented the Internet) are just catching up. Nonetheless, although the US likely is responding in covert ways, it is possible that they could respond physically upon DPRK interests (assuming DPRK has enough of an economy left to actually have interests) or DPRK itself, beyond the possible takedown of DPRK's limited Internet and 3G of last week.

Second, the escalation of the impact of cyber warfare and hacks is likely to lead to much stricter enforcement and crackdowns against even individual or small group hackers, both in Western nations and overseas. This will not be because of sudden respect for the law in Russia or China, as much as the desire of those states to keep tension with Western countries such as the US, UK and others at a manageable level. Russia may enjoy that many of its resident hackers cause grief for American computer users and companies; see Brian Krebs' "Spam Nation," but does not want a serious breach of a major corporation or government entity to be traced back to Russia and cause severe sanctions or low-level warfare. As dangerous as the Cold War was, at least the major state actors - the US and USSR - kept the most dangerous individuals at bay, in order to keep tensions under control.

Third, expect the US to contemplate, if it is not already, applying the paradigm of physical border controls to the Internet. The US cannot afford to protect every single Web site and corporate IT department located in the US, just as it cannot physically secure every single office or corporation located inside the borders of the US. What it does is attempt to limit who has access to the physical territory of the US and then focus internal resources such as local police, FBI, Secret Service on the limited true threats that are either homegrown or make it through border controls.

Can the US apply "border controls" at the many data ingress points into the US homeland? There really are not all that many of them to watch anyways; look at the list of IIX/IXPs or here. Would that lead to potential censorship, or the fear of it? Without question. Could people get around it using VPNs and proxies? Definitely. But the rationale would not be to stop all attacks, but to reduce the threat numbers so that internal resources could focus on the few that make it through or are domestic in nature. While the NSA's domestic spying programs as exposed by Edward Snowden have serious Constitutional questions, Courts repeatedly have upheld the government's right to inspect anything and everything - and stop it - at the borders.

Should they do it? That is a moral question, balancing the need to secure the border with the need to limit the natural tendency of any government to overreach in power.

Who will support it? One would expect the major Internet players such as Google and Facebook to fight it, but they probably are more worried about being targeted - as Google was by Chinese hackers, and I suspect their strengthening of security combined with lack of participation with Chinese government censorship led to this week's Gmail blocking via the "Great Firewall of China" - than with more privacy issues. So I fully expect major and even minor corporations across the board to be supportive of it.

Will they do it? Are they already?