Naming North Korea Doesn't Help Sony

Attribution, identifying who is responsible for a cyber event, is always more complicated than fixing the methods hackers used in getting in.  So, when two of the best reporters in cyber, David Sanger and Niccole Perlroth, said in yesterday's New York Times "U. S. Said to Find North Korea Behind Cyberattack on Sony", they were already saying more than the White House about who was behind the threats and attacks against Sony.  Our government said North Korea was ''centrally involved" in the hacking.  We have to think about that for a minute, since this sets a new standard for wishy-washy statements related to attribution of a state government in Cyberwar.  They aren't saying North Korea actually did the attacks, made any of the threats, or published any information about Sony's internal matters.  But, they were involved.  

In Sanger and Perlroth's analysis, they describe the White House debate on what to do about this kind of event.  You can blame the country directly and say there was evidence they hired someone to do it, or they actually did it themselves using government resources.  Japan was concerned that its negotiations with North Korea would be upset by us naming names.  If you do that, you might have to say a little about how you know that to  be true and that is often very close to giving up sources and methods of the Intelligence Community.  Nobody wants to do that either.  

Bernadette Meehan, spokesperson for the National Security Council, says the U.S. government is "considering a range of options in weighing a potential response" which is nearly always true of almost anything happening anywhere in a world.  It should have been something they had been thinking about  after North Korea did millions of dollars in damage to South Koreas banks in a long, destructive targeted attack.  Like the Sony attack, those against South Korea wiped the hard disks of the computers they went after.  This is a "no joke" kind of thing that doesn't just drop a few thousand e-mails on the Internet.  It does real damage, and drops the e-mails to do more.  

What the NSC is trying to get around is the nasty business of deterrence.  North Korea has threatened to put a nuclear weapon on a missile and fire it our way.  We had trouble believing they could or would do that, so deterrence is not that important.  Cyber is harder because they did that attack and we know they can do it again.  We have to do something to discourage them.  

Sony is a U.S. business, though its parent is in Japan.  The U.S. government did next to nothing to help businesses who were routinely hacked by China and Russia, as a part of national efforts to steal from us,  so we can't expect to see much in the way of help going to Sony.  We have no strategy for deterrence in Cyberwar. 

China has used North Korea as a stalking horse on all kinds of provocations to other governments.  They tolerate the kind of behavior because it allows them to see how the world will react without getting their own hands dirty.  China can stop North Korea from doing anything like this again, if they want to continue to eat and stay warm in the winter.  They are going to wait and see what we do first.  The first thing they are looking for is how much we know about who did what over there, because the Chinese were involved, even if not "centrally involved".  The second thing is to see how we respond to this kind of event so they can strenghen their counter moves.  North Korea has gone over the edge on this one and China is waiting to see if it went too far.  It doesn't look good for us if there is nothing we can do about it.