Tit-for-Tat Cyber Retaliation by U.S. Over Sony Seen as Unlikely

If the U.S. decides to retaliate over North Korea’s alleged hacking of Sony Pictures Entertainment computers, officials could target the government’s financial resources, its illicit drug and counterfeiting operations or the hackers themselves.

One thing the Obama administration is unlikely to do is unleash a tit-for-tat cyber attack, analysts said. Any eventual U.S. response also will likely be unannounced, in order to avoid feeding the North Koreans’ desire for a public showdown with the world’s sole superpower.

“What the North Koreans can’t stand is when no one pays attention to them,” said Joel Brenner, former head of U.S. counterintelligence. “What we do may not be publicly known, but the North Koreans will know who did it.”

The attack on Sony last month has quickly erupted into a national-security issue for the administration. Law enforcement and intelligence officials have sufficient evidence to determine with high confidence that the North Korean government is responsible, according to a person familiar with the investigation, who wasn’t authorized to speak publicly.

The incident crippled computers at Sony Corp.’s Culver City, California-based studio, forcing the company to pull its movie “The Interview” after major theater chains said they wouldn’t show the picture. A group claiming credit for the attack invoked Sept. 11 this week in threatening movie fans with violence if they went out to see the film.

President Barack Obama believes the attack on Sony warrants an “appropriate response” from the U.S., White House press secretary Josh Earnest said Thursday in Washington.

Covert Operation

Among possible options, the U.S. could launch a covert operation against North Korea’s shadowy Unit 121, believed to be responsible for training new hackers and which in 2011 launched “distributed denial of service” attacks against 40 South Korean government and military websites, according to an intelligence official.

Even so, the Obama administration may be reluctant to retaliate in kind by releasing U.S. cyber-attacks on North Korean computer networks -- particularly over the cancellation of a Hollywood comedy. Any such attack would involve showing the North Korean government what part of its network vulnerabilities the U.S. had identified, thus allowing defenses there to be strengthened, Brenner said.

The $17 trillion U.S. economy has far more to lose from a cyber slugging match than does North Korea. A cyber attack also would invite additional North Korean strikes against U.S. companies or government installations that spotty U.S. defenses might not withstand. The U.S. electric grid and critical infrastructure, such as water plants, are vulnerable to attack.

Money Laundering

“Turning off the lights in North Korea is not a big deal,” said James Lewis, a cybersecurity specialist with the Center for Strategic and International Studies. “It happens every day. So there’s not a lot of harm we can do.”

North Korea already is cut off from almost all U.S. trade and finance. Last year, the U.S. Treasury sanctioned North Korea’s Foreign Trade Bank, the country’s primary conduit for foreign exchange along with Paek Se-Bong, the chairman of the Second Economic Committee.

In 2005, the U.S. Treasury Department designated Banco Delta Asia in Macau as a primary money laundering concern, calling it North Korea’s “willing pawn.” Two years later, Treasury ordered all U.S. banks to sever ties with the institution. The sanctions froze about $25 million in North Korean deposits.

Chinese Cooperation

Punishing North Korea without at least tacit cooperation from China, its neighbor and chief trade partner, will be difficult. China probably wouldn’t help without first seeing strong intelligence supporting U.S. claims of North Korean involvement, said Dean Cheng, a China specialist at the Heritage Foundation in Washington.

“Prospects for cooperation are virtually nil,” said Cheng.

The Sino-North Korean relationship -- often described as “close as lips and teeth” -- has witnessed tensions in recent months. Meanwhile, Russia, in a bid to offset its unbalanced dependence upon China, has been courting Kim, including with fuel shipments, said Cheng.

Only if the U.S. could demonstrate that the North Korean hacking involved Chinese territory or Chinese Internet protocol addresses might China do something. Even then, support for the U.S. would be tepid, he said.

Sony Losses

The U.S. government may use Sony’s losses on the movie as Exhibit A in a campaign to persuade companies to intensify their cybersecurity efforts. In February, the U.S. National Institute of Standards and Technology released a set of best practices for companies to adopt to protect their networks.

Banks and telecom companies generally have moved aggressively while other industries have lagged, Lewis said.

The U.S. could ask its allies to use their own laws to expel North Korean diplomats who are involved in illicit operations, said David Maxwell, a retired U.S. Army Special Forces colonel and Asia expert who’s Associate Director of the Center for Security Studies at Georgetown University’s School of Foreign Service.

The U.S. also could step up efforts to block North Korea’s nuclear proliferation, which would crimp hard currency earnings, Maxwell added.

Cybersecurity is a rising priority at the White House. Lisa Monaco, Obama’s top homeland security and counterterrorism adviser, formed a Cyber Response Group earlier this year to organize the government’s reaction to cyber threats.

High-Level Officials

The group, which includes high-level officials from the Pentagon, State and Treasury departments, and intelligence agencies, has discussed the Sony hack, according to an administration official who spoke on the condition of anonymity because they weren’t authorized to discuss the program publicly.

The questions of whether, when and how to retaliate against sponsors of cyber attacks have vexed policy makers on Capitol Hill and at the White House. Traditional deterrents don’t work as well in the electronic world, where it can be hard to detect who is responsible for an attack and even harder to negotiate with them.

“We can’t ignore this,” said Brenner, now a Washington-based attorney and security consultant. “We can’t let this go without some retaliation.”

Fight Back

The North Korean success likely will spawn additional attacks, either repeat episodes involving the Kim government or others. Next time, the target may not be a Hollywood comedy, but an essential part of the U.S. economy.

The U.S. government and private companies should be able to retaliate against hackers, House Homeland Security Committee Chairman Michael McCaul said.

“I would argue that we should be able to respond in kind to hit them,” the Texas Republican said last week.

Silicon Valley companies want to be able to use their technological capabilities to fight back, he said.

“They also want to know what are the rules of the game here in terms of their ability to respond and hit not only actors and companies from foreign countries, but when they’re nation states,” he said.

The Sony incident is putting the U.S. in “a unique place” because the attack included a destructive capability aimed at a private company, including a terrorist threat against theaters, said Michael Fey, president and chief operating officer of Blue Coat Systems Inc., a network security company in Sunnyvale, California.

“What we’ve shown here is that a cyber-attack can bend the will of a major corporation,” Fey said. “If our critical infrastructure is targeted in a similar way, could it bend the will of our government?”