The U.S. government on Friday publicly named North Korea as the culprit in a destructive cyberattack against Sony Pictures Entertainment. But what exactly the United States can do about it is unclear, especially if the government wants to launch a counter cyberattack against the secretive nation.
The international legal framework guiding how the United States could respond to a cyberattack is largely untested, leaving the White House a limited number of options. North Korea is already diplomatically and economically isolated, so fresh sanctions probably wouldn't have much of an affect. And now the hackers claiming credit for the attack have told Sony executives that they won't release more of the company's stolen documents as long "The Interview," a Sony-backed comedy depicting an assassination attempt against Kim Jong Un, stays out of theaters, according to CNN.
If the United States were to respond in the same domain of the original attack -- in cyberspace -- it may face an uphill battle. Going "online" in North Korea is more like visiting an information cul de sac than an information superhighway. While select government officials and other elite citizens have the ability to connect to the global Internet, common citizens are limited to a domestic network called the Kwangmyong, which serves as a sort of national intranet. The network is said to allow access to state media and other information vetted by the government.
This lack of interconnectivity limits the spread of information about the rest of the world inside North Korea. It also serves as a form of defense in the event of cyberattacks.
"North Korea’s hermit infrastructure creates a cyber-terrain that deters reconnaissance," an HP Security briefing noted earlier this year. "Today North Korea’s air-gapped networks and prioritization of resources for military use provide both a secure and structured base of operations for cyber operations and a secure means of communications."
And even as the secluded nation has limited its own risk to cyberattacks, it has heavily invested in the creation of an offensive cyber force -- the most prominent being "Bureau 121," a sophisticated cell of cyber warriors said to be hand-picked out of the nation's technical university programs. A recent report from Reuters quoted a North Korean defector who pegged the size of the group at roughly 1,800 strong.
Experts say they believe countries like North Korea often choose to pursue strong hacker forces because of the relative low cost of maintaining capabilities, the ease of denying responsibility for attacks they carry out, and the asymmetric nature of attacking online. For hackers to win, they only need to breach a system once, but defenders must deflect every thrust to stay ahead of their adversaries.
So a cyberarmy can keep pounding away at a target until it discovers a crack in its digital armor, potentially causing huge amounts of damage for little more than the payments to the hacker squad.
Gen. Curtis Scaparrotti, the commander of U.S. forces in Korea, warned Congress about North Korea's cyber capabilities earlier this year. "North Korea employs computer hackers capable of conducting open-source intelligence collection, cyberespionage and disruptive cyberattacks," Scaparrotti testified. "Several attacks on South Korea’s banking institutions over the past few years have been attributed to North Korea."
Meanwhile, the attack on Sony Pictures, the string of hacks against U.S. retailers and the apparent breaches of various federal agencies over the past year have renewed concerns that the United States is ill-prepared to defend its institutions against an all-out digital assault.