hankyoreh

a Sony film about an assassination plot of North Korean leader Kim Jong-un

A fierce debate is raging in the US over how to respond to the hacking attack on Sony Pictures, the film studio responsible for “The Interview,” a comedy about an assassination attempt on North Korean leader Kim Jong-un.

Speaking in a Dec. 21 interview with CNN, President Barack Obama characterized the attack as “cyber vandalism” and stated plans for a “proportional response.”

Meanwhile, members of the Republican Party, including Senator John McCain and former Speaker of the House Newt Gingrich, called for going beyond a proportional response and retaliating more sternly against what they called a “new form of warfare.”

Many experts argued that cyber attacks require a cautious approach, as they differ from traditional armed or terrorist attacks that involve physical violence and/or human injury. No international norms currently exist for cyber attacks, but experts suggests that the “Tallinn Manual” drafted in March 2013 by the North Atlantic Treaty Organization (NATO) could offer guidelines. The manual articulates the concept of “cyber-attacks” between countries, along with potential response measures.

The manual‘s main author, United States Naval War College professor Michael N. Schmitt, outlined the relatively stringent standards for a “cyber operation” in a Dec. 17 contribution the online forum Just Security.

According to Schmitt, the international group of experts that produced the Tallinn Manual “unanimously agreed that cyber operations alone may be sufficient to cross the armed attack threshold, particularly when they cause substantial injury or physical damage.”

“In their view, a sufficiently severe non-injurious or destructive cyber operation, such as that resulting in a State’s economic collapse, can qualify as an armed attack,” Schmitt continued.

Schmitt went on to note that “[t]he cyber operation against Sony involved the release of sensitive information and the destruction of data.”

“Albeit highly disruptive and costly, such effects are not at the level most experts would consider an armed attack,” he concluded.

Schmitt also said that if the Sony hack was confirmed to be North Korea’s doing, if would be considered an “internationally wrongful act” and infringement of US sovereignty, allowing the US to take response measures on North Korean cyber assets. Such cases would be subject to strict constraints in terms of announcement, proportionality, and time, he added.

In a contribution to Forbes, University of Utah communications professor Sean Lawson said the attack did not qualify as either an act or war or an act of terrorism or cyber-terror.

“[I]t did not ‘involve violent acts or acts dangerous to human life’ and thus fails to meet the very first requirement of the definition” in the U.S. Code, he wrote.

Lawson’s argument is that even cyber-terror attacks, which are not specified in federal law, must meet the standard of not only causing violence or danger to human life but also destroying major facilities and causing economic damage at the national level.

Noting that the criteria should be based on attack outcomes, Lawson observed, “In public debates about the meaning of incidents like the Sony hack, we see . . . a tendency to define what counts as war, terrorism, or cyber terrorism based on who conducted the attack and/or what instruments were used in the attack.”

“We accept the use of physical violence, or actions that could escalate to physical violence, in response to these kinds of events when such responses would not be seen as acceptable if these events were defined differently,” he explained.

News outlets reported that while the US Federal Bureau of Investigation (FBI) is blaming North Korea for the attacks, some security experts believe the evidence is not conclusive. The BBC reported that while the FBI is claiming the malware used in the attack was similar to methods used in past by North Korea, malware is typically made public for the sake of analysis and could be intercepted and repurposed by any attacker.

Noting federal investigators’ claims that the internet protocols and other infrastructure corresponded to North Korean ownership, the magazine Wired explained, “Skilled hackers use proxy machines and false IP addresses to cover their tracks or plant false clues inside their malware to throw investigators off their trail.”

The magazine also drew attention to the fact that the hackers’ initial demands on Nov. 21 had nothing to do with “The Interview.” The calls for canceling the release started on Dec. 8 and came well after media outlets had first begun reporting heavily on potential North Korean involvement earlier that month, it said.

On Tuesday, North Korea’s internet network was completely shut down for several hours, possibly as retaliation from the US for the attack on Sony Pictures.

By Park Hyun, Washington correspondent

Please direct questions or comments to [english@hani.co.kr]