David Sanger, Nicole Perlroth, and Eric Schmitt have a must-read NYT story on USG thinking about a response to the Sony hack, allegedly carried by the North Korean government. The story is jaw-dropping because, after many years of USG thinking about cyberwar and its cousins, the government seems in disarray about how to respond to what the NYT authors describe as “the first major, state-sponsored destructive computer-network attacks on American soil.” In addition to the apparent lack of concrete planning, “the White House woke up late to the growing confrontation with North Korea,” and has been “scrambling for a response.”
Perhaps the biggest problem the USG faces in crafting a response is asymmetric cyber-dependence. As the NYT says, one constraint on retaliation is “concern over the risk of escalation with North Korea, since the United States has far more vulnerable targets, from its power grid to its financial markets, than North Korea.” One official stated that “the challenge was to find a mix of actions that ‘the North Koreans will notice’ but that will not be so public that Mr. Kim’s government loses face and feels compelled to respond.” But of course this just makes plainer what was already plain: The USG has much more to lose from escalation than North Korea – a fact that, as all the world can now see, gives North Korea (and similarly situated actors) a huge leg up. (And note that even if we retaliate with non-cyber means, North Korea can and certainly will escalate in cyber.) So one consequence of our plodding response to the penetration of our weak cyber-defenses is to reveal that our retaliatory capabilities are (because of our cyber-dependence) to some degree compromised – especially against countries like North Korea that are already highly sanctioned and not terribly dependent on cyber.
Making yet plainer our weakness here is a second problem that the USG story identifies: We are seeking China’s help because “virtually all of North Korea’s telecommunications run through Chinese-operated networks” and thus “American efforts to block North Korea’s access to the Internet . . . would necessarily impinge on Chinese sovereignty.” That request is a more than a little awkward, since we have been complaining for many years about Chinese infiltration of and theft via U.S. networks. Some American officials optimistically see in this event “a chance to work with the Chinese on a subject the two countries have been warily discussing for several years: Establishing ‘rules of the road’ for acceptable behavior in cyberspace.” The Chinese might well see it as such an opportunity, but not on USG terms. The Chinese conception of the proper rules of the road is quite different than ours, and they have the leverage here. “So far, the Chinese have not responded” to the U.S. overture, according to the NYT.
This is just the beginning of the problems faced by the USG, as outlined in the NYT story. Read the whole thing.