Cybersecurity

Was It North Korea?

By Paul Rosenzweig
Wednesday, December 24, 2014, 12:44 PM

By now, we are all familiar with the attribution problems inherent in cyberspace.  Notwithstanding, I have been provisionally willing to accept the FBI's assertion of North Korean responsibility for the Sony hack, if only because I assumed that it was premised on significant classified information to which we were not privy and that neither the FBI nor any other agency would be willing to make such a public accusation unless it's evidence was pretty close to rock solid, given the potential for embarrassment and blow back if they were proven to have been in error.  Those factors still lead me to believe the FBI has it right ...  But it is worth considering the opposing view.  This collection of information and links from Fabius Maximus [HT: Spaf] has overtones of conspiracy theory to it, but it nonetheless presents a fairly significant compilation of reasonably responsible commentary that is worth reviewing.

All of which emphasizes two other points:  First, in the post-Watergate/post-Snowden world the USG can no longer simply say "trust us."  Not with the US public and not with other countries.  Though the skepticism may not be warranted it is real.  Second, you can't be a little bit exposed -- if the USG is going to speak to the issue at all it has to release information that persuades.  Otherwise it should stand silent and act (or not) as it sees fit without trying to justify it's actions.  That silence will come at a significant cost, of course -- in even greater skepticism.  But if the judgement is to disclose, then it must be more fulsome, with all the attendant costs of that as well.