When cyber journalist and author Shane Harris heard that President Barack Obama was promising the United States would make a "proportional response" against North Korea over the recent hacks at Sony Pictures Entertainment, his first response was alarm.
"Think about this: This is the government saying we’re going to respond for what basically amounts to a theft from a company," he said in an interview at VOA. "No one was killed, this isn’t espionage. Movies were stolen; people were embarrassed and humiliated. The president of the United States says we’re going to respond to that? That’s extraordinary."
Harris has been thinking and writing about cyberconflict for a long time.
Currently senior correspondent for The Daily Beast, he’s also author of a new book, "@War: The Rise of the Military-Internet Complex," which explores the ways the Internet has increasingly become a global tool of war.
Harris told VOA the Sony hack and the subsequent Internet outages experienced in North Korea illustrate the challenges of putting cyber conflict into a proper perspective.
No ground rules
Unlike with traditional "kinetic" warfare, Harris said there is little common ground as to how the Internet can and can’t be used in war – let alone what constitutes an act of war.
There often is no knowing beyond a reasonable doubt who was responsible for a given Internet attack – let alone what response is called for and by whom, Harris said.
"Attribution, experts will say, is the toughest part of any postmortem of an attack – knowing who did it, where they came from," he said.
In the United States, the FBI was relatively quick to attribute the attacks to North Korea. But a number of Internet security analysts, including Harris, were quick to poke holes in the evidence. He called the FBI's publicly released evidence "pretty flimsy."
That said, Harris suspects the U.S. government knows a lot more that it just isn't talking about publicly.
"The government has become, behind the scenes, a lot better at attribution," Harris said. He’s trying to determine whether the FBI or National Security Agency had unmasking technology "that is giving them a high level of confidence that North Korea actually did this."
"I just can’t believe that, based on the public evidence they’ve presented, that they would ever let the president of the United States go on TV and say, ‘North Korea did it,’ because it’s just too easily refutable," Harris said.
Since the early 2000s, the U.S. military has been thinking seriously about cyberwar: what it might look like, how and when it should be waged and how best to protect the country from attack.
In 2009, the Defense Department organized the U.S. Cyber Command, or USCYBERCOM, to coordinate all military offensive and defensive cyber actions. In 2010, it organized a special cyberwar game – the first of its kind.
"There was a red team and a blue team, with the red presumed to be North Korea or China, although that was never specifically stated," Harris said. "What happened is the adversary launched cyber attacks on the command-and-control systems of the blue team, and they didn’t know how to respond. They couldn’t tell whether or not an action was a provocative act, whether it’s an attack, or where on the spectrum it falls."
In traditional battles, adversaries often announce their intentions through action, such as when a naval fleet maneuvers this way or that to let the enemy know its intended response. This process is known as "signaling."
Signaling was very much in evidence during the Cold War, when the U.S. and Soviet leaderships would display weapons, announce the positioning of missiles in various locations, or conduct "tests" that were, in part, a way to communicate their nuclear intentions.
"There’s no signaling in cyberspace," Harris said. “What they learned is that they need rules for the road, not just for the U.S. but for other nations they might be doing battle with. What one nation might launch as a sort of harmless, provocative gesture, another might interpret as full-on assault."
That, he said, makes the potential for catastrophic results alarmingly high. So Harris wonders whether the recent accusations traded by Washington and Pyongyang might actually be some form of signaling.
"Thinking about the Sony case, I wonder whether or not President Obama did something quite smart by promising 'proportional response,' " Harris said. "That’s a very carefully chosen phrase; it has a legal context under law of armed conflict.
"What this really means is: ‘OK, you attacked Sony and exposed some emails. We're not going to bomb you, but we are going to do something to your computer system,' " Harris said. "If this stops here, this might just help shape what those norms of cyberwar are going to be."
Dangerous hack attack
While the Sony hack has drawn headlines, arguably the most damaging attack involved the theft of terabytes of data from several U.S. defense contractors, including Lockheed Martin. In the 2000s, the U.S. was developing the F-35 warplane, known as the Joint Strike Fighter and billed as the most technologically sophisticated fighter ever built.
But hackers, believed to be working from China, quietly stole massive amounts of data about the plane’s specifications – not from the U.S. government, which tends to have good cyber protection, but from the contractors themselves. It’s been reported that China’s J-20 fighter, in development, incorporates much of the F-35 technology.
Governments can only do so much to protect the entire Internet – especially commercial sites such as those run by contractors or businesses such as Sony Pictures, Harris said.
"The kinds of attacks against Sony, where massive amounts of data are stolen – that’s been happening for years," he said. “The Internet, as we conceive of it, is not a single thing. At least in this country, it’s a collection of networks that are 85 percent owned by private entities. So defending that is incredibly difficult."
You can hear our complete interview with Shane Harris, broadcast on VOA's "Press Conference USA", by clicking here on this link.