After debate within the cyber-security community, the FBI reasserted today that North Korea was at the center of the Sony hack. The bureau's chief said at a speech that the North Koreans tried to disguise their identity but "several times they got sloppy" and exposed their IP addresses that were traced to North Korea.
Several days after President Obama publicly blamed the North Korean government for attacking Sony over "The Interview" -- a movie that lampoons North Korea's revered leader -- their rudimentary internet experienced major outages across the country. The United States did not confirm nor deny its involvement, but it would not be the first time that the United States was accused of engaging in cyber warfare.
Michael Leiter, former director of the National Counter-Terrorism Center, said that cyber warfare is no longer in the realm of legal academia because the US is already in the cyber warfare business.
Security experts believe the US and Israel created and launched a virus that targetted a nuclear facility in Iran in 2010 that was later named Stuxnet. Iran admitted that the virus caused significant damage but many of the details remain unknown.
With the United States using offensive and retaliatory cyber attacks, the world has entered a new era where governments recognize that defending civilians from cyber attacks is a function of government.
The US Department of Defense defines a cyber attack as "A hostile act using computer or related networks or systems, and intended to disrupt and/or destroy an adversary's critical cyber systems, assets, or functions.”
Michael Chertoff, former chief of Homeland Security, said that the North Korean attack was an act of terrorism that tried to coerce behavior. He explained that the attack caused physical damage and threatened civilians with physical harm if they watched "The Interview" in movie theaters and the United States has a duty to respond.
Leiter said that Sony has seen attacks before and has invested heavily in security but still remains vulnerable to state-sponsored cyber terrorism. He added that all corporations have the same vulnerabilities and that the private sector must rearchitect their computer infrastructure to confront these realities. "The US government is going to get much more involved in defending," Leiter said.