When hackers broke into computer systems at Sony Pictures Entertainment in a failed attempt to stop the release of “The Interview” late last year, the cyberattack changed the way top American military policymakers look at online warfare, experts say.
Electronic skirmishes that had played out quietly among computer technicians at a hacked company and a federal agency contacted for advice instead went all the way to the Oval Office, as President Obama blamed the Sony incident on a nation-state attack by North Korea.
“In the Sony case, it moved from the commander's inbox to the commander-in-chief's inbox, and that's the first time that's happened,” Navy Capt. Joel Doolin told cybersecurity experts gathered here at the U.S. Army War College. “That's why we're talking about it. It was extraordinary.”
In an interview with the Tribune-Review, Robert Clark, a cyber law fellow in the Army Cyber Institute at West Point, agreed: “The Sony hack showed how we work through a sliding scale. It moved from a criminal act to a terrorist threat attributed to a nation-state, and now the Department of Defense and the president have a role.”
As Obama made plans to host a cybersecurity summit Friday with industry leaders at Stanford University, more than three dozen military officers, Defense industry engineers and academics met here separately Tuesday through Thursday to discuss recommendations for military policies of cyber-warfare. The Trib was granted permission to attend the closed-door meetings.
The group's recommendations include requiring utilities and other critical infrastructure companies to share information about computer threats, and freeing up more government intelligence in return.
Policymakers suggested minimum cybersecurity requirements for Defense Department contractors, stronger capabilities for identifying hackers, and better deterrents against foreign online attacks.
They called for eliminating laws against companies that take offensive steps to thwart hackers. And they see a need for clearer lines when a criminal act becomes a cyberattack that triggers a military response.
When Obama called the Sony incident a cyberattack and blamed North Korea, that changed that vector for discussing online war policy, said Bill Waddell, director of the War College's Mission Command Cyber Division, who moderated the workshop.
Attacks among nation-states are easy to understand when they happen on the ground, at sea or in the air — but Internet intrusions can be hard to detect and harder still to defend, participants said. Private-sector companies control 80 percent of the Internet domain, questions of civil liberties must be considered, and enemies with limited resources can exact major damage.
“The fact that we have become so dependent on the use of (the Internet) creates that type of vulnerability,” Waddell said. “The Defense Department looks at its responsibility to protect, to fight the nation's wars, to keep enemies at bay, to provide deterrents — and is trying to figure out, ‘How does that fit in cyberspace?' ”
The discussion raises difficult questions. Workshop participants debated even how to define cyberspace and online warfare.
When members of one smaller group discussed top international cyber players besides the United States, debate arose about whether to identify specific countries before a majority decided to name Russia, China, North Korea and Iran.
Some ideas discussed at the War College are taking effect. When Obama appears at Stanford, he is expected to detail plans for a Cyber Threats Intelligence Center, focused on sharing government intelligence among agencies and with private companies.
“You have a spectrum of bad behaviors that can happen in cyberspace,” said Capt. Doolin, the primary legal adviser to the deputy chief of Naval Operations for Information Dominance. “What the Sony case proves is: ‘Hey, we the United States have a spectrum of responses we can take.' ”
©2015 The Pittsburgh Tribune-Review (Greensburg, Pa.)