It started as the embarrassing leak of information from Sony Entertainment Pictures’ internal network and produced weeks of juicy revelations dispersed through the internet. It has now become a full-scale diplomatic incident, with US president Barack Obama vowing a “proportionate” response to an alleged cyber-attack by North Korea. Pyongyang, it is alleged, wanted to put pressure on the studio to cancel the release of a satirical film that depicts the assassination of North Korean leader Kim Jong-Un and used sabotage and information theft to devastating effect. But this hasn’t been conclusively proved and North Korea says the allegations are groundless and has offered a joint investigation with the US. Whoever did it, the saga raises a number of troubling questions. Has the world just witnessed an act of cyber- war and if so, what can the US or anybody else do about it?
There are enough prominent people engaged in a lot of fighting talk. Newt Gingrich, former speaker of the US House of Representatives, tweeted that America had “lost its first cyber-war”. American lawyer Alan Dershowitz declared that the hack was “Pearl Harbor on the First Amendment”, the US constitutional guarantee of freedom of expression. But the real experts are more realistic.
They say the Sony hack doesn’t qualify under standard definitions of cyberterrorism – it was bad, but not so bad that it caused death, physical destruction or threatened national security. Even if North Korea was found guilty, what could the US do to punish it? Tough sanctions are already in place and Washington doesn’t stoop to diplomatic relations with Pyongyang. It could, perhaps, put it back on its State Sponsors of Terrorism list but that is no great deterrent.
That said, cyber-war is a serious subject and Nato, which was built to deal with conventional war, has put years of thought into framing guidance. Its Tallinn Manual is named for the capital of Estonia, which has suffered numerous cyber-attacks from its neighbour Russia. Interestingly though, the manual’s editor, international law professor Michael Schmitt, says the Sony hack doesn’t qualify as an armed attack. So isn’t talk of retribution virtual reality machismo?
