U.S. President Barack Obama said earlier this month that businesses and governments must form a "real alliance" against hackers, otherwise hacking activities similar to last year's hacking of Sony will become more rampant. But the details of Sony's hacking suggest that this may only be a demand.
This cyberattack, which occurred in November last year, not only exposed the shortcomings of enterprises in the field of Internet security, but also exposed the shortcomings of U.S. government-enterprise cooperation. U.S. federal government officials say it was Sony's hacking that prompted them to change the way they respond to Internet security incidents.
They have taken many steps as a result, including the creation of a cyber threat intelligence integration center to better classify and share intelligence related to attacks. Obama also signed an executive order on February 13 authorizing the government to share more intelligence with businesses. He signed the executive order while attending a security summit at Stanford University aimed at improving Silicon Valley's relationship with Washington on a number of issues.
According to interviews with a number of executives, dignitaries and people familiar with the matter, it can be judged that Sony's hacking exposed that companies and governments were overly concerned about their own interests in the process, so they did not receive sufficient information or conduct sufficient consultations when making certain decisions.
When Sony discovered that its network had been infiltrated on November 24, it reported the case to the FBI within hours. However, while Sony executives were alarmed, the U.S. government's initial response was muted, mainly because there was no indication that large amounts of user data or sensitive information related to national security were at risk.
Within days, the unusual attack, which sabotaged, humiliated and coerced a multinational corporation through a variety of measures, showed increasingly serious consequences. On December 16, an anonymous person even threatened to launch a "9/11" attack on the theater where Sony's new film "The Interview" was released, which focuses on the assassination of North Korean leader Kim Jong-un and is scheduled to be released nationwide during Christmas.
Officials from the National Association of Cinema Owners called the U.S. Department of Homeland Security but were told they had not heard of the threat and could not provide guidance. It was this reaction that led to the refusal of large theater chains to release the film.
As the main investigative agency of the incident, the FBI did not share much information about the source of the attack with Sony, and secrecy has become a regular method in such security investigations. The FBI is not trained and therefore does not know how to provide guidance to businesses in the event of an attack. Therefore, people familiar with the matter said that when Sony considered whether the film's release plan should be canceled, the FBI also did not provide any advice.
Both the FBI and the U.S. Department of Homeland Security issued law enforcement bulletins saying there was no credible evidence that the theater would be attacked. But U.S. federal government officials still told theater owners that they did not know if hackers had the ability to attack theaters.
Just hours after several theater chains announced their refusal to release "The Assassination of Kim Jong-un", Sony Pictures said it would cancel the film's release plans.
In the eyes of experienced government hacking investigators, this once again highlights the problems created by the decentralization of computer security responsibilities in the U.S. federal government. The FBI, the Department of Homeland Security, the Secret Service, and many intelligence agencies all have some responsibilities on this issue, but they change depending on the circumstances of the specific case. And because Sony's hacking was shown to the public in an unusual way, these issues are further complicated.
White House officials were also shocked after Sony said it would cancel the theatrical release plan of "The Assassination of Kim Jong-un": it was originally just a corporate security and public relations issue, but it eventually escalated into a national security and free speech issue. Several current and former senior officials of the U.S. government revealed that the White House was often late for full involvement in such events, but this quickly changed when Sony decided to cancel the release plan.
"The government was under tremendous pressure at the time and had to do something," a person familiar with the matter said. At the White House meeting, officials agreed to announce that North Korea was the real culprit behind the scenes, but Pyongyang always denied it. On December 19, the FBI released a rare lengthy statement describing some evidence that identified North Korea as the mastermind behind Sony's hacking.
A few hours later, Obama also made his own comments, not only claiming at a press conference that Sony had made the wrong decision, but even complaining that Sony should have asked him for advice in advance.
But Sony executives think the U.S. government's move is disappointing: if the U.S. government were to publicly condemn North Korea, they would rather it did so a few days ago to make it clear that the company was the victim of a hacking campaign by a foreign government before canceling the film's release plan.
People familiar with the matter said that before the FBI's statement, there was a heated debate within the U.S. government about the content of the statement. White House officials have urged it to release evidence of some North Korean attacks, while within the FBI, cybersecurity veterans have objected, arguing that the move could expose too much evidence in the early stages of the investigation.
The debate has since shifted to which government department should announce the matter, and finally decided that the FBI should declare North Korea behind it.
But after the FBI's statement, some cybersecurity companies immediately questioned that the agency had mistakenly excluded hackers from Russia and other places. FBI Director James Comey said at a meeting in early 2015 that he was sure North Korea was behind Sony's hacking.
Less than a week after Sony decided to abandon the release of "The Assassination of Kim Jong-un" and a few days after Obama held a press conference, Sony changed its attitude and announced that it would release the film through hundreds of independent theaters and would rent or sell it over the Internet.
U.S. government officials are still debating the lessons of this incident and its subsequent issues. The U.S. government seems to acknowledge that both sides should share more information, with Lisa Monaco, the U.S. presidential counterterrorism adviser, saying, "Otherwise, I fear that malicious attacks like Sony's hacking will become the norm." ”
Some cybersecurity sources within the U.S. government say the FBI's public statement backfires because it raises public questions about the accuracy of the FBI's work.
Some argue that the U.S. government has exposed too many cybersecurity details. Others believe that Sony's response suggests that the government should release more information to avoid keeping the public in the dark.
However, despite differences over the government's disclosure scale, many agree that the U.S. government should designate a single agency to conduct hacker investigations. In fact, the White House is currently planning for this.
The question is whether the establishment of a new institution will be sufficient to solve the problem. "Can this simplify the process in the Sony case? Maybe it can. James Lewis, a cybersecurity consultant at the Center for Strategic and International Studies, said, "Can this change the information they share with businesses?" I'm afraid not. ”
Jacob Olcott of BitSight Technologies, an enterprise computer security rating agency, said the addition of a new government agency could be a distraction. He believes that the core problem is that enterprises must take more measures to strengthen the security of their computer systems. "The government has no control over Sony's network." He said.
Most of the participants also agreed on another issue: they expected other hackers to learn from Sony and become more aggressive in attacking the company and achieving their own goals.
|
Posted on 2/24/2015 11:17:16 AM
|
|
|
|
