We live in an increasingly digitized world. Everything we do is now online. Even in some of the poorest countries, people have smartphones and social media accounts. They may not have electricity or running water, but they're still taking selfies.
Sony Pictures Entertainment learned this lesson all too well in recent weeks.
On November 24, Sony employees arrived at work to find that their corporate network had been hacked. An enormous amount of information was seized and much of it was leaked across the Internet. This included embarrassing emails between Sony employees discussing various celebrities.
The hackers, who call themselves the Guardians of Peace, expressed discontentment over an upcoming movie, "The Interview." It's a comedy starring Seth Rogen and James Franco, in which the two main characters travel to North Korea to assassinate its leader, Kim Jong-un.
Eventually, the hackers sent a message to reporters stating that if the movie was released, there would be a 9/11-style attack. This was widely perceived as a terrorist threat. Consequently, Sony ultimately decided to shelve the movie entirely on December 17. This has prompted a great deal of criticism.
We now know that the North Korean government was behind this.
“The @FBI announced today and we can confirm that North Korea engaged in this attack.” —President Obama on Sony — The White House (@WhiteHouse) December 19, 2014
This is a complex situation, and it reveals a great deal about North Korea, cybersecurity and the way that we should and shouldn't respond to threats.
This Wasn't Cyberwar, But It Was A Victory For North Korea
Some people, like Newt Gingrich, have characterized this incident as an act of cyberwar.
No one should kid themselves. With the Sony collapse America has lost its first cyberwar. This is a very very dangerous precedent. — Newt Gingrich (@newtgingrich) December 17, 2014
Elite Daily spoke with Dr. Brandon Valeriano to get a clearer picture on this issue. He's a professor at the University of Glasgow and an expert on cyber-conflict.
Dr. Valeriano disagrees with the notion that this was an act of cyberwar, stating:
This is the traditional espionage: infiltration, steal info, cause havoc, etc.
Other cyber experts would agree with him. As Adam Segal of the Council on Foreign Relations notes, "This is an attack on the economic interests of one company. It is not cyberwar — attacks that cause death or physical destruction that threaten national security interests."
President Obama also concurs with this assertion, stating, "No, I don't think it was an act of war."
The hackers seized data that allowed them to coerce a private company into taking specific actions. This is serious, but it doesn't qualify as an act of cyberwar.
Moreover, this shouldn't be perceived as if North Korea has the most sophisticated hacking team in the world. As Dr. Valeriano notes in a recent blog post:
Sony was a soft target, they have been hacked before and warned recently that their networks were vulnerable. ...This event did not happen because the United States was weak, but because Sony itself was weak.
It's also misleading to believe that North Korea did this simply because it was enraged about "The Interview." This perception actually helps Kim Jong-un and his oppressive regime.
North Korea stages these kind of attacks because it wants to stay relevant. It wants the world to believe that it's more dangerous than it really is.
In truth, it's a tyrannical, weak and deeply-impoverished country. That doesn't mean it doesn't pose a threat, but this hack is part of its larger strategy to intimidate the world into believing it's irrational and capable of anything.
Sony allowed North Korea to win a victory in this situation and North Korea comes out looking like a credible threat, which helps it perpetuate its strategic interests. Not only that, it sends a sign to other hackers that American corporations are lacking when it comes to their security.
Sony Shouldn't Have Given In To The Hackers' Demands
Sony's actions are dangerous for a number of reasons. Firstly, they capitulated to what was undoubtedly a very empty threat. In the process, they have inflated people's perceptions of both North Korea's capabilities and cyberthreats. Yes, cybersecurity is an issue that needs to be addressed, but it should not be exaggerated.
The recent Ebola scare in the United States provides an interesting parallel in this regard. Many Americans became irrationally concerned about contracting the virus, in spite of the fact that it's not very contagious. Not to mention, the United States has the infrastructure and medical resources to contain such a disease.
Yet, people still gave in to fear because they didn't fully understand the facts surrounding ebola. Many called for extreme measures to be taken, such as border closures and travel bans.
Several weeks later, Ebola is very far from our minds. While it continues to pose a huge threat to West African nations, there was really no need for the amount of panic it caused in the United States. There were several isolated instances, but it never really posed a threat to this country.
Cybersecurity must be approached in the same way. Yes, it is threatening, and it can be damaging if you are hacked or your information is leaked. Yet, there are moderate measures that can be taken to prevent and contain these things from happening. Much like preventing and responding to an Ebola outbreak.
If we allow our fears to dictate our emotions and actions, we will become a less open and free society. If we exaggerate the nature of cyberthreats, we will end up taking actions that restrict the freedoms we hold dear.
The Internet is the greatest source of knowledge and communication in the history of the world. Like any powerful entity, it has the potential to be abused. We can remain cognizant of that while not going overboard in terms of our security measures.
The public and private sector must work together in a balanced way to prevent and respond to truly damaging threats. Simultaneously, the rest of us have to accept that if we want to continue to enjoy the freedom of the Internet, then we have to accept that there are certain inherent dangers.
Likewise, as Dr. Valeriano states:
We need to accept nothing is secure and think in a frame where we might lose things but the real important stuff should be protected.
Think about it like walking outside of your door every day. Yes, you could potentially be hit by a car or mugged or struck by lightning. But you'll never live a full life if you spend all of your time indoors. Giving in to fear leads to overreaction.
North Korean society is fueled by censorship. It is the most isolated country in the world. We cannot allow anyone, governments or private individuals, to frighten us into silence.
"We cannot have a society in which some dictator someplace can start imposing censorship here in the United States." —President Obama — The White House (@WhiteHouse) December 19, 2014
We can't capitulate to the demands of hackers. At the same time, our reactions to these incidents should never be overblown.
As Dr. Valeriano puts it:
The Internet should not be used for war, but for communication, education, research and commerce.
Indeed, the Internet has revolutionized the human experience. It has changed the way we communicate, learn and even think. We need to keep it free in order to unleash its full potential.