Countering Cyberattacks Without a Playbook
By DAVID E. SANGERDEC

WASHINGTON — For years now, the Obama administration has warned of the risks of a “cyber-Pearl Harbor,” a nightmare attack that takes out America’s power grids and cellphone networks and looks like the opening battle in a full-scale digital war.

Such predictions go back at least 20 years, and perhaps that day will come. But over the past week, a far more immediate scenario has come into focus, first on the back lots of Sony Pictures and then in back-to-back strategy sessions in the White House Situation Room: a shadow war of nearly constant, low-level digital conflict, somewhere in the netherworld between what President Obama called “cybervandalism” and what others might call digital terrorism.

In that murky world, the attacks are carefully calibrated to be well short of war. The attackers are hard to identify with certainty, and the evidence cannot be made public. The counterstrike, if there is one, is equally hard to discern and often unsatisfying. The damage is largely economic and psychological. Deterrence is hard to establish. And because there are no international treaties or norms about how to use digital weapons — indeed, no acknowledgment by the United States government that it has ever used them itself — there are no rules about how to fight this kind of conflict.

“Until now, we’ve been pretty ad hoc in figuring out what’s an annoyance and what’s an attack,” James Lewis, a cyberexpert at the Center for Strategic and International Studies, said last week. “If there’s a lesson from this, it’s that we’re long overdue” for a national discussion about how to respond to cyberattacks — and how to use America’s own growing, if unacknowledged, arsenal of digital weaponry.

All those issues have been swirling in the background in the drama of North Korea’s effort to intimidate Sony Pictures, and the retaliation by the United States — if that was the case — against one of its oldest Cold War adversaries. “If you had told me that it would take a Seth Rogen movie to get our government to really confront these issues, I would have said you are crazy,” one senior defense official said a few days ago, referring to the Sony Pictures film “The Interview.” “But then again, this whole thing has been crazy.”

With Tuesday’s announcement that “The Interview,” a crude and poorly reviewed comedy about a C.I.A. effort to hire two bumbling journalists to knock off Kim Jong-un, the North Korean leader, will be shown in a limited number of theaters, it is very possible that this confrontation with the least predictable of the nine nations possessing nuclear weapons may not yet be over.

Like most cyberattacks, it started with a simple question: Who did it? But this was no ordinary effort to steal credit card data, like what happened at Target and Home Depot. What made the attack on Sony different was its destructive nature. By some accounts, it wiped out roughly two-thirds of the studio’s computer systems and servers — one of the most destructive cyberattacks on American soil.

It took three weeks for Mr. Obama to take the extraordinarily rare step of publicly identifying North Korea, and its leadership, as the culprit. And even now, the F.B.I. refuses to release much of its evidence, presumably because it could reveal the degree to which the United States had penetrated North Korea’s networks and the Chinese systems through which they are routed. The president’s decision to also mention the Chinese during a news conference last week in which he responded to the Sony attack was “itself part of the effort to create some deterrence,” one administration official said, “by making it clear we can cut through the fog.”

But because the government will not make the evidence public, there will be doubters.

“The N.S.A. has been trying to eavesdrop on North Korea’s government communications since the Korean War, and it’s reasonable to assume that its analysts are in pretty deep,” Bruce Schneier, one of the country’s leading cyberexperts, wrote in The Atlantic, referring to the National Security Agency. “The agency might have intelligence on the planning process for the hack. It might, say, have phone calls discussing the project, weekly PowerPoint status reports, or even Kim Jong-un’s sign-off on the plan.”

“On the other hand, maybe not,” he wrote. “I could have written the same thing about Iraq’s weapons-of-mass-destruction program.”

But Washington’s declaration that North Korea was the source came paired with Mr. Obama’s warning of a “proportionate response.” Within days, North Korean Internet connections sputtered and went dead — and after briefly reviving, they were out again on Tuesday.

An American attack? Did the Chinese pull the plug? Did the North Koreans take themselves offline to protect themselves? No one in Washington will say. But it is possible that to deter future attacks, the administration was not looking for subtlety. Instead, it might have simply wanted to remind Mr. Kim that the United States is training 6,000 “cyberwarriors” among its military units, and they all have North Korea’s Internet Protocol address.

Still, if North Korea did bear the brunt of an American counterstrike — a significant “if” — it will most likely prove more symbolic than anything else and serve to remind Mr. Kim that his family has miscalculated before.

In the summer of 1950, gambling that the Americans were too distracted to respond, the founder of the country, Kim Il-sung, invaded the South. It turned out he was wrong, and the devastating three-year conflict that followed ruined his nation. But, improbably, it left him and his family in power.

Over the past two years, his grandson — who has tailored his appearance to closely resemble the North’s revered Great Leader, who died 20 years ago — has embraced digital weapons precisely because they are far more subtle than sending troops over the 38th Parallel. In fact, cyberweapons are perfect for a failing state. Unlike North Korea’s small arsenal of six to 12 nuclear weapons, they can be used without risking an annihilating response. Unlike North Korea’s missile fleet, they are uncannily accurate. Just ask Sony, which is still trying to figure out whether its attackers had inside knowledge or just got lucky.

But that leaves Mr. Obama with a “short of war” conundrum. How much American power should be deployed to stop a cybervandal from becoming a cyberterrorist?

Until the past week, the president’s temptation has been to refrain from responding at all. But the combination of the destructive attack, the effort to silence American criticism of a brutal regime and the threats of attacks on American theaters made this one different.

The mystery now is whether the young, untested Mr. Kim will back off, or whether, like his grandfather, he will push ahead, figuring that an unpredictable North Korea has kept enemies at bay for six decades, and that his new weapon may extend the streak.

網戰潛規則 攻防都得低調

歐巴馬政府近年來不斷警告美國面臨網路版「珍珠港事件」：美國的電網和手機網路在瞬間斷訊，宣告全面的數位戰爭開打在即。紐約時報指出，類似預警起碼在廿年前就出現，也許這一天真的會到來。從索尼影業遭駭開始，過去這一周，白宮戰情室模擬推演的影子戰爭屬低階數位衝突。

紐時分析，在此一闇黑世界，所有攻擊蓄意在戰爭邊緣游走，攻擊者身分難以認定，就算有證據，也不便公諸於世；即使反擊，也不適合見光。網路攻擊造成的損害以經濟和心理層面為主。

以索尼影業遭駭為例，歐巴馬政府花了三個星期才點名北韓必須負責。即使北韓矢口否認，要求聯合調查證明清白。聯邦調查局不願發布證據，以免被北韓與中國藉此得知網路遭美國滲透的程度。白宮官員透露，歐巴馬在點名北韓的記者會上提到中國，目的在於表明美方有「撥雲見霧」的能耐。

然而，只要證據不公布，美國政府就會受到質疑。美國資安專家史奈德表示，美國國安局從韓戰開始就試圖滲透北韓的通訊系統，有可能充分掌握北韓發動網攻的細節，像是投影片簡報或金正恩簽署攻擊命令；「但也有可能像誑稱伊拉克海珊政權擁有大規模毀滅性武器一樣。」

金日成和金正日父子靠著不按牌理出牌的戰略跟美國纏鬥六十年。北韓網站全面癱瘓後，金正恩會退讓或再度出擊，答案仍不明朗。

原文參照：
http://www.nytimes.com/2014/12/24/world/asia/countering-cyberattacks-without-a-playbook.html

2014-12-25．聯合報．A13．國際．編譯張佑生