Cyberwar or Cybervandalism?

12/22/2014 08:15 pm ET Updated Dec 06, 2017
Workers remove a poster-banner for 'The Interview' from a billboard in Hollywood, California, December 18, 2014 a day after S
Workers remove a poster-banner for 'The Interview' from a billboard in Hollywood, California, December 18, 2014 a day after Sony announced it had no choice but to cancel the movie's Christmas release and pull it from theaters due to a credible threat. Sony defended itself Thursday against a flood of criticism for canceling the movie which angered North Korea and triggered a massive cyber-attack, as the crisis took a wider diplomatic turn. AFP PHOTO / MICHAEL THURSTON (Photo credit should read Michael THURSTON/AFP/Getty Images)

The whole story would likely be rejected as a Hollywood plot, on the grounds that nobody would believe it could ever happen, even as comedy or farce. A dictator is insulted by an upcoming movie -- a comedy about his own assassination -- and he unleashes his hackers on the studio to take revenge, by posting their embarrassing emails and then prevents the movie's release by making ludicrous threats to theaters? Preposterous!

Nevertheless, here we are, pondering how to react. The United States government will likely take some sort of revenge of our own, and we may in fact already be doing so. As I write this, there are stories circulating that North Korea's internet (such as it is) is going haywire. What an odd coincidence, eh?

President Obama, in his year-end press conference, called North Korea's actions "cybervandalism." This outraged John McCain, who called the North Korean Sony hack an "act of war." Others have called it an act of "cyberterrorism." While on one level it doesn't make a dime's worth of difference what politicians call it, the interesting thing is how nebulous these terms are, mostly due to their newness.

The basic concept has been around for a while, though. Ever since modern life (including the military) became reliant upon computers, people (Hollywood included) have pondered doomsday scenarios, from War Games to The Terminator (Skynet) to The Matrix. Two of those movies came out in the 1980s -- Hollywood's been having fun with this theme for a while, now. But nobody's ever really accurately defined what does and what does not constitute an act of war delivered through computer networks.

Does hacking into a private entertainment corporation's computer files constitute an act of war? Against whom, exactly? Japan, or the United States (remember: we are talking about Sony)? The very idea seems kind of silly. Or maybe not. Replace "entertainment" in that first question with "nuclear power" and it starts seeming a whole lot less silly and a whole lot more warlike. The nuclear power industry is run by private energy corporations, after all. The fallout from an attack on a private corporation could change from "being forced not to release a movie" to "actual, literal nuclear fallout" -- a much different level of societal danger.

An attack on America's power grid delivered through computer networks -- even without bringing nuclear power plants into it -- would likely be seen as an act of war by most Americans. If a blackout suddenly struck the East Coast at rush hour, many lives would be endangered and doubtlessly some deaths would occur as a direct result (just picture all those intersections without stoplights, for starters). If this were traced to a foreign malicious actor, my guess is that John McCain wouldn't be the only one talking about cyberwar. If it involved screwing up the controls of a nuclear power plant that resulted, somehow, in a meltdown or release of radioactive material, there would be few who wouldn't label it an act of war.

President Obama chided Sony for not releasing the movie anyway. It was fairly safe for him to do so, since the actual risk of a North Korean terrorist attack in U.S. theaters is fairly low. But what if the bad actors involved in this story had been Islamic terrorists? Would it have been so easy a call in that case? Many agreed with Obama in denouncing Sony's cowardly behavior, but a few years back, very few American newspapers printed the cartoons mocking Islam that caused such a furor from Denmark. In that instance, seeing what the reaction had been, almost no American publication stood in solidarity for the rights of free speech and the right to publish material which offends religious sensibilities. So while it's easy to denounce Sony today, when circumstances were a little different, fear ruled the editorial and corporate decisions. Sony gave in to terrorists out of their own fear, but when the fear was a lot more realistic and plausible, the American press -- en masse -- also gave in to fear of terrorism.

The Sony hack itself was not an act of war or terrorism. Neither was leaking embarrassing emails a terrorist act. The threats against the theaters were unequivocally terrorism, however. Threatening a civilian population to achieve military or political ends is one workable definition of what constitutes terrorism, and threatening violence on the opening day of a movie certainly seems to fit the bill.

But what if there had been no violence threatened at the theaters? When you separate out that part of what happened, you are left with an attack against a corporation. This attack wasn't carried out for industrial espionage reasons -- a whole category of computer mischief that most big companies have to protect themselves against. North Korea wasn't trying to copy or profit off the files they stole, to put it another way. They were trying to inflict damage on Sony in order to pressure them to kill a particular movie. Some might describe that as corporate terrorism (terrorism against a corporation instead of a nation, in other words), but it doesn't really fit the classic definitions of either terrorism or warfare. Again, this is an entertainment company and the email leaks were designed to embarrass them. Which succeeded, in fact. It might be seen differently if the company involved was building warplanes, or ships for the Navy. Or maintaining the electrical grid.

What I wonder, in all the debate, is how America would react if a foreign actor decided to introduce havoc into our production of nuclear weapons. My guess is that we wouldn't be dithering over which term to use if that ever happened -- if a virus were introduced which screwed up our uranium processing plants, for instance. The only debate, then, might be between calling it "cyberwarfare" or just a plain-vanilla "act of war." Either way, we would agree that we had been attacked. We would probably seek revenge or retribution for such an action. We might even march our troops off to wage war against such a foreign country.

I bring all this up because there is one word that has been noticeably missing from this entire debate. The word is "Stuxnet," and it is the name of a computer virus. In secret -- with no public debate or discussion in Congress -- America (and possibly Israel) may have developed this virus for a very specific reason, and then unleashed it on the internet to do its damage. The virus attacked one country in particular, and it targeted the machinery for refining uranium. The country was Iran.

Are we at war with Iran? No, not really. We certainly haven't declared war or anything, and we have no "police action" or other warlike euphemism going on at the moment. And yet, if it is true that America had a part in creating Stuxnet (our involvement has never been officially confirmed, I should point out in all fairness), then we did all we could to destroy their centrifuges. If the same thing had happened to us, we would definitely call it an act of war. We might even go to war against the country that launched such an attack.

Defining new terms like cyberwarfare isn't really the only issue at hand. America, once again, can really only hypocritically take the moral high road on cyberwar. Sure, we all like to get indignant over North Korea deciding what movies we are able to watch here in our free society, but we may have already done far worse to other countries. Mind you, I'm not saying that what Stuxnet did to Iran was or wasn't the right thing to do -- that's a much larger argument than what I'm saying here. All I'm pointing out is that our hands might not be squeaky clean when it comes to cyberwar. The media and the politicians really don't want to bring Stuxnet up in the midst of all our high dudgeon on North Korea, but just because we don't want to talk about it doesn't make it go away: we may have already done worse things than stop a foreign movie's release. We'll probably do so again in the future, if we think it'll be effective.

No matter what you call it -- cyberwar, cyberterrorism or cybervandalism -- it's not going to go away any time soon. It's a reality of modern computerized life. We should all get used to the whole range of such attacks, because from multinational corporations to national armies to extortionists to greedy thieves, this mischievous genie is never going back into the bottle. Our enemies will continue to use it, and so will we, when we think it's worth the risk.

 

Chris Weigant blogs at:

Follow Chris on Twitter: @ChrisWeigant

Become a fan of Chris on The Huffington Post