The recent cyberattack on Sony was a direct assault on free speech in America. Dictators or terrorist groups must be made to realize that attempts to squelch free speech, or any other fundamental right, via extortion or threat of violence will generate a strong and painful response.
Once the FBI determined that North Korea was behind the attack, the White House authorized additional sanctions against the regime of Kim Jong Un. White House press secretary Josh Earnest called it “the first aspect of our response.” So, what further steps should be taken?
Bringing the perpetrators to justice is an obvious step, as the cyberattack and threats against Sony violate multiple laws. But the Justice Department will have to gather all the relevant facts before it can seek a formal criminal indictment. Once it has all the pertinent facts in hand, the government should move quickly to indict the individuals who participated in this egregious act.
However, the U.S. response should not stop with indictments alone.
To deter repetition of this behavior by North Korea and to dissuade other malicious nations or terrorist groups from following the Hermit Kingdom’s bad example, Congress and the administration also must ratchet up the penalties applied and act to improve U.S. cyberspace defenses.
For starters, the White House should put North Korea back on the U.S. list of state sponsors of terrorism. The Bush administration struck Pyongyang from the list in 2008 as an incentive for North Korea to “play ball” in the six-party talks on Pyongyang’s nuclear weapons program. Obviously, the incentive failed. With Pyongyang attacking companies and threatening violence in the U.S., it’s time to relist the rogue regime.
While North Korea is often described as the world’s most heavily sanctioned country, the U.S. has, in fact, imposed stronger punitive measures on other countries. For example, the U.S. sanctioned nearly three times as many Zimbabwean entities as North Korean. Among other actions, the U.S. should identify North Korea as a primary money-laundering concern and charge the regime as a currency counterfeiter.
Congress can and should impose sanctions as well. Last year, the House of Representatives approved the North Korea Sanctions Enforcement Act, which included nearly a dozen punitive measures. Congress would do well to take up the legislation early this year.
Once the U.S. has presented the world with firm proof of North Korea’s culpability in the attack on Sony, the U.S. should respond in kind by launching covert cyberattacks against North Korean government targets. Covert action allows the U.S. to maintain deniability while ensuring that North Korea and other bad actors understand that their crimes will backfire — a key element to deterring criminal behavior.
In addition to pursuing punishment and deterrence, government must act to strengthen America’s cyberdefenses. This can best be done by harnessing the power of the private sector — enabling companies and government agencies to share threat and vulnerability information and best practices. With proper protections and oversight, information sharing offers the most cost-effective way to enhance cybersecurity.
Congress also should set clear guidelines for cyber self-defense. Current law makes it illegal for U.S. companies and individuals to engage in any active form of self-defense and, no, we don’t want to make cyberspace a free-fire zone.
But Congress should — at a minimum — let approved private-sector organizations engage in clearly defined, non-malicious forms of tracking and tracing cyberaggressors. This would allow companies to better protect themselves and help government identify dangerous hackers.
North Korea poses a growing national security threat to our nation and its allies. Pyongyang continues to augment and refine its nuclear and missile arsenals. In recent years, the regime has conducted cyberattacks against government and private targets. Without a firm response to the Sony hack and subsequent terrorist threats, such offenses will only grow more common.
Originally appeared in the Washington Times.