Lawmakers, former officials debate next move in cyberspace
The Obama administration has publicly accused North Korea of sponsoring the massive hack on Sony Pictures Entertainment, and levied fresh sanctions against the Hermit Kingdom. For some inside and outside of government, that's not enough.
The conversation in Washington has moved from North Korea's alleged complicity in the hack of Sony Pictures Entertainment to whether the Obama administration has responded effectively to the hack, and whether it needs more tools from Congress to do so.
President Barack Obama's vow of a "proportional" response to Pyongyang’s alleged cyber siege on Sony Pictures raises the possibility of the United States carrying out its own cyberattack, a scenario the administration has planned for via the four year-old Cyber Command.
"This is a whole new day in cyberspace for a host of reasons," said former House Intelligence Committee Chairman Mike Rogers, referring to the Sony Pictures hack, which wiped out a huge amount of data from the movie studio’s hard drives and reportedly could cost the studio millions of dollars. "Now the United States is going to have to show that it will not tolerate it because everyone’s watching. Iran is watching, Russia is watching, China is watching," added Rogers, who spoke Jan. 15 at a panel discussion hosted by the Bipartisan Policy Center.
Current and former policymakers like Rogers share a broad goal of making a destructive cyberattack on American firms less likely. But there is less agreement on how this should be accomplished.
Following the hack this week of U.S. Central Command's social media accounts by a pro-Islamic State group, House Homeland Security Committee Chairman Michael McCaul called for the administration to develop a strategy for responding to cyberattacks like the one on Sony Pictures. "Without laying out the rules of the game for offensive responses and having direct consequences, cyber threats and intrusions from our adversaries will continue and escalate," the Texas Republican said in a statement.
Not long before retiring at the end of the last Congress, Rogers said he would like to see the United States go on the offensive in cyberspace more than it does, but that there is not a clear understanding across government of what an offensive policy entails.
While offensive cyberattacks are part of Cyber Command’s charge, rules to govern them are still being developed.
At the BPC panel, former CIA and NSA Director Michael Hayden argued that Obama's pledge of proportionality might send the wrong signal to the North Koreans and would-be hackers. "I don't think we should give them comfort that our response will be proportional. Our response will be of our own choosing," the retired general said.
But Paul Stockton, a former assistant secretary of Defense, countered that the White House was right to mention proportionality.
"We're in an era now where cyber conflict is burgeoning and we lack the rules of the road, we lack the norms, we lack the principles derived from [the] law of armed conflict," Stockton said. "I believe proportionality is a standard that the United States ought to be espousing."