The cyberattack on Sony Pictures late last year, which the FBI has attributed to North Korean hackers, represented a major escalation in digital hostilities that could reignite the long-simmering policy debate over how to better protect systems in the public and private sectors, a panel of former top intelligence officials said.
Mike Rogers, the Michigan Republican who chaired the House Intelligence Committee until retiring from Congress this month, warned that the Sony hack was not the garden-variety denial-of-service attack that has become familiar to innumerable companies in recent years.
Rather, as the purported work of hackers representing a nation-state, the incident was the rare breach of a private-sector network where the intruders destroyed troves of corporate data.
The question now is how the administration and Congress will respond.
"This is a whole new day in cyberspace for a host of reasons," Rogers said in remarks at the Bipartisan Policy Center, a Washington think tank. "Now the United States is going to have to show that it will not tolerate it because everyone's watching. Iran is watching, Russia's watching. China's watching. Every international criminal organisation is watching."
Cybersecurity again a hot topic in Washington
Already, cybersecurity has reemerged as a hot topic in Washington. In December, President Obama signed into law a handful of bills that include provisions to improve the nation's security posture, including legislation to enhance workforce training and promote a voluntary set of standards for businesses to protect their systems and share threat information.
Then, last week, Obama went further, holding a series of events focused on digital issues by way of preview for his upcoming State of the Union address, and outlining a proposal for legislation to facilitate the sharing of threat data among businesses and between the government and private sector. Included in Obama's proposal is the call for a national standard for notifying consumers when a company's systems have been hacked to preempt the current patchwork of state data-breach laws.
Those are hardly novel proposals, as Rogers, who tried without success to pass an information-sharing bill in the last congress, wryly noted.
"We are a long way from a cyber-sharing piece of legislation," he said. "There is still a lot of difference in the Senate."
But to some degree the Sony hack appears to have had the effect of reigniting discussions around cybersecurity policy, including the question of the role of the government in protecting critical private-sector systems from attack.
That conversation, observed former NSA Director Michael Hayden, had been "flash-frozen" following the revelations of government surveillance operations made public by former intelligence contractor Edward Snowden.
Hayden, suggesting that the nation has entered the "post post-Snowden era," said he welcomes the revival of the debate. Like Rogers, he sees an elevation in the Sony attack, in part because of the apparent motive to cancel the release of The Interview, the studio's movie that depicted a plot to assassinate North Korean leader Kim Jong Un.
Sony hack has implications beyond cyber stuff
"This is a nation-state attacking an American business, not for profit, but to coerce," Hayden said. "This has implications beyond cyber stuff. This is a pathological little gangster state that wants to hold at risk different things of value to different people in the world, and we have allowed them to take their game into a different domain."
Rogers cautioned that the full extent of the damage to Sony has yet to come to light, but the attack, evidently executed with tools and code readily available on the Web, highlighted the lax security controls that Rogers said are all too common in the business community -- including in sectors of the economy that are higher-value targets than Hollywood.
"This is why I think many of us worry about Sony, the destructive nature of it. It wasn't just the fun and games of, you know, what rich Hollywood executives were saying about rich Hollywood starlets, right?" Rogers said.
"That was kind of tantalising and good reading -- the real game changer was the destruction of property. That is equally possible in our electric grid."
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.