Time (and others) reported that NSA Director Admiral Michael Rogers told the International Conference on Cyber Security (ICCS) at Fordham University in New York:
“Sony is important to me because the entire world is watching how we as a nation are going to respond to [the attack on Sony].” “If we don’t name names here, it will only encourage others to decide, ‘Well this must not be a red line for the United States.'”
The attacks against Sony had begun in September, he said, with a flurry of tightly focused phishing attacks against key individuals. This was then used to gain full access to the company’s servers and to steal data.
Rogers stated, “I remain very confident: this was North Korea.”
Some cyber security experts seem less sure that accurately described what happened.
Rogers also said that hacks against private companies may require economic sanctions.
How did terabytes of data get stolen from Sony’s private network? Did Sony invest enough in attack resistance, identification, & response? Should there be more objective criteria upon which to help frame decision-making on this topic?
Since November I have been hearing a lot of discussion about “Sony” and “The Sony Hack.” Should we in Financial Services begin including NSA monitoring, forensic assistance, and consulting in our incident response planing?
How will the U.S. (along with other nations in this global business environment) decide which hacks against private companies deserve a governmental response, and which will not? And what if your company has business in both the source and target countries of a given attack? It seems like each of our organizations need to work through these issues before the day they become critically important — and a small herd of corporate officers on an incident response call are waiting for your direction.
What do you think?
“NSA Director on Sony Hack: ‘The Entire World is Watching’.”
By Sam Frizell, 01-08-2015
“FBI fingering Norks for Sony hack: The Truth – by the NSA’s spyboss.”
By Iain Thomson, 01-09-2015
“Are We Asking the Right Questions in the Wake of the Sony Pictures Breach?”
By Paul Martini, 01-09-2015