What began as a private embarrassment has now become a matter of national interest. White House officials have reportedly determined that North Korea played a role in the Sony hacking, and the Obama administration is considering an official response.
Already the White House's National Security Council (NSC) has weighed in, saying the federal government was "investigating attribution" of the security breach that led to private emails from Sony Pictures being leaked. The FBI has also launched its own investigation into the leak.
The White House has yet to publicly finger North Korea as the culprit. But the incident, which White House press secretary Josh Earnest called a "national security matter," has struck right at the often fuzzy distinction between public and private interests when it comes to the security of large companies.
Philip Bobbitt, director of Columbia Law School's Center for National Security, said the U.S. government sees a vital national security interest in safeguarding the integrity of corporate information systems because of how much the nation at large relies on them. Banks, energy companies, transportation companies and other sectors on the economy rely on networks similar to those employed by Sony — and if a bank or, say, a power plant had its security breached by a foreign nation, the consequences could be disastrous.
"We need to learn how to protect these networks because their vulnerability is inextricably linked to their utility and usefulness as a society," said Bobbitt. "There's no real way to square that circle."
The federal government has long considered the safety of some private entities important for national security. In 1998, President Bill Clinton signed Presidential Decision Directive 63, directing the federal government to improve cybersecurity around "critical infrastructures." The result was the creation of Information Sharing and Analysis Centers, designed to help private entities strengthen their safeguards against online attacks.
In February 2013, President Barack Obama took another step when he signed an executive order intended to strengthen information sharing between private enterprise and the federal government. The administration unveiled its cybersecurity framework the next year, which the White House described as a "private-sector led" initiative to develop best practices around cybersecurity.
These initiatives were mainly targeted at companies such as water utilities and major banks, where it is feared that a major cyberattack could do harm to an entire city or create a ripple effect through the broader economy.
There is no indication that the federal government believes movie studios fit the role of critical infrastructure. Yet Bobbitt described the violation of that company's security as "a real wake-up call for Washington," which he said has an interest in protecting the security of flows of information within the market as a whole.
Mike Lofgren, a former Republican congressional staffer who worked with the House Armed Services Committee and the House and Senate budget committees, said public-private efforts to check against security breaches need to be carefully designed. Private companies, he said, may be more interested in avoiding liability for security breaches than in expending the effort and resources needed to prevent them.
"You've got to be very careful about how you design these things," he said, "because it's not like there's not already too much corporate influence on government decisions."
North Korea allegedly played a leading role in the attack on Sony Pictures because one of the company's subsidiaries, Columbia Pictures, was planning on distributing “The Interview,” a comedy about a fictional plot to assassinate North Korean dictator Kim Jong Un. In June, North Korean Ambassador to the United Nations Ja Song Nam said the United States would be "fully responsible for encouraging and sponsoring terrorism" if it did not block distribution of the movie.
Federal entities such as the Department of Defense sometimes consult on Hollywood films and even lend material support to productions, but it's not clear how involved the U.S. government was in the making of “The Interview.” In leaked emails, the CEO of Sony Entertainment said "someone very senior" at the State Department provided input on the movie's climactic scene, in which Kim Jong Un is assassinated.
During a later press briefing, a State Department representative said that an assistance secretary "did have a conversation with Sony executives" but denied any further departmental involvement in the making of “The Interview.”
Earlier this week, the same hackers who stole Sony's data followed up that intrusion with a vague threat: Theaters that screen “The Interview,” the hackers wrote, could suffer violent consequences. The Department of Homeland Security has said there is "no credible intelligence to indicate an active plot against movie theaters," but several major theater chains decided not to screen the movie anyway, prompting Sony Pictures to ultimately cancel its release. Paramount Pictures later barred all screenings of its film "Team America: World Police," which also lampoons the North Korean regime.
The next day, the NSC said it was "weighing a proportional response" to the hackers.
Yet the possibility that a foreign nation is responsible for the attack on Sony Pictures has spurred the U.S. national security state into action and inspired calls for action from various political leaders, particularly Republicans.
"North Korea's cyberattack on Sony Pictures is only the latest in a long and troubling list of attempts by malign actors to use cyber to undermine our economic and national security interests," said Sen. John McCain, R-Ariz., in a statement. "From Iranian and Russian attacks on American banks to China's orchestrated campaign to steal military secrets from our defense contractors, the administration's failure to deter our adversaries has emboldened, and will continue to embolden, those seeking to harm the United States through cyberspace.”
"With the Sony collapse, America has lost its first cyberwar," said former House Speaker Newt Gingrich on Twitter. "This is a very, very dangerous precedent."