CYBERSPACE INVESTIGATION: Information analysts at FireEye, the security firm hired by Sony to investigate the cyberattack against Sony Pictures Entertainment, work at the company's office in Milpitas, California, on December 29, 2014 (CFP)
As 2014 came to a close, the United States and the Democratic People's Republic of Korea (DPRK), also known as North Korea, kicked up a row over the alleged cyberattack on Sony Pictures Entertainment, one of the biggest movie producers in the United States. Washington accused Pyongyang of hacking Sony Pictures over a comedy film The Interview, which depicts an assassination attempt on North Korean top leader Kim Jong Un, but Pyongyang has denied involvement, dismissing such claims as "a wild rumor." The United States pledged to "respond proportionally" to the Sony cyberattack. Days later, North Korea's Internet and 3G mobile network repeatedly came to a standstill on December 22 and December 28, 2014, including a complete outage lasting about nine hours.
On January 2, 2015, U.S. President Barack Obama signed an executive order imposing new sanctions against three North Korean governmental organs as well as 10 officials in response to what he called Pyongyang's "numerous provocations." The U.S. move and subsequent media reports undoubtedly aim to tell the world that the DPRK Government ordered the cyberattack, ignoring the lack of clear evidence as to who was the culprit.
Could the evolving U.S.-North Korea cyber conflict grow into a full blown cyberwar?
The concept of a "cyberwar" originated in the United States. As early as 1993, John Arquilla and David Ronfeldt, two researchers of the U.S. RAND Corp., first coined the term in an article titled Cyberwar Is Coming! However, the article only gave a vague definition of cyberwar, saying that it refers to conducting and preparing to conduct military operations according to information-related principles. Although information technology has since progressed rapidly, no cyberwars have been widely recognized in the ensuing period. Meanwhile, no other authentic and widely recognized definition for cyberwar has been raised.
In the meantime, the subtext of a cyberattack is much broader and the concept is more widely recognized. All forms of malicious behavior within cyberspace--from hacking, website distortion to massive destruction on civil or military network infrastructure--are seen as cyberattacks. Such events in the past have not been as destructive as conventional warfare.
However, some cyberattack cases have already become components of international conflicts in recent years, thereby blurring the boundary between cyberwars and cyberattacks. For instance, in April 2007, a massive cyberattack by unknown attackers paralyzed Estonia's key power infrastructure. The disruption lasted for several weeks, resulting in property damage and social turmoil in the Baltic nation. The event demonstrated the potential destructiveness of cyberattacks, and it was also the first time that such an event had threatened the national security of a country.
Two months before the Russia-Georgia military conflict in August 2008, Georgia's network infrastructure was hit by massive distributed denial-of-service (DDoS) attacks, which attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. The network intrusions, which sought to destroy the Georgian Government's communications capability, marked the first time that cyberattacks were employed in a military operation.
Another example is the computer worm Stuxnet that was discovered in 2010. In about 10 months, Stuxnet disabled almost one fifth of Iran's centrifuges, causing severe technical problems for the country's nuclear program. Michael Hayden, who served as director of the U.S. National Security Agency in 1999-2005, said that Stuxnet showed for the first time the level of damage that cyberattacks could bring to the world.