Countering Cyberattacks Without a Playbook

Countering Cyberattacks Without a Playbook

A banner for "The Interview"is posted outside Arclight Cinemas, Wednesday, Dec. 17, 2014, in the Hollywood section of Los Angeles. A U.S. official says North Korea perpetrated the unprecedented act of cyberwarfare against Sony Pictures that exposed tens of thousands of sensitive documents and escalated to threats of terrorist attacks that ultimately drove the studio to cancel all release plans for "The Interview." (AP Photo/Damian Dovarganes)
A banner for “The Interview”is posted outside Arclight Cinemas, Wednesday, Dec. 17, 2014, in the Hollywood section of Los Angeles. (AP Photo/Damian Dovarganes)


WASHINGTON (New York Times) — For years now, the Obama administration has warned of the risks of a “cyber-Pearl Harbor,” a nightmare attack that takes out America’s power grids and cellphone networks and looks like the opening battle in a full-scale digital war.

Such predictions go back at least 20 years, and perhaps that day will come. But over the past week, a far more immediate scenario has come into focus, first on the back lots of Sony Pictures and then in back-to-back strategy sessions in the White House Situation Room: a shadow war of nearly constant, low-level digital conflict, somewhere in the netherworld between what President Obama called “cybervandalism” and what others might call digital terrorism.

In that murky world, the attacks are carefully calibrated to be well short of war. The attackers are hard to identify with certainty, and the evidence cannot be made public. The counterstrike, if there is one, is equally hard to discern and often unsatisfying. The damage is largely economic and psychological. Deterrence is hard to establish. And because there are no international treaties or norms about how to use digital weapons — indeed, no acknowledgment by the United States government that it has ever used them itself — there are no rules about how to fight this kind of conflict.

“Until now, we’ve been pretty ad hoc in figuring out what’s an annoyance and what’s an attack,” James Lewis, a cyberexpert at the Center for Strategic and International Studies, said last week. “If there’s a lesson from this, it’s that we’re long overdue” for a national discussion about how to respond to cyberattacks — and how to use America’s own growing, if unacknowledged, arsenal of digital weaponry.