Three Cheers for Obama’s Sony attribution, a golf clap for his “proportional” response.

In The Washington Post, Ellen Nakashima describes how Sony’s decision to cancel the premiere of The Interview catalyzed the Obama Administration’s decision to blame North Korea publicly:

The next day, alarmed by the surrender, President Barack Obama convened his top officials in the White House Situation Room and, based on their unanimous recommendation, decided to take an action the United States had never dared before in response to a cyberattack by another nation: name the government responsible and punish it. [….]

The blocking of Sony’s freedom of expression, on top of a highly damaging hack, is what ultimately compelled officials to act, in the name of deterrence.

“The argument I made was the whole world is watching how we as a nation respond,” said Adm. Michael Rogers, the director of the National Security Agency, who, other officials said, was at the previously undisclosed meeting.

“And if we don’t acknowledge this, if we don’t name names here, it will only — I’m concerned — encourage others to decide: ‘Well, this must not be a red line for the United States. This must be something they’re comfortable [with] and willing to accept,’ ” Rogers said at an international cybersecurity conference at Fordham University last week.

There “was a significant debate within the administration about whether or not to take that step” of naming North Korea, a senior administration official said. “Attribution is hard, and there are all sorts of reasons we don’t normally want to do that,” including setting a precedent that would increase pressure to name other countries in future incidents and antagonizing the offending governments.

But the attack on Sony’s right to screen a movie struck a nerve. The entertainment company may not be “critical” to national security, but free speech is “a core value,” said the official, who spoke on the condition of anonymity to describe internal discussions. “Yes, it was a Seth Rogen comedy, but next time it might not be,” he said. What he described as the hack’s “destructive” nature combined with the element of coercion against Sony “crossed the threshold,” he said. “It took us into a new realm.”

The attack was a violation of U.S. sovereignty “coupled with an attempt to interfere with freedom of expression,” said Christopher Painter, State Department coordinator for cyber issues. “You had, in many ways, the perfect storm of all these things coming together that were really important.” [WaPo, Ellen Nakashima]

I applaud this unreservedly. It was the right decision for the right reasons.

~ ~ ~

The administration has stumbled twice since then, however. For several weeks, the administration failed to challenge inside-job theories from some IT security experts. Some of them challenged the sufficiency of the publicly available evidence, which is fair enough. But to argue that North Korea didn’ do it is much more problematic. Some of the inside-jobbers lost sight of the possibility that they were arguing based on incomplete information. Others may have been motivated by grudges against the administration over the Snowden revelations, or other biases. Yet others, including inmates of the Alex Jones, Christine Ahn, and Ron Paul asylums, shared the sort of skepticism that’s unique to the world’s most gullible people.

The administration continued to lose this argument for several weeks before FBI Director James Comey publicly reaffirmed that he was certain that the North Koreans did it. Comey’s call to declassify more of the evidence is now being answered by the National Security Agency:

Spurred by growing concern about North Korea’s maturing capabilities, the American spy agency drilled into the Chinese networks that connect North Korea to the outside world, picked through connections in Malaysia favored by North Korean hackers and penetrated directly into the North with the help of South Korea and other American allies, according to former United States and foreign officials, computer experts later briefed on the operations and a newly disclosed N.S.A. document.

A classified security agency program expanded into an ambitious effort, officials said, to place malware that could track the internal workings of many of the computers and networks used by the North’s hackers, a force that South Korea’s military recently said numbers roughly 6,000 people. Most are commanded by the country’s main intelligence service, called the Reconnaissance General Bureau, and Bureau 121, its secretive hacking unit, with a large outpost in China.

The evidence gathered by the “early warning radar’ of software painstakingly hidden to monitor North Korea’s activities proved critical in persuading President Obama to accuse the government of Kim Jong-un of ordering the Sony attack, according to the officials and experts, who spoke on the condition of anonymity about the classified N.S.A. operation. [N.Y. Times, David E. Sanger & Martin Fackler]

The CIA’s malware was built on its highly successful Stuxnet worm:

For about a decade, the United States has implanted “beacons,” which can map a computer network, along with surveillance software and occasionally even destructive malware in the computer systems of foreign adversaries. The government spends billions of dollars on the technology, which was crucial to the American and Israeli attacks on Iran’s nuclear program, and documents previously disclosed by Edward J. Snowden, the former security agency contractor, demonstrated how widely they have been deployed against China. [N.Y. Times]

For those incapable of wrapping their heads around the idea of North Korea being technologically sophisticated enough to hack someone, the Times story also provides an extensive history of Unit 121, and an interview with two defectors with insider knowledge of the unit’s operations.

See also CNN and (quoting Comey, “We could see that the IP addresses that were being used to post and to send the e-mails were coming from IPs that were exclusively used by the North Koreans.”

Interestingly enough, just a few weeks before the Sony hack, Director of National Intelligence James Clapper had dinner with Kim Yong-Chol, the head of North Korea’s Reconnaissance Bureau (RGB), the man responsible for overseeing North Korea’s hackers, and also for multiple attempts to assassinate human rights activists and North Korean dissidents in exile. The RGB’s assets are blocked, but Gen. Kim’s are not. I can’t help wonder if Gen. Kim smiled at the thought of how Clapper would react to the Sony attacks. Let’s hope that the Obama Administration gives Gen. Kim cause to regret this lapse of malignant egomania.

It amuses me some to wonder whether there was a small bandage on Mr. Clapper’s right palm when the two men shook hands.

~ ~ ~

Which brings us to the President’s second stumble: his failure, so far, to respond credibly, to deter others from crossing the red line that North Korea crossed in November, and also to deter others from blunting President Obama’s response by undermining sanctions.

It did not take long for American officials to conclude that the source of the attack was North Korea, officials say. “Figuring out how to respond was a lot harder,” one White House official said. [N.Y. Times]

That’s becoming more painfully obvious by the day. President Obama has said that Executive Order 13,687 and the designations of January 2nd were only a beginning, and let’s hope he’s right about that. Sanctions work better when they hit with a shock than when they’re applied incrementally, and give the target time to adapt. If my guess is right, however, Treasury needs more time to do that, because this administration hasn’t made North Korea a priority in its financial intelligence targeting. But so far, as former CIA Director Michael Hayden said, the administration’s new sanctions have been “symbolic at best,” for reasons I explained here. Worse, our apparent lack of determination is inviting troublemakers to undermine the administration’s negative reinforcement.

Here is Vladimir Putin’s cue to enter stage left.

According to this article, Russia has recently begun to service transactions for the U.S. Treasury-sanctioned Foreign Trade Bank of North Korea in rubles. Treasury sanctioned the FTB in March 2013 for its involvement in servicing WMD-related financial transactions. The article’s author, whose work reads like that of a Putinjugend fangirl, may not have considered the possibility that the Russian businesses involved could still be cut out of the financial system under EO 13,687 or (one day in the not-too-distant future, according to Chairman Royce) the North Korea Sanctions Enforcement Act. However unwittingly, fangirl has done us a great public service by bringing this information to our attention.

In his State of the Union speech, President Obama promised to defend us against cyberattacks. He didn’t mention North Korea by name, but the reference was obvious. Deterrence is a critical part of defense. Imposing new cybersecurity laws and regulations on industry alone will not be a complete answer, and the new requirements will come with massive costs to American industry. Even if the administration has good reasons to delay the main thrust of its response to Kim Jong Un until it finds a critical mass of North Korea’s financial nodes, it still needs to make a bold demonstration that it’s unwilling to tolerate the willful subversion of its policies by Russia and others. If the sanctions of January 2nd are the only price a foreign enemy pays for a devastating and chilling attack on the central principle of our political system, those sanctions will mean less than no deterrent at all.