There are reportedly new threats that if “The Interview,” a Sony comedy about two journalists assigned to assassinate Kim Jong-Un, is shown, the theaters will be used for 9/11-style attacks. Sony is now facing pressure to halt plans for a Christmas Day release.

Some are wondering if the warnings should be heeded, or if this would be “giving in” to the perpetrators.

The threats to theaters is concerning and should warrant additional scrutiny, but threatening terror via an online post is far different than being able to make good on such a threat.

It would be foolish to give anyone a veto over our freedom of speech in America with just a few taps on the keyboard. Are we to declare pompous little men such as Kim Jung-Un off limits to satire as well?

Individuals must make their own decisions as to the safety of attending “The Interview,” but one hopes Sony does not pull it based on anonymous threats or ridiculous demands by the government in Pyongyang.

Was the Hack Cyber Terrorism?

Has some sort of Rubicon been crossed with the recent hack of Sony Pictures?  There is also the cybersecurity issue with the ongoing hacks of Sony.

The theft of several as-yet-unreleased Sony feature films, and their posting on the Internet is being called an act of state-sponsored cyber terror against a civilian target.

Is this hyperbole, or an accurate description of the next level of the simmering cyber conflict that seems to be ongoing?

The situation is confused at best. North Korea has called for action against Sony for the impending release of the movie “The Interview.” They even asked the UN to intervene and stop the movie because it ridicules the hermit kingdom’s eccentric system and its leader.

This led nearly everyone to blame the break-in and theft of the movies on North Korea. But so far, the FBI has not determined that North Korea is the guilty party. Accomplishing firm and definitive attribution is tough in cyber situations. The detailed forensic analysis will take some time and may never yield a clear bad guy.

Nor is this that much of a unique event. State-sponsored terror against a civilian corporation has happened before. The 2012 attack against the Saudi ARAMCO oil company most likely was executed by Iran, and it was far worse than this. In a single day, malware destroyed more than 30,000 administrative computers.

The Sony event organizers stole intellectual property and posted it online. This will clearly cost Sony a huge amount of money, but it is tough to call it terrorism, and it does not mark some new and unique “new” level of cyber conflict.

The bottom line is simple. Sony’s cyber security failed. A fairly sophisticated adversary who wanted to hurt Sony financially found a way in, and then posted various films and company emails.

What We Can Learn from the Sony Hack

What are the implications of the Sony Hack? Private corporations need to do a much better job protecting themselves in cyberspace. There is much that could be done to encourage information sharing (encouraging, not mandating), allowing more active defensive measures within reasonable limits, encouraging the development of a cyber insurance industry and enhancing cyber supply chain security. They also can set the conditions for more robust awareness, education and training in cyber security for all Americans.

This is not the time for foolishly ill-advised legislation, particularly of a regulatory nature. It would not help, will consume resources and give a false sense of added security.

It may have been the North Koreans. It may have been sympathetic expatriates who saw the ridicule as having gone too far. It does not matter. Sony should chalk up the lost revenue to a costly lesson in better security. Americans should realize that total security in cyber is not achievable, but we need to be better than we are now.

Lastly, individual Americans and our business entities need to stop thinking that “this will never happen to me,” and get serious about security and cyber hygiene.

The Sony Hack is not (yet) a watershed event, but we could actually learn from it.