The most important lesson we may be learning from the hacking of Sony Corp. is also the most disturbing. From what Americans can know so far (and even officials lacking security clearances probably don’t know close to everything), it seems that the United States lacks cyber-war escalation dominance with North Korea as well as with China.
As I’ve written before, escalation dominance is strategists’ fancy way of describing retaliatory power so great that it puts an intimidating fear of God into any prospective attacker. Washington’s weakfish response to Chinese government hacking activity – mainly an offer to discuss hacking rules of the road with Beijing – certainly suggested strongly a determination that some kind of counter-hack or other punishment created too great a threat of a broader cyber-conflict that America simply could not risk waging.
The Obama administration has made no such suggestion to Pyongyang and the threats made by the hackers against prospective patrons of Sony’s “The Interview.” Indeed, the White House publicly threatened retaliation – which sounds more encouraging. So did the President’s own recommendation “people go to the movies” (albeit with the qualifier “For now).
But other administration remarks were much more disquieting. Chief among them were White House Press Secretary Josh Earnest’s statement that the President believes that “we need a proportional response.” If history teaches anything, it’s that such a tit-for-tat strategy is a sign either of weakness or political uncertainty (see “Vietnam War”), and worse, is interpreted this way by the adversary.
Further reinforcing my fears on escalation dominance are the clear differences between U.S.-China and U.S.-North Korea relations. America’s caution re Beijing’s hacking is at least in theory also justifiable by the myriad strategic and economic interests at stake. China’s aggressive moves in the South and East China Sea, for example, might still be neutralized through diplomacy that in turn could be jeopardized by a strong U.S. hacking response (though I’m skeptical of the former). America’s allies in Asia, moreover, are as reluctant to see anything rock the U.S.-China economic policy boat as are offshoring U.S. multinational companies.
It’s hard, however, to see how North Korea could become more hostile, at least rhetorically. (Any fear of military retaliation by Pyongyang would of course strongly indicate that America has also lost strategic nuclear escalation dominance, as I’ve previously warned.) And although Washington’s regional allies are still pretty conflict-averse regarding Kim Jong Un’s regime, no commercial considerations are complicating American calculations. (For the record, it would be completely unacceptable to let the tail of alliance unity wag the dog of the kinds of core U.S. security interests at risk here.)
And another troubling aspect of American policy: Reports that Mr. Obama “lately has been discussing the issue with aides every day” carry the hint that the Korean actions have Washington by surprise, and that even though cyber-hacking is no longer a new threat, nothing like promising retaliatory plans are yet in place.
I’m not saying that dealing with cyber-hacking is easy, and that goes double for hacking sponsored by foreign governments with formidable militaries. Unquestionably, numerous competing interests need to be balanced, and miscalculations could be disastrous. But America’s responses to date make painfully clear that the administration remains far from sorting out its priorities, and that as a result, the nation remains dangerously vulnerable to cyber-hacks.