Blogs: Paul Pillar

The Sony Pictures Hack and Old Confusion About Terrorism

Paul Pillar

The suspected hack by North Korea into the computer system of an American movie company has gotten a lot of people excited without a lot of thinking about the significance, or lack of it, of what has happened and without addressing some longstanding conceptual problems that have plagued discussions related to terrorism. The problems persist even if we simplify matters by accepting the widespread assumption that the North Korean regime did in fact perpetrate the hack—an assumption that, based on public knowledge to date, is not necessarily correct.

It appears that the net effect of the electronic intrusion has been to delay release of a movie—not usually the stuff of which national security crises are made, or should be made. Some of those who are agitated about the incident refer to subsequent bellicose-sounding statements from the North Korean regime that, while denying responsibility for the computer intrusion, refer angrily to the same movie. Some of what that regime is said to have said in the current instance regarding threats against the United States it did not really say. Besides, Pyongyang makes bellicose-sounding statements, including ones specifically directed at the United States, all the time.

Perhaps some of those alarmed about this latest incident believe that the successful hack demonstrates a capability as well as a willingness to inflict more substantial harm on Americans who go to see the movie that the North Korean regime does not want them to see. The imagined scenario might involve something like North Korean hackers taking over the electronics of movie theaters in the United States and somehow manipulating the climate control system to have debilitating or lethal consequences on people in the audience. As ridiculous as such a scenario is, it is not improbable that such images are affecting the thinking of some Americans worrying about what North Korea might do, because this kind of fancifulness has roots in a larger tradition of American thinking about terrorism.

There has been fascination, dating at least back to the 1990s, with possible unconventional methods of terrorist attack, which is to say use of chemical, biological, radiological, or nuclear (CBRN) means or anything having to do with cyber capabilities. And such hypothetical means do indeed make for fascinating scenarios. The sheer sexiness of the subject fires the imagination. That fascination has led to grossly disproportionate attention in commentary and alarmism about terrorism using CBRN and cyber methods—disproportionate when compared to the ways terrorists actually have been harming people.

An example of this misplaced focus and how long it has been around was an article that President Obama's nominee for secretary of defense, Ashton Carter, wrote 16 years ago along with John Deutch, another former deputy secretary of defense, and Philip Zelikow, who supervised writing of the 9/11 commission report. The danger the authors wanted to warn us about was that “terrorists may gain access to weapons of mass destruction, including nuclear devices, germ dispensers, poison gas weapons, and even computer viruses.” All of their imaginative hypothetical examples involved the use of either CBRN or cyber techniques. They argued that the big divide between, on one hand, terrorism we really ought to worry about more and would be “catastrophic,” and on the other hand conventional terrorism which the authors assured us was already getting sufficient attention, was whether or not such unconventional techniques or weapons were used.

The 9/11 attacks, which had nothing whatever to do with either cyber methods or CBRN capabilities, demonstrated how mistaken that analysis was. Nothing terrorists have done in the years since then suggests that the analysis is any less misdirected. And yet, the fascination continues, as do mistaken attributions of newness to threats that fit the fascinating mold. Thus, for example, David Rothkopf tells us this week that “we are at a critical juncture in the dawning days of the cyber era,” that we need “to start writing a new playbook” on foreign policy because of cyber threats, and that in response to the Sony Pictures incident we ought to be talking about using not just cyberattacks but even military action against North Korea. Senator John McCain, not to be outdone by anyone when it comes to talking about getting involved in wars, said the presumed North Korean hack of Sony was “the manifestation of a new form of warfare.”

Pages

Obama's Interesting Fourth Quarter

Paul Pillar

The suspected hack by North Korea into the computer system of an American movie company has gotten a lot of people excited without a lot of thinking about the significance, or lack of it, of what has happened and without addressing some longstanding conceptual problems that have plagued discussions related to terrorism. The problems persist even if we simplify matters by accepting the widespread assumption that the North Korean regime did in fact perpetrate the hack—an assumption that, based on public knowledge to date, is not necessarily correct.

It appears that the net effect of the electronic intrusion has been to delay release of a movie—not usually the stuff of which national security crises are made, or should be made. Some of those who are agitated about the incident refer to subsequent bellicose-sounding statements from the North Korean regime that, while denying responsibility for the computer intrusion, refer angrily to the same movie. Some of what that regime is said to have said in the current instance regarding threats against the United States it did not really say. Besides, Pyongyang makes bellicose-sounding statements, including ones specifically directed at the United States, all the time.

Perhaps some of those alarmed about this latest incident believe that the successful hack demonstrates a capability as well as a willingness to inflict more substantial harm on Americans who go to see the movie that the North Korean regime does not want them to see. The imagined scenario might involve something like North Korean hackers taking over the electronics of movie theaters in the United States and somehow manipulating the climate control system to have debilitating or lethal consequences on people in the audience. As ridiculous as such a scenario is, it is not improbable that such images are affecting the thinking of some Americans worrying about what North Korea might do, because this kind of fancifulness has roots in a larger tradition of American thinking about terrorism.

There has been fascination, dating at least back to the 1990s, with possible unconventional methods of terrorist attack, which is to say use of chemical, biological, radiological, or nuclear (CBRN) means or anything having to do with cyber capabilities. And such hypothetical means do indeed make for fascinating scenarios. The sheer sexiness of the subject fires the imagination. That fascination has led to grossly disproportionate attention in commentary and alarmism about terrorism using CBRN and cyber methods—disproportionate when compared to the ways terrorists actually have been harming people.

An example of this misplaced focus and how long it has been around was an article that President Obama's nominee for secretary of defense, Ashton Carter, wrote 16 years ago along with John Deutch, another former deputy secretary of defense, and Philip Zelikow, who supervised writing of the 9/11 commission report. The danger the authors wanted to warn us about was that “terrorists may gain access to weapons of mass destruction, including nuclear devices, germ dispensers, poison gas weapons, and even computer viruses.” All of their imaginative hypothetical examples involved the use of either CBRN or cyber techniques. They argued that the big divide between, on one hand, terrorism we really ought to worry about more and would be “catastrophic,” and on the other hand conventional terrorism which the authors assured us was already getting sufficient attention, was whether or not such unconventional techniques or weapons were used.

The 9/11 attacks, which had nothing whatever to do with either cyber methods or CBRN capabilities, demonstrated how mistaken that analysis was. Nothing terrorists have done in the years since then suggests that the analysis is any less misdirected. And yet, the fascination continues, as do mistaken attributions of newness to threats that fit the fascinating mold. Thus, for example, David Rothkopf tells us this week that “we are at a critical juncture in the dawning days of the cyber era,” that we need “to start writing a new playbook” on foreign policy because of cyber threats, and that in response to the Sony Pictures incident we ought to be talking about using not just cyberattacks but even military action against North Korea. Senator John McCain, not to be outdone by anyone when it comes to talking about getting involved in wars, said the presumed North Korean hack of Sony was “the manifestation of a new form of warfare.”

Pages

The Cuba Opening: A Welcome Blow Against the Posturing School of Foreign Policy

Paul Pillar

The suspected hack by North Korea into the computer system of an American movie company has gotten a lot of people excited without a lot of thinking about the significance, or lack of it, of what has happened and without addressing some longstanding conceptual problems that have plagued discussions related to terrorism. The problems persist even if we simplify matters by accepting the widespread assumption that the North Korean regime did in fact perpetrate the hack—an assumption that, based on public knowledge to date, is not necessarily correct.

It appears that the net effect of the electronic intrusion has been to delay release of a movie—not usually the stuff of which national security crises are made, or should be made. Some of those who are agitated about the incident refer to subsequent bellicose-sounding statements from the North Korean regime that, while denying responsibility for the computer intrusion, refer angrily to the same movie. Some of what that regime is said to have said in the current instance regarding threats against the United States it did not really say. Besides, Pyongyang makes bellicose-sounding statements, including ones specifically directed at the United States, all the time.

Perhaps some of those alarmed about this latest incident believe that the successful hack demonstrates a capability as well as a willingness to inflict more substantial harm on Americans who go to see the movie that the North Korean regime does not want them to see. The imagined scenario might involve something like North Korean hackers taking over the electronics of movie theaters in the United States and somehow manipulating the climate control system to have debilitating or lethal consequences on people in the audience. As ridiculous as such a scenario is, it is not improbable that such images are affecting the thinking of some Americans worrying about what North Korea might do, because this kind of fancifulness has roots in a larger tradition of American thinking about terrorism.

There has been fascination, dating at least back to the 1990s, with possible unconventional methods of terrorist attack, which is to say use of chemical, biological, radiological, or nuclear (CBRN) means or anything having to do with cyber capabilities. And such hypothetical means do indeed make for fascinating scenarios. The sheer sexiness of the subject fires the imagination. That fascination has led to grossly disproportionate attention in commentary and alarmism about terrorism using CBRN and cyber methods—disproportionate when compared to the ways terrorists actually have been harming people.

An example of this misplaced focus and how long it has been around was an article that President Obama's nominee for secretary of defense, Ashton Carter, wrote 16 years ago along with John Deutch, another former deputy secretary of defense, and Philip Zelikow, who supervised writing of the 9/11 commission report. The danger the authors wanted to warn us about was that “terrorists may gain access to weapons of mass destruction, including nuclear devices, germ dispensers, poison gas weapons, and even computer viruses.” All of their imaginative hypothetical examples involved the use of either CBRN or cyber techniques. They argued that the big divide between, on one hand, terrorism we really ought to worry about more and would be “catastrophic,” and on the other hand conventional terrorism which the authors assured us was already getting sufficient attention, was whether or not such unconventional techniques or weapons were used.

The 9/11 attacks, which had nothing whatever to do with either cyber methods or CBRN capabilities, demonstrated how mistaken that analysis was. Nothing terrorists have done in the years since then suggests that the analysis is any less misdirected. And yet, the fascination continues, as do mistaken attributions of newness to threats that fit the fascinating mold. Thus, for example, David Rothkopf tells us this week that “we are at a critical juncture in the dawning days of the cyber era,” that we need “to start writing a new playbook” on foreign policy because of cyber threats, and that in response to the Sony Pictures incident we ought to be talking about using not just cyberattacks but even military action against North Korea. Senator John McCain, not to be outdone by anyone when it comes to talking about getting involved in wars, said the presumed North Korean hack of Sony was “the manifestation of a new form of warfare.”

Pages

Pages