IE 11 is not supported. For an optimal experience visit our site on another browser.

What can the US do about the North Korean hacking attack?

The U.S., which already has every economic sanction known to man in place against North Korea, is in a bind. But that doesn't mean there's nothing we can do.

Was anyone surprised that North Korea was behind the hacking attack on Sony Pictures Entertainment? This is a country that sank a South Korean naval vessel in 2010, killing fifty of the crew and then shelled a South Korean village, killing four civilians. It routinely flouts international agreements to not build nuclear weapons or missiles. And in the last few years, the repressive regime has launched four cyber-attacks against South Korean banks and television stations that had offended the North’s leader – not unlike the crisis that is now roiling Sony.

"The Sony hackers’ threat to inflict a 9/11-style attack ... was more bombast. They must be pleased in Pyongyang that we fell for it."'

North Korea accompanies every incident with bombastic, hugely unrealistic threats to nuke the United States, sink aircraft carriers, and crush America -- one propaganda film uses scenes from a video game to show the destruction of Washington, D.C. The Sony hackers’ threat to inflict a 9/11-style attack against movie theaters showing “The Interview,” a comedy depicting the assassination of North Korean dictator Kim Jong Un, was more bombast. They must be pleased in Pyongyang that we fell for it. 

The U.S., which already has every economic sanction known to man in place against North Korea, is in a bind. Kim does not seem to care if his people starve. And despite the fact that North Korea’s large but antiquated military would not stand a chance against the U.S and South Korea, neither the U.S. nor North Korea’s neighbors want a damaging replay of the Korean War. 

North Korea takes advantage of this. The regime, which sustains a cult of personality around Kim, has acted erratically for years and received only letters of reprimand. Why should they stop? North Korea is good at taking calculated risks, lashing out in ways that play well at home and send a signal to the U.S. and other countries without provoking a military response. The Obama administration’s concern, shared by China and South Korea, is that the North will get its calculations wrong and do something that will lead to war.

Related: White House stands by free speech in Sony hacking scandal

The White House is considering a “proportional response” against the hackers, spokesman Josh Earnest told reporters Thursday. But what would such a response look like? The U.S. probably can’t arrest anyone involved. And we don’t want to start a war: Cyber retaliation could easily escalate into a more direct confrontation. Perhaps in the short term, like when the South Korean ships were sunk and villages shelled, we may be tempted to simply sit back and take it.

But while the Sony hack doesn’t justify war, that doesn’t mean there is nothing we can do. North Korea runs a vast criminal enterprise, counterfeiting $100 dollar bills, running black markets, trading in gems and drugs. The profits go directly to its leader. We could go after this criminal enterprise, publicly identify front companies, shutting down operations, and asking other countries to help. The U.S. already does this as part of our nonproliferation efforts, but we could do more. A public statement would put the North on notice. 

This story isn’t over. Multiple U.S. movie chains, and ultimately Sony, decided in the wake of threats not to take a risk in screening “The Interview.” Other countries, unless they are as demonstrably erratic and violent as North Korea, won’t have the same luck in blackmailing American companies. But without a strong message about hacking from the U.S., some may try.

Related: ‘Unprecedented:’ Sony pulls film over cyber-attacks

A response of some kind is essential to preventing future cyber-attacks from North Korea, Iran, or other hostile regimes. Some of this is diplomatic kabuki -- asking the UN to condemn the North, making public statements saying we will respond in the manner and time of our choosing, and so on – which then become part of the risk assessment groups make in considering any moves against the U.S. When Iran began a series of cyber-attacks against U.S. banks in 2012, then-Secretary of Defense Leon Panetta gave a very public speech warning that if the U.S. detected a cyber-attack that could kill Americans or do major economic harm, it would take preemptive military action. The message sent to Iran was clear. We need to reinforce that message with North Korea. 

It’s not much, but it may be enough. In the long term, North Korea is too crazy to survive. For now, this might be all we can do.