Mary Sanchez

Sony hack highlights widespread vulnerability to cyberterrorism

Sony Pictures’ tribulations over the past few weeks are a warning of the precarious state of the nation’s cybersecurity.
Sony Pictures’ tribulations over the past few weeks are a warning of the precarious state of the nation’s cybersecurity. The Associated Press

Forget the emails leaked by hackers that exposed, among other secrets, the childishness of Sony Pictures executives.

Dispense with the finger-wagging at major theater chains for dropping commitments to show “The Interview” during the holiday season.

Sony Pictures’ tribulations over the past few weeks are a warning of the precarious state of the nation’s cybersecurity. This is serious business, and it’s in the public interest to get it sorted out. For too long, however, we’ve taken an unserious attitude toward this threat, as was evident in the prurient interest the media and the public took in Sony Pictures’ dirty laundry.

Aided by an all-too willing news media, the public joyfully shared tidbits from the trove of gossip exposed by the so-called Guardians of the Peace in their Sony hack in late November. Then things went way beyond simply embarrassing executives and revealing sensitive identity information about employees of Sony. The hackers promised a 9/11-style event for theaters that dared to show "The Interview," a comedic spoof with the plotline of bungling journalists sent to assassinate North Korean leader Kim Jong Un.

The FBI is pointing a finger at North Korea for the Sony breach, although some prominent hackers and industry experts continue to doubt the country’s regime is directly behind it. Earlier this week, Internet access in North Korea mysteriously went kaput for nearly 10 hours. There is no word at this writing who might have been behind the outage, although it’s possible it was the U.S. Barack Obama did promise a proportional retaliatory strike for the damage done to Sony.

Meanwhile, the computers that operate South Korea’s nuclear plant operator reportedly were hacked. Government officials in Seoul were quick to try and calm nerves, reporting that nothing vital was breached. This time.

Even less noticed in the daily offerings of cybernews was an early December report from the Office of Inspector General report critical of the cybersecurity within the Department of Homeland Security. Yes, Homeland Security — the umbrella agency set at the top of the federal food chain after the horrors of September 11.

The Secret Service and the Federal Emergency Management Agency were specifically cited as problems. The report charged FEMA with having five systems labeled "Top Secret" that fail to meet all of the requirements for security. Some of those systems have been operating without government OK since August 2013. The Secret Service was criticized for not cooperating in providing data so that its systems could be checked. The agency was pressed to sign an agreement that it would comply in 2015.

FEMA and United States Citizenship and Immigration Service were called out for still using Microsoft Windows XP. The report noted that Microsoft "stopped providing software updates to mitigate security vulnerabilities on these older systems in April 2014."

So, if you’re still worried whether you will get to see the Seth Rogen/James Franco farce on the big screen, consider the inconvenience you might endure if the nation’s power grid is taken down. Or if computerized systems controlling the purification of your city’s water supply is disrupted.

No reasonable person should judge theater chains harshly for taking the Guardians of Peace threats seriously. If they went ahead heedlessly and deaths did occur, they would have scant legal cover from liability. Cinemark is the defendant in civil suits over the 12 deaths and 70 injuries from a man who opened fire inside a theatre in Aurora, Colorado.

Sure, freedom of speech matters too, and we all need to stand up to those who threaten it with violence. But the best defense against hackers who threaten freedom of speech is better security against hacking breaches.

Practically speaking, it probably makes little difference to those affected whether a future attack is orchestrated by guerrilla hackers like Anonymous or Lizard Squad (which claimed to be behind another Sony hack of PlayStation Network) or some other rogue crew. But a whole other level of diplomatic concern is crossed if a foreign nation is involved, or people authorized to act on such a nation’s behalf.

The stakes are high, America. Consider yourself warned.

To reach Mary Sanchez, call 816-234-4752 or send email to Twitter: @msanchezcolumn.