After weeks of speculation, US officials have told news outlets that North Korea was involved in November's devastating Sony hack. Especially because the group threatened violence if Sony released its North Korea-focused comedy The Interview, this could turn the issue from a major security problem to an international incident, and American politicians have begun formulating their responses — whether that's simple condemnation or calls for new cybersecurity bills.
The White House hasn't said anything about the hacks, or publicly attributed them to North Korea. But Congress members and others have been less circumspect. Representative Peter King (R-NY) called for legislators to pass the Terrorism Risk Insurance Act, which reimburses insurers for terrorism-related losses. The policy was adopted after September 11th, but an extension failed to pass the Senate earlier this week, setting it to expire at the end of the year. King called an expiration "criminal negligence." And Rep. Ed Royce (R-CA), chair of the Foreign Affairs Committee, said in a CNN interview that Sony's decision to cancel The Interview's release was "regrettable" and dangerous. "What message does this send other hackers, other state-sponsors of terrorism — which North Korea is? That you get a little leverage in the system, you can make these demands and people cede to them."
Senator John McCain (R-AZ) also said that the choice set a "troubling precedent" in cyberwarfare. "The administration's failure to deter our adversaries has emboldened, and will continue to embolden, those seeking to harm the United States through cyberspace," he said in a statement. He reiterated promises to focus on the issue if elected chair of the Armed Services Committee, including plans to create a subcommittee for cybersecurity issues. "Congress as a whole must also address these issues and finally pass long-overdue comprehensive cybersecurity legislation," he said. McCain has been pushing cybersecurity bills for years, including the Secure IT Act, a competitor to the controversial CISPA bill.
In a statement on Tuesday, Senator Dianne Feinstein (D-CA), a major proponent of cybersecurity and author of multiple bills, said that "this is only the latest example of the need for serious legislation to improve the sharing of information between the private sector and the government to help companies strengthen cybersecurity. We must pass an information sharing bill as quickly as possible next year."
Cybersecurity legislation, which would establish a framework for US agencies and companies to share information on threats, has repeatedly stalled in Congress, in part because of privacy concerns — the White House ultimately issued an executive order on the issue in 2013. Nonetheless, Congress, the NSA, and others have warned of major cyberattacks for years. Intelligence agencies don't seem likely to speak until the White House gives an official statement, but former NSA head Keith Alexander significantly built out the agency's cyberwarfare capabilities, establishing and holding the position of US Cyber Command. He also called on Congress to pass a CISPA-style security bill.
Former presidential candidate and Massachusetts governor Mitt Romney, meanwhile, has echoed a common refrain: Sony should undermine the hackers' goals by releasing The Interview through internet video services. "Don't cave; fight," he wrote. "Release @TheInterview free online globally." Newt Gingrich said the same thing, saying that "with the Sony collapse America has lost its first cyberwar."
Update December 18th, 12:20pm ET: Added statement from Senator Feinstein.