Dual Billing for Art and Conflict in Blockbuster Sony Hack

December 22, 2014

For special access to experts and other members of the national security community, check out the new War on the Rocks membership.


As Twitter hashtags go, it is a well-crafted one. The tweet last week that went with it, “Sad day for creative expression,” was sent by none other than comedian Steve Carell, an actor whose effortless affability was snuffed out by news that his upcoming film “Pyongyang” was being shut down after Fox said it would not distribute the film. It was only the latest industry casualty of the massive cyber exploitation of Sony Pictures by hackers tied to North Korea.

“The Interview,” the film that appears to have triggered the operation, is in limbo after Sony scrubbed the movie’s December 25 release in response to the hackers’ threat of violence at any theaters that showed it. Sony is still working to release the movie, company lawyer and veteran troubleshooter David Boies told NBC’s Meet The Press on Sunday. In a sign of the ongoing uncertainty, the New York Post on Sunday reported that Crackle, a free video website owned by Sony, might release the film while other outlets such as Mashable said that was not the case.

President Obama said Friday that backing down from the in-theater release established a troubling precedent, a crucial aspect of this entangling of art and conflict. President Obama also indicated the United States would conduct a proportional response to the attack at some point in the future, giving new weight to the release and dissemination of everything from petty e-mail feuds among studio honchos to Sony’s confidential corporate information.

This hack, and America’s private and public sector response, show how the character of conflict is getting harder and harder to define as it changes faster than governments and the private sector can keep up with. The hack was not an act of war, but it was a preview of the low-intensity and non-kinetic conflicts to come, teasing its national security audience with a blockbuster cast of a camera-ready ruthless dictator and the entertainment world elite, yet delivered frame by frame rather than on a smoothly running reel. Russia’s “hybrid warfare” has employed a similar approach to Ukraine by keeping an array of drawn-out actions below a threshold that would trigger a military response by the West. China takes this tack with the slow metabolism of its highly targeted cyber operations.

Heeding threats to some 18,000 theaters, Sony’s snap decision to spike “The Interview” further highlights the pressure points that can be exploited for economic, political, and cultural damage by an adversary willing to rethink how to conduct conflict. Entertainment and media is a $546 billion industry in the United States alone. America’s ability to shape its narrative in the 21st Century depends on it. It is easy to dismiss the attack as one primarily concerned with popping Hollywood egos, but major attacks to pilfer secrets and gum up the works of American companies are disturbingly routine. Wall Street has been hit hard. The defense industry has too. These are matters of national security. But how do we address them without securitizing everything we do as Americans?

As with most cyber attacks, attribution, or identifying the bad guys, is going to be very difficult no matter the confidence of the U.S. government in tracing the attack back to the North Korean regime. Without a target, it is hard to strike back. Imagine the pressure, though, if instead of targeting Sony, the hackers had incapacitated the electrical grid for Hollywood and Burbank and further misdirected investigators? Longstanding tenets of foreign policy like deterrence are upended when online attacks or theft can be veiled or concealed in ways that conventional attacks cannot.

Tomorrow’s conflicts are getting harder and harder to understand, and sometimes even more abstract for policymakers. This is an era when conflict will sometimes not look like war, and it is worth asking if the word itself will someday be outmoded to describe the way that nations, groups and individuals coerce and control to achieve their ends. As is often the case, the arts can make this evolution in conflict and warfare more real. If policymakers and the public now better understand this realization, then Sony’s $44 million investment in making “The Interview” may not entirely have been wasted.

As Steve Carell hinted, however, it is a paradigm shift that should be squarely confronted, not feared. We still need a hashtag for that.


August Cole is the director of the Atlantic Council’s Art of Future Warfare project and a non-resident senior fellow at the Council. He is a writer, consultant and analyst. His first novel, GHOST FLEET, co-written with Peter W. Singer, will be published in 2015.


Photo credit: kim jong un looking at things

We have retired our comments section, but if you want to talk to other members of the natsec community about War on the Rocks articles, the War Hall is the place for you. Check out our membership at warontherocks.com/subscribe!

2 thoughts on “Dual Billing for Art and Conflict in Blockbuster Sony Hack

  1. Good article, as this space is often overlooked in favor of the more conventional understanding of conflict. The precedent is disheartening. The connection to North Korea could be circumstantial and an easy sell for the public, rather than addressing and explaining the complexities regarding this particular threatscape. Attribution is typically deep in the weeds in this spectrum.

    The initial threats and releases from the attacker called for ceasing Sony’s restructuring efforts (which were made available along with salaries, employment status, and medical records through Pastebin and other dumps), which has all the ear-marks of an insider threat. ‘The Interview’ wasn’t even within the scope of the attack until after initial attribution seemed to link North Korea, and attackers were capturing media headlines.

    While this act draws more publicity than most, the reality is, from my professional experience – we are constantly, 365/24/7, engaged; be it from nation states, criminal organizations, ‘hacktivists’ or the lowly script kiddie – whether it is news worthy is another story.
    SCADA systems (power/water/gas/chemical), financial institutions and large retailers are cyber targets which when penetrated, serve to undermine the public trust and even threaten public safety. Even worse, the attacks on ‘Mom and Pop’s’ payment card systems are increasing and go under-reported as these retailers don’t have the ability to detect the threat, and once detected they are likely bankrupted.

    Recently, it was uncovered that the Anonymous actor behind leaking the identities and addresses of Ferguson police officers in the beginning days of protests and riots, was attributed to an attacker in Pakistan; the first known cyber incursion into stoking domestic unrest by a foreign entity. This actor likely had no altruistic cause or care to interject themselves into what otherwise is a domestic issue, but does have an incentive to assist in destabilizing and influencing US domestic policy.

    While policy makers may try to define what this evolving conflict is, threat mitigation, proportionate respond, what the ROI on retaliation actually is; the conflict is already far underway and isn’t waiting for policy definition or confining guidance.

  2. Gzip,

    That’s a great response, thanks for the comments. The last point about ROI on retaliation is a key asymmetrical advantage to an attacker/adversary as it’s a dynamic calculation that risks being out of step with the events as they happen, or are perceived to happen. There’s something like an OODA loop 2.0 variation when rather than getting inside an opponent’s decision cycle, you stay far, far outside it so they never spool it up in the first place. By then, you can achieve your aims. Given the around the clock cyber engagement aspect, the counterpoint is understanding what the value will be in setting clear thresholds/norms between criminal acts and unconventional “war.” Thanks again.