Given that The Intercept is a publication that trumpets its commitment to fearless journalism, you’d think they’d be all over the Sony hack story. National security threats, hacking, corporate power, cyberattacks — aren’t these more than enough ingredients for some hard-hitting investigative journalism?
Instead we get Jana Winter (who before moving to The Intercept was a reporter at FoxNews.com for six years) recycling an old narrative about governmental negligence: “FBI warned Year Ago of impending Malware Attacks — But Didn’t Share Info with Sony.”
Nearly one year before Sony was hacked, the FBI warned that U.S. companies were facing potentially crippling data destruction malware attacks, and predicted that such a hack could cause irreparable harm to a firm’s reputation, or even spell the end of the company entirely. The FBI also detailed specific guidance for U.S. companies to follow to prepare and plan for such an attack.
But the FBI never sent Sony the report.
The Dec. 13, 2013 FBI Intelligence Assessment, “Potential Impacts of a Data-Destruction Malware Attack on a U.S. Critical Infrastructure Company’s Network,” warned that companies “must become prepared for the increasing possibility they could become victim to a data destruction cyber attack.”
How could Sony have been adequately prepared to meet this threat if the FBI had neglected to send them their report?!
Urrr… maybe Sony’s global chief information security officer Philip Reitinger knew something about the risks of a data destruction cyber attack. After all, directly before moving to Sony in 2011, Reitinger had been Deputy Under Secretary of the National Protection and Programs Directorate (NPPD) and Director of the National Cyber Security Center (NCSC) at the United States Department of Homeland Security. It seems likely that one way or another, Reitinger saw the FBI report.
Winter closes her “report” by quoting a source within the “information security industry” who said: “The question is, who dropped the ball?”
The Intercept in its headline and paragraph two doesn’t hesitate to answer that “question”: The FBI.
This is really a bizarrely irrelevant narrative to be spinning, given that there has already been so much reporting on Sony’s own negligence in handling cyber-security.
Winter makes the dubious assertion that in the eyes of the U.S. government, Sony is part of this nation’s “critical infrastructure” — the implication apparently being that the FBI is responsible for safeguarding the company’s cyber-security standards.
For The Intercept to want to portray the Sony story as a story about the failings of the U.S. government, is perhaps to be expected, given the ideological straightjacket inside which the publication remains trapped.
But maybe I’m just being cynical in thinking that there might be another explanation: that Glenn Greenwald hasn’t abandoned all hope Sony will produce his Snowden movie — even though a leaked November 14 email from Sony executive Doug Belgrad wrote that the Greenwald project “is unlikely to happen” — and so doesn’t want to embarrass his commercial partner.
Even if the Snowden movie has no bearing here, there is a deeper philosophical problem that the Sony hack story presents to The Intercept and everyone with a visceral fear of government.
American companies, fully aware of the government’s data collection capabilities want to see a more proactive partnership between the public and private sectors to improve information security and thwart cyberattacks. At the same time, libertarians and much of the public at large want to see these capabilities reined in, and businesses themselves don’t want to be burdened by overregulation.
Much as free-market economics promotes a myth of a self-balancing system that functions most efficiently by suffering the least governmental interference, the information economy sustains similar myths about its ability to self-organize.
But on the cyber frontier, threats from the likes of North Korea are probably smaller than those posed by agents whose identities remain forever concealed and whose motives may be as difficult to discern.
This year, hackers caused “massive damage” to a steel factory in Germany by gaining access to control systems that would have generally been expected to be physically separated from the internet, yet the emerging Internet of Things in which as many as 30 billion devices are expected to be connected by the end of the decade, suggests that physically destructive cyberattacks are destined to become much more commonplace.
The politics of information security right now favors an approach in which everyone is expected to maintain their own systems of fortification and yet the protection of collective interests may demand that we live in a world where there is much greater data transparency.
As things stand right now on the information highways, none of the vehicles are licensed, no one has insurance, most of the drivers are robots, and most of the robots are employed by crooks.