National Security Agency Director Admiral Michael Rogers expressed support Thursday for the United States’ economic sanctions against North Korea in response to the hack on Sony Pictures Entertainment, and called the attack against the movie studio a “game changer” for cybersecurity.
“Sony is important to me because the entire world is watching how we as a nation are going to respond do this,” Rogers said Thursday at the International Conference on Cyber Security in New York. “If we don’t name names here, it will only encourage others to decide, ‘Well this must not be a red line for the United States.’”
After naming North Korea responsible for the attack against Sony, the U.S. announced sanctions last week against 10 individuals and three organizations in North Korea, including the state’s main intelligence agency and its primary arms exporter. The sanctions effectively denied them access to U.S. financial systems.
In his address at the conference, Rogers endorsed the U.S. response to the Sony attack, implying the U.S. government should have a key role in responding to some cyberattacks on private companies. “I don’t think it’s realistic” for private companies “to deal with [cyberattacks] totally by themselves,” he said.
Rogers that hacks against private companies may require economic sanctions. “Merely because something happens to us in the cyber arena, doesn’t mean that our response has to be focused in the cyber arena” he said. “I was very happy to see what we as a nation state decided to do,” referring to the response to North Korea.
He also expressed skepticism about so-called “hack backs” in which private companies strike back against hackers, saying they risk “fratricide” by escalating cyber attacks between nation states and institutions.
The NSA was asked to examine malware used in the Sony hack and played a supporting role in determining its origins, Rogers said. The November hack brought down the studio’s networks and resulted in the leaks of terabytes of files including unreleased films and employee Social Security numbers. President Obama said last month the U.S. would launch a proportional response to the attack.
Rogers said North Korea was responsible for the hack against Sony Pictures Entertainment, reaffirming government claims despite doubts among some cybersecurity experts. “I remain very confident: this was North Korea,” Rogers said.
The remarks come a day after FBI Director James Comey said North Korea was “sloppy” in concealing the attack and said he had “high confidence” the hermit state was responsible.
Some cybersecurity experts have argued that the evidence North Korea is behind the attack is inconclusive, noting that the hack may have been the work of disgruntled employees or criminals.
Rogers also urged Congress to pass legislation that would encourage information sharing between private companies and the government on cyber threats.