North Korea is capable of pwning Sony. Whether it did is another matter

Beyond state-level: defending your IT world

Defending a network properly costs a lot of money. If you want to do it, you cannot simply rely on off-the-shelf software and tools. You need to hire hackers to defend against hackers. People who are trained in operational security and who look as much for what isn't there as what is.

Shelfware isn't going to catch gaps in logs or other fairly simple tricks to cover one's tracks. Someone who has actually spent time penetrating other systems and had to think about these things just might. These people are not cheap, and there aren't many of them.

Those networks which are defended by teams of the best will not fall to your average state-level, organised crime or industrial espionage hacking crew. They will understand, amongst other things, that eggshell security doesn't cut it. That breaches will occur will have been foreseen, and they will have built traps, isolation procedures and much, much more to counter attacks.

To get into these networks you need more than a state-level hacking apparatus. You need a hacking industry. You need to have billions of dollars being spent every year to identify new zero-day exploits, employ professional spies to gather data and be able to perform physical attacks against networks (such as compromising data centres or backhaul data links).

No one nation – not even the US – can pull this off. Developing this level of capability takes international cooperation. It takes the cooperation of nations with private industry. It requires tens – if not hundreds – of thousands of people working together to industrialise network compromise.

It really could have been North Korea

So, yes, Sony's breach absolutely could have been the work of the North Koreans. It is even a logical target if their goal is to train their hacking team against a live target. North Korea has no love for Japan or the US, so taking on what was once an iconic corporation in those countries might have some symbolism.

More to the point, Sony was soft. It wasn't expecting an attack, it wasn't particularly well defended, and it didn't have the resources (that larger, more profitable corporations have or are developing) to react in real time.

I don't buy the proposed political motivations of North Korea hacking Sony one bit. Sony is a stupid target if you want to make an actual statement. But it is exactly the right target to train against.

We are all viable targets. Even if we are not a tempting target because what we have squirreled away on our networks, we might just be useful to train against. It could be that the only purpose the compromise of our network serves is target practice for someone going after meatier game.

Given the above, it's time for us to stop thinking that quality attackers are few and far between, or that our networks will only be attacked for good reason. It's time to make network security something we constantly evolve and refine and hire full-time professionals to oversee. ®

Read PART 1 here.