APL Analysts Examine Sony’s Cyber ‘Nightmare’

The National Security Analysis Department at Johns Hopkins University Applied Physics Laboratory (APL) in Laurel, Maryland, recently released a report outlining the timeline and impact of North Korea’s 2014 cyber attack on Sony Pictures Entertainment. The study, “Sony’s Nightmare Before Christmas,” is now available online.

Written by APL’s Antonio DeSimone and former staff member Nicholas Horton, the report details the events surrounding the attack by North Korea prompted by the pending release of the Sony-helmed comedy “The Interview,” which fictionally depicts North Korean leader Kim Jong-un’s assassination.

With the Sony attack, the perpetrators didn’t just steal information — they wreaked havoc and created widespread financial damage, effectively shutting down the company’s technology and day-to-day business activities. The attack also made public embarrassing e-mails between top leadership at Sony that spread to mainstream media and the pages of celebrity tabloids. Eventually, threats were also made against U.S. movie theaters, creating nationwide concern.

The timeline of the attacks, e-mail leaks, and government and private-sector responses played an interesting role in the crisis, which is revealed in DeSimone and Horton’s detailed analysis. They examine the sophistication of the attack, particularly the targeting, preparation and planning that distinguished it from previous cases. But more than this, the analysis highlights the U.S. government’s public statements regarding the attack — unique at the time — and how the public conversation was shaped by the private-sector cybersecurity experts and firms, eventually forcing government to weigh in officially.

“We select significant reports to publish in this format to highlight impactful analysis for national security leaders and the public,” said Christine Fox, Assistant Director for Policy and Analysis at APL. “This report showcases how complicated today’s environment is for our policy-makers and how the widespread technical competence of private industry is forcing our leaders to grapple with complex policy responses to cyber attacks in the public eye.”

This report is the latest in the department’s series of publications, which seeks to highlight impactful analysis from around the Laboratory for national security leaders and the public.