These arguments have a certain validity and can’t immediately be dismissed. But none of them are sufficient to get North Korea off the proverbial hook.

Let’s start with the insider issue. There is no doubt that every organization faces an insider threat. Sometimes the insider uses his knowledge to steal money or contracts. Sometimes the insider is liked to outside organizations. Sometimes he acts for political and ideological reasons. Sony could have had an insider operating against it, but even if such a person could be discovered, one must still figure out the motive.

Was the insider a paid informant? Was the informant a spy? Was the informant linked to outside organizations and acting on political and ideological grounds? Was the informant working with the competition? Was the informant offered a lucrative job if he provided critical information? Was he (or her) a disgruntled employee? Since no one yet has fingered who such an informant is, nothing concrete can be said.

Hackers notoriously try to hide their operations from law enforcement and intelligence organizations. This means it takes a huge effort to try and figure out where the hack originated, and even then that may not be enough to be sure that the hacker was connected to any organization or foreign government.

Foreign government sponsored hacks and hackers also want to create “plausible deniability.” They want to leave enough questions about whether or not they were the responsible agents in order to make it harder for a victim to retaliate. The Sony hack is no exception, and the level of sophistication of the operation suggests that a good deal of effort was expended to make it possible for the North Koreans to say they had nothing to do with it, although they were not afraid to warmly praise the operation.

A final complicating issue is that a hack can be a fraud. If you want to start a war you forge a hack accusing the other side of planning a grievous attack, and then you respond to the provocation. The use of provocation is something well know to historians going back in time thousands of years (you didn’t need the Internet to get the job done).

Having said all of the above, the best measure is to figure out who benefits from the hack and to confront the source directly. This is difficult if the threat is coming from a country you don’t talk to, like North Korea; but there are plenty of channels to use to send a strong message. If the response is not satisfactory, the next step is to begin with retaliatory measures, increasing the pressure in each step. Motive is everything and pressuring the presumed source is the only way that future events can be prevented.

The White House recently said that if we do anything to respond to the Sony hack no one will know about it because it will be a secret.

Having said that the American government, the military, our critical infrastructure have been pounded by escalating cyber attacks and there is no evidence the US had done much more than issue warnings to the victims instead of threatening the perpetrators. So the White House “secret” actions don’t appear credible. Meanwhile the axis of cyber-evil, China, Russia, North Korea, Iran, Syria and Jihad organizations operate freely.

Deterrence can only work if those who sponsor the attacks are punished, and the punishment should be meted out based on the only factor that can help us discern the source, and that boils down to motive. For state and Jihad sponsored cyber terrorism retaliation is the only answer. For non state actors law enforcement is the right approach.