PORTLAND, Maine - The Sony-North Korea hacking scandal has prompted many private companies across the globe to ask themselves the following question: "How vulnerable am I to a cyber attack?"
One local cyber-security expert says there are clear lessons to be learned from the debacle. Edward Sihler is technical director of the University of Southern Maine's Maine Cyber Security Cluster - a statewide network of academic departments established by the University of Maine System to study the issue of I-T security.
He says North Korea's electronic assault on Sony Pictures is not your usual cyber attack - which is typically aimed at ID theft and banking fraud - but it is a worrying development.
"It certainly is," Sihler says, "and it is very, very chilling with Sony's response of, 'We're not releasing it, our networks are so threatened we will do what you want.' "
Sihler says he's also intrigued by the likelihood that the army of hackers employed by North Korea to attack Sony appears to be the same group of people who have been carrying out identity and credit card theft.
"And there's been some speculation that these were operations funding governmental cyber 'insecurity' groups as a, 'Look, if you can send your cyber army out and they will live off the land by stealing credit cards until you need them, they a) get their training, and b) pay for themselves," Sihler says. "That's pretty good."
Tom Porter: "What can companies do? What measures should be taken in light of this? Can any company withstand the kind of large assault that Sony saw?"
Edward Sihler: "Well, Sony has a reputation for - and I have nothing to back this up other than reading the newspaper - some of the worst security setup, by Hollywood standards.
Tom Porter: "You remember their Playstation was hacked a few years ago?"
Edward Sihler: "Exactly. And certainly in the world of cyber-security, it's the same deal as when you're out hiking in the woods - you don't want to be the slowest hiker in bear country. You don't need to be the fastest, you just have to outrun somebody. Now, the other thing is some very simple old rules out of the Sony debacle that are coming out: Don't commit to email something that you don't want read out in public."
The bottom line, says Sihler, is that many companies need to do a better job at cyber-security - and there are some examples out there of how to get it right.
"One of the big advances right at the moment are the combination of Google's 'Wallet' and Apple's 'Pay,' wherein merchants will only have a one-time use credit numbers," he says, "so it doesn't have to be protected."
Sihler says one country at the forefront of cyber-security is Estonia, which is changing centralized databases and keeping certain personal information protected.
"For example, if you go to the grocery store, your age isn't on the driver's license. You swipe it and it says, 'Yes this person is over 21, they can buy booze.' It doesn't say how old they are, none of that," he says. "So it's revealed only that which must be revealed, so again we're getting into the, 'Maybe we should only store that which we need to store.' "
Edward Sihler is technical director of USM's Maine Cyber Security Cluster.