“There were some cyber responses to North Korea,” McCaul acknowledged during public remarks at the Center for Strategic and International Studies (CSIS), a Washington think tank.
The White House has declined to comment so far on McCaul's comments.
Starting on December 20, Internet users in North Korea started to experience disruptions. Then, between December 21 and 22, the country's network was down for 10 hours. The blackout came just days after the administration publicly accused Pyongyang of a hack of Sony Pictures Ltd., which left thousands of computers damaged and leaked troves of personal and confidential data.
— Dyn Research (@DynResearch) December 23, 2014
The perpetrators of the Sony hack, who called themselves "Guardians of Peace," directly tied the action to demands that Sony not release the film "The Interview" — a comedy lampooning the North Korean leader, Kim Jong-un and an attempt to assassinate him.
North Korea has maintained they were not involved in the hack but US intelligence agencies claimed they have proof that the hacks originated with North Korea.
Just days before North Korea's Internet troubles, Obama had assured that there would be a US response to the Sony hack
"We will respond proportionally," Obama said on December 19, "and we'll respond in a place and time and manner that we choose. It's not something that I will announce here today at a press conference."
On January 2, the White House very subtly implied that they were not responsible for the blackout when, in announcing sanctions against North Korea, they called them "the first aspect of our response" — implying that the attacks the previous month were not a response from the government.
Sony Hack Used to Justify New Cybersecurity Laws
During his talk at CSIS on cybersecurity legislation, McCaul said private companies are expecting better defenses against threats like the Sony hack.
“What they’re telling me is that the government isn’t doing their job,” McCaul said.
Cybersecurity legislation that would provide liability protections for US companies who share information with the US government about possible cyber threats is currently in the pipeline but has faced considerable criticism for its potential to violate users’ privacy. Critics, roused by Edward Snowden's revelations of rampant NSA spying, worry that with companies shielded from legal actions, they will too readily hand over their user's information.
While previous versions of the bill have been defeated, largely due to such privacy and civil liberties worries, the US Senate Intelligence Committee has approved the most recent version of the Cybersecurity Information Sharing Act, and it is headed to a full vote in the Senate.
