Editorial: Protect and Defend

Sony has become an easy punching bag in the past couple of weeks over the massive hack that had executives apologizing over private e-mail laundry aired in public and employees trying to figure out how much of their personal information was exposed for the world to see.

Fellow studios offered condolences. “Sony Pictures is not just a valued member of our association family, but they are friends and colleagues and we feel for them,” the Motion Picture Association of America said last week. “We continue to be in constant touch with their leadership and will be of any assistance to them that we can.”

The Sony hack was not a pretty sight, but it seemed to us that a lot of stones were being launched from an industry, and a nation, with plenty of glass houses. This should be a teaching moment. The airing of unsavory emails no doubt already is serving as a cautionary tale to be mindful of what we say and do—on company email or otherwise.

And rather than spending time rubbernecking at the crash site, the industry should redouble efforts to protect its information online. If the Justice Department can be hacked, as it was in 2012, nobody can pretend to be safe.

Congress has been slow to act on cybersecurity, even while acknowledging the threat to critical systems like nuclear power and energy grids. It has also been slow to provide the kind of cybersharing regime, free of antitrust or liability concerns, that will allow industry to share threat information freely and better protect themselves from hackers. Progress was made with passage of a cybersecurity bill in this Congress that at least establishes a framework for voluntary cybersecurity practices and gets government and industry working together.

But that process will take a while, and meanwhile, Internet predators are moving at the clip of high-speed broadband to try and get access to personal and business information now widely available on the ’net. One estimate last week was that 90% of companies were equally vulnerable to a Sony-like hack.

And as video content moves online, the threat is not only to personal information, but to the creative content that drives the TV and film industry. The Sony hackers were pirates as well, distributing copies of unreleased films they found during their online ransacking.

Make no mistake: Hacking is not some Robin Hood exercise to be secretly celebrated. It is an attack, and a violation of privacy—and in this case, a theft of valuable intellectual property as well, and perhaps terrorism.

The unfairness of its predicament aside, we don’t think Sony can get this genie back in the bottle. That includes by making legal threats against those who report leaked information, though clearly publishing all but the most objectively newsworthy of the stolen personal material, such as employee medical information, should be out of bounds.

What all that leaked info most reveals is how vulnerable every company is to being violated. That’s a scary thought, and one that should spur some there-but-for-the-grace-of-God action by everyone, and not just snickering and finger-wagging at Sony.