I'm not sure they are in complete control, although it's a great image of master manipulation to imagine they are. I'm waiting until I really understand the whole story to start assigning any blame.
I'm more interested at this point in figuring out what this means for the future. Do we live in a world now where state-actors will target specific companies and basically try to rip them to shreds and extort them? Now I'm supposed to personally defend my company and my network against state-sponsored targeted persistent threats?
It should be possible to lock down individual machines which aren't ever supposed to be networked. That's hard enough. I'm personally of the belief that any networked device is ultimately hack-able up to the physical constraints of the network. It's all about how much it will cost an attacker to gain access, and how much they can steal once they get it.
If governments start routinely sponsoring these attacks, I'm very concerned the cost-levels we impose today are 5 - 6 orders of magnitude too low, and the network bandwidth 5 - 6 orders of magnitude too high, to deter these types of attack.
The state has targeted lots of private conpanies for decades, offering the advice to American companies as a competitive advantage.
This is different from states trying to explicitly destroy another company, but the bottom line is the same: you need to include state actors in your list of potentially hostile attackers, same as any black hat.
For probably most nations the "state-actors" part is irrelevant as they have no magic hacking method not afforded to anyone else. The exceptions are nations host to companies that supply hardware and software to be backdoored.
This whole thing has been blown out of proportion.
The thing is that from what I can tell this attack is not even in the same order of magnitude as the state sponsored attacks you are referring to.
I haven't found a good write up on the attack, however my understanding is it was mainly due to Sony's lack of security and not the prowess of the hackers.
This was something like SQL Injection and non password protected excel files with employees social security numbers. The state-sponsored APTs you are talking about are hundreds of millions of dollars worth of custom software engineering.
However I agree with your general premise that another government essentially blackmailing one of our private companies is worrying.
I'm more interested at this point in figuring out what this means for the future. Do we live in a world now where state-actors will target specific companies and basically try to rip them to shreds and extort them? Now I'm supposed to personally defend my company and my network against state-sponsored targeted persistent threats?
It should be possible to lock down individual machines which aren't ever supposed to be networked. That's hard enough. I'm personally of the belief that any networked device is ultimately hack-able up to the physical constraints of the network. It's all about how much it will cost an attacker to gain access, and how much they can steal once they get it.
If governments start routinely sponsoring these attacks, I'm very concerned the cost-levels we impose today are 5 - 6 orders of magnitude too low, and the network bandwidth 5 - 6 orders of magnitude too high, to deter these types of attack.