How the US could retaliate against North Korea

Now that many U.S. intelligence and cybersecurity experts have concluded that North Korea was behind the devastating digital attack against Sony, the question is: What can the U.S. government do about it?

If North Korea is conclusively proven to be behind the attack—the matter is still officially under investigation—the United States should respond, private sector and government officials told CNBC. There's no general agreement, however, on what an effective retaliation would look like. Additionally, experts said any successful measure will need to reach Pyongyang's well-insulated elite, rather than just harming the already suffering majority.

Read MoreNorth Korea's scrappy, masterful cyber army

The strategy with the most potential, experts said, would involve leaning on outside entities, whether they be foreign firms such as telecom companies or overseas governments like the one in Beijing.

A North Korean worker uses a computer in the control room of a factory in Pyongyang, North Korea, April 9, 2012.
Pedro Ugarre | AFP | Getty Images
A North Korean worker uses a computer in the control room of a factory in Pyongyang, North Korea, April 9, 2012.

"I don't think, quite frankly, that [U.S. officials] have a good sense of how to respond just yet—I just don't feel like they know what to do," said Victor Cha, Korea chair at the Center for Strategic and International Studies and author of "The Impossible State: North Korea, Past and Future."

Possible nonmilitary responses include criminal indictments against North Korean officials who signed off on the attacks (as the U.S. did against Chinese military hackers in May), a United Nations resolution condemning the country, a U.S.-led cyberattack against Pyongyang, or economic sanctions.

But neither indictments nor resolutions are likely to have much effect on North Korea, experts said. Economic retaliation, however, would be an effective response that doesn't risk all-out war, many said.

Read More US officials: North Korea ordered the Sony hack

"The financial portion is what hurts them the most," said Jack Pritchard, who served as U.S. ambassador and special envoy for negotiations with the Democratic People's Republic of Korea from 2001 to 2003. "I would not underestimate the value of financial sanctions."

Terence Roehrig, professor of national security affairs and director of the Asia-Pacific Studies Group at the U.S. Naval War College, also said economic sanctions were the best course of action.

He said one way to financially hurt Pyongyang would be to sanction foreign-owned companies that are helping to bolster North Korea's infrastructure and economy. The U.S. has employed this strategy effectively before, punishing banks and other companies that have done business with Iran.

Firms working with North Korea include Egyptian telecom Orascom, which reportedly just earned $500 million from its work to provide cellular service to more 2 million North Koreans. Even Chinese companies operating in the country could be targeted, experts said, although sanctions against these firms could result in consequences that spill beyond the Korean peninsula.

The other concern about harming North Korea's technical infrastructure would be the damage it could do to its citizens.

Read More How millennials are shaking North Korea's regime

"The initial reaction is that we should do something that cuts off cooperation with North Korea," Cha said. "You could certainly try to do that ... but North Korea needs the Internet so the people can see what a farce their leadership is. It's a tough call."

As for a cyberattack against the North Korean regime, that would likely be a dangerous path, said Chris Finan, CEO and co-founder of Manifold Security.

"It's a bad idea to resort to frontier justice by throwing rocks, when we live in an economy built on the same glass," he said. Finan, who served in the Obama administration as the director for cybersecurity legislation and policy on the national security staff, said the U.S. would take on great risks by responding with a cyberattack of its own.

Cramer: North Korea a rogue nation
Cramer: North Korea a rogue nation   

Other intelligence experts agree. "We should step back from engaging in cyberwar for commercial interests," said Jack Devine, the former associate director of the CIA's overseas operations. "The commercial world needs to harden its walls and procedures appropriately to prevent this from happening."

Read MoreWill Kim Jong Un ever face a war crimes court?

Ultimately, the best strategy for retaliation against Pyongyang may be to lean on China, said Bruce Bennett, a senior defense analyst at Rand Corp. If the U.S. can establish sufficient evidence that Beijing either trains or provides resources to North Korean hackers, the government would do well to threaten China with accessory charges to the Sony hacking, he said.

Additionally, government representatives could emphasize that North Korea is upsetting China's goal of regional stability. Beijing would likely be able to sway Pyongyang's hacking policies, as Chinese firms account for much of North Korea's foreign investment.

Trade between China and North Korea reached about $6.5 billion in 2013.