Stiennon points out, though, that even tracing an attack to its source may not clarify the matter. "The difficulty is that the attacker could be a lone wolf like the Comodo Hacker, a street gang like the Nashi, or an organized terrorist cell--none of which fall into a Clausewitzian definition of war."
Does It Really Matter?
At a panel discussion on cyber war at a recent media event hosted by Kaspersky, Alex Seger, head of the Economic Crime Division of the European Council, expressed his opinion that the semantics of defining cybercrime vs. cyberwar are largely irrelevant. Seger says that rather than focus on definitions we should focus on the attacks: methodologies, targets, and consequences--regardless of attribution.
This is true depending on your perspective. At the level where PCs are compromised, and sensitive data is exposed, it is somewhat irrelevant why it happened. What matters is that it did happen, and the focus should be on mitigating damage from the incident and implementing defenses to prevent it from happening again.
Unless you happen to be (or work for) a defense contractor handling top secret information, or a part of the critical infrastructure managing things like water treatment facilities, natural gas pipelines, or air traffic control, the odds are probably slim that a given cyber attack will qualify as cyberwar.
You don't really need to concern yourself with how to lable the attack, though. Ultimately, it is hard to imagine any act of cyberwar that wouldn't also be a violation of existing laws. In that sense, all cyberwar is cybercrime, but not all cybercrime is cyberwar.
If your business experiences a cyber attack of any sort, it is best that you engage the appropriate authorities at your local level, and leave the cybercrime / cyberwar debate to law enforcement, government agencies, and politicians.
Sign up for Computerworld eNewsletters.