There’s a good article quoting Martin Libicki of RAND Corp. and his talk at the CyberFutures symposium.
Political leaders do not grasp the concepts of cyberspace and cyberwar at a level to confidently write policies, he said. “Cyberwar is a lot of magic. Try talking to high-level folks and figuring out what they actually understand about it. The best of them don’t have a clue and the worst of them think of things that have no basis in reality. So when something happens, it’s always a head-scratching event.”
Then there’s the problem of attribution:
While a certain amount of forensics may be able to trace an attack back to a specific machine, that in no way proves who carried out the action, Libicki said. Sophisticated hackers rarely launch attacks through hardware that can be linked to them. Often they find ways to send worms and viruses through the computers of unsuspecting users. There would be giant ramifications to the U.S. government retaliating against the wrong party or failing to make it known to an attacker that he has been countered, he said.
And the problem of your counter-attack actually having sense and delivering on the cost to launch:
“If you are going to use offensive cyberwarfare, you are going to have to use it against a state that has something to lose. If al Qaida took down the [U.S.] electric infrastructure, it would be rather unsatisfactory to try and take down al Qaida’s electric infrastructure because they don’t happen to have one.”
A good and quick read if you want to catch up on the real issues that any logical talk of “cyberwar” runs up against.