It’s an Arms Race!
Granted that the reaction seen from officials may be timely, though somewhat exaggerated, owing to the growing number of high profile security incidents, it should be made clear that there is to date no incident within cyberspace that can be defined unequivocally as war or warfare. Most have been confined to the realm of espionage or vandalism. The few cases that displayed “war-like” characteristics, such as Israel’s presumed use of cyber weapons to disable Syrian air defenses in 2007, should not be counted given that the violent outcome was the result of conventional weapons. Similarly, while Stuxnet had the potential of causing significant damage to both equipment and human life, no reports of the latter taking place have surfaced. Consequently, claims from pundits that cyber war is upon us and that this merits such a strong response remains, at this point in time, baseless. In its place, what can clearly be seen is the abject lack of norms and regulations that define permissible behavior of states within cyberspace.
Subsequently, this situation gives rise to cases wherein states continue to act solely by their own accord. Disparate legislation and standards between states coupled with a lack of understanding of this new domain poses serious challenges in regulating and defining what is acceptable. Consequently, this gives rise to widespread cases of cyber-espionage attributed to China, DDoS cyber-attacks from North Korea towards South Korean, and the like. While it is unlikely that the United States would act unilaterally to mitigate an imminent threat in cyberspace as described in the report, the fact of the matter is that there are no mechanisms in place to prevent it from acting as stated should it wish to.