StrategyPage.com ran an article on the blurring line between criminal attacks and acts of war in cyberspace.
"In the computer age -- and 2008 is definitely in the computer age -- the difference between an act of war and crime is often a matter of interpretation as well as degree.
Attack a nation's highways and railroads, and you've attacked transportation infrastructure. You've also committed an obvious, recognized act of war.
An electronic attack doesn't leave craters or bleeding human casualties, at least not in the same overt sense of an assault with artillery and bombs. However, the economic costs can be much larger than a classic barrage or bombing campaign."
This article, like others, points out the problems and appears to want to label many attacks as acts of war or terrorism. The problem is real but answers are not simple. Cyber attacks are no different from physical attacks - what separates crime from terrorism or acts of war is not the medium or even the impact but the
motivation, resources and organization behind the attack.
If a seventeen year old in China vandalizes a website because he disagrees with its content, it is a criminal act. If a nation state (whether directly or indirectly) orchestrates an online denial of service attack against another nation state, it's probably an act of war. The problem is the victim rarely knows who or why they have been attacked.
The difference in cyberspace is that it is very difficult to understand the adversary's motive. Corporations and other organizations rarely investigate the actual source of or reason behind the attack. Law enforcement and intelligence agencies are usually ill-equipped and underfunded or staffed.
These types of investigations are not impossible, but they are both costly and time consuming. Yet, as society's dependence on information infrastructures grows, so does the impact of attacks. Understanding the nature of the threat is vital to proper response. Simply labeling every attack as 'cyberwar' or 'cyber terrorism' is counter productive. Society - corporations, governments, academia and security vendors - need to invest in new and better methods and technologies to investigate cyber attacks.
Unfortunately, it will probably take a serious attack before this happens.
War -- or Crime -- in Cyberspace