Cyberespionage attacks such as the targeted campaigns carried out in the Aurora attacks against Google, Adobe, a number of defense contractors and large enterprises, are too often being labeled cyberwar, according to a growing number of people in the information security industry. This juxtaposition is leading to confusion and could steer policy makers at the federal and corporate levels down the wrong road in trying to counter these threats.
Experts such as Bruce Schenier are asking pointed questions about the true definition of cyberwar, with the understanding that this is uncharted territory; there are no established ground rules yet. What does cyberwar look like? How does it end? How do you fight it? What do the weapons look like? Are incidents such as Stuxnet, or the Russian attacks on Estonia and Georgia truly cyberwar, or just the use of war-like tactics in cyber conflicts? It's a unique situation where politically and criminally motivated hackers are using the same tactics and techniques for different ends. The difference in a cyberattack is that attacker's identity and motivation are for the most part unknown.
Understanding who is behind a cyberattack matters more today than ever. Enteprises have traditionally built network defenses to repel known and unknown threats based upon the risk to their individual businesses. Government agencies do the same. As we move forward, however, and more policy is established in terms of who responds to such attacks, it will become increasingly important to know who is behind attacks and why.