Law enforcement agencies, government regulations, and a coordinated and established framework for a military response to a cyber attack are not even in the current realm of possibility, according to a group of experts at the Techonomy Policy conference in Washington on June 9 (emphasis added):
The Internet, said Mundie, is something like the Wild West, where “people feel rightly or wrongly that they can act with impunity,” adding that this state of affairs will continue until law enforcement and government step in. All the panelists agreed that it is the role of law enforcement and the government to patrol the Internet’s byways and not something businesses can address on their own. In any case, laws prohibit cyber vigilantism.
As the severity of attacks rises, the government will have to establish a set of threat levels and responses, said panelists. After Sony released The Interview, which offended the North Korean government, its devastating attack on Sony’s corporate infrastructure created a new environment, Harris said.
But the limits and expectations of what kind of response is called for remain undeclared and apparently undecided. “What are the levels of aggression that are necessary before the U.S. attacks a country for cyber attacks?” Harris asked. “If the U.S. banking system is taken down? When a few key sites are?”
“Does Congress have to declare war for the U.S. to attack a country, a rogue state, or individuals, as it must do now before U.S. troops can be involved?” Mundie said.
Because militarization of the Net is so new, no scale of threat levels has yet been created, and it is up to each victim how to respond. How many bits and bytes would an attacker have to wipe out for someone to feel compelled to respond?