Breaking the cycle of attacks and counterattacks
Ultimately, the solution to the cycle of cyber violence must be political, Martinez notes. Such attacks "are symptoms of a larger problem that must be resolved between ideologies of two very different cultures and people. ... In some cyber incidents, it's about the perceived or maybe true imbalance between corrupt power and common people. Balancing between these parties, toward the best interest and security of the common people, is a difficult task."
Until the conflicts are resolved, "almost everyone becomes a victim of unintended consequences during war, even cyber war," Martinez says. "Cyber war may be digital, but it is still a form of war."
Because cyber conflict is relatively new, interested parties need to focus more energy and attention on developing international norms that will say what is acceptable behavior and what is not, advises Good Harbor's Papadopolous. That is crucial for maintaining a stable, secure, and trusted Internet, he says.
Although some experts are trying to apply international law to curtail cyber war, these efforts are advancing slowly, and each new attack and counterattack implicitly establishes norms about what is acceptable, he says.
Clearly, the private sector has a vested interest in a stable, secure cyber space and needs to advocate for international norms that will rein in cyber conflict and attacks on critical infrastructure and other companies, Papadopolous says.
Playing defense at home until the cyber war ends
In the meantime, government policymakers and corporate CEOs alike need to think about and plan for escalating cyber conflicts and for disruptive and destructive attacks, not just espionage or intellectual property theft -- the major focus undertaken against advanced persistent threats and hack in recent years. After all, more countries and groups will gain the ability to launch sophisticated attacks, Papadopoulos says.
Policies such as the 2012 Securities and Exchange Commission's Guidance on Cyber Disclosure now require many Fortune 500 companies to report any type of meaningful cyber threats in their organizations, Martinez says. This is leading to an "age of transparency -- whether we like it or not -- which is a good thing because we now share more information about attacks, which allows us to more easily target bad actors," he says.
Still, Papadopolous says the cyber attacks on the private sector raise difficult questions: "What kinds of companies are fair targets? What kinds of attacks are acceptable?" Also, are companies liable when their services are disrupted by foreign attack? And who pays for clean-up, repairs, and compensation to affected customers?
Another key question: What is the government's role in protecting critical companies? In October 2012, Secretary of Defense Panetta said it was not the DoD's mission to provide for the day-to-day security of private and commercial networks, although he acknowledged the Pentagon had a role in the event of a "crippling cyber attack," Papadopoulos says.
Recently, there were reports of banks seeking help from the National Security Agency, Papadopoulos says. "How will the government's role change if we see more and more attacks against companies and they are more and more disruptive or destructive?" he says. That's a question many more people may ask if the world cyber war indeed escalates.
One thing is clear: The era of cyber warfare is here, and it's happening on the homefront.
This story, "Unseen, all-out cyber war on the U.S. has begun," was originally published at InfoWorld.com. Follow the latest developments in information security at InfoWorld.com. For the latest developments in business technology news, follow InfoWorld.com on Twitter.