No national policy
Evans believes the time has come for the government to formalize a national policy for dealing with cyber threats. Such a policy should clearly define the thresholds beyond which cyber attacks will be considered an act of war, establish who's in charge among the different federal agencies that would respond to a cyber crisis, and spell out when they are allowed to use that authority.
Few doubt that the U.S. Department of Defense and the NSA could launch crippling cyber offensives of their own in response to a cyber attack. But a policy framework needs to be in place defining when such an offensive is appropriate, Yoran said. Whether that retaliation means a cyber-counteroffensive or a more conventional military one needs to be figured out as part of U.S. cyber policy before a crisis, Yoran said,
"Just as we would respond to a terrorist attack, there needs to be some sort of a response capability," Titus said.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed. His e-mail address is firstname.lastname@example.org.
Read more about security in Computerworld's Security Knowledge Center.