What constitutes an act of cyber war?

Can a country be held accountable for hacking groups that operate within its borders? That is a question that is currently being played out on the world stage. India and Pakistan have been exchanging cyber fire on and off for more than a decade. Some say these cyber hostilities date back to 1998, and the latest volley of cyber fire is just a continuation in the hostilities. The exchange of digital fire has focused on taking down (i.e., making unavailable) websites in both countries. So who is winning? That depends on who you ask. In the latest exchange, cyber battle damage was assessed at approximately 40 Pakistani websites taken down and the defacement of more than 250 Indian websites.

Is this really a cyber war? Hardly, but absent an agreed upon definition, who can object. One security intelligence analyst I spoke with put it like this: “This is more like children behaving badly than it is about a true military exchange in the cyber domain.” I would have to agree. You could put this in the same classification of cyber hostilities as those WikiLeaks supporters that have launched cyber attacks to protest actions against WikiLeaks’ founder Julian Assange.

However, this does point to a serious problem that has been around for some years now. The problem of defining what constitutes an act of cyber war. I wrote a definition for cyber terrorism in 2004 that was picked up and referenced in the Deputy Chief of Staff for Intelligence’s Cyber Operations and Cyber Terrorism Handbook but did not address the definition of what constitutes an act of cyber war due to the complexities. Homeland Security Secretary Michael Chertoff posed the question about cyber war in 2008. To this day we still do not have an answer to that fundamental question much less a definition that is accepted by all NATO countries or by the United Nations. With the frequency of cyber hostilities increasing, don’t you think we should at least define what constitutes an act of cyber war before one really happens?