The United States has always stayed pretty mum about its offensive cyber-warfare intentions though the rhetoric has been shrouded in less and less secrecy and become more overt of late. Earlier in 2011, the White House released its International Strategy For Cyberspace (pdf) which first officially opened the can-of-worms regarding attack possibilities. USCYBERCOM, a sub-command to USSTRATCOM, finally has its operating guidance through the recent Department of Defense Cyberspace Policy Report (pdf) issued to Congress. Perhaps the most important bullet from that document explicitly states that both kinetic and non-kinetic cyber options are at the President's disposal when dealing with attacks against the United States.

The President reserves the right to respond using all necessary means to defend our Nation, our Allies, our partners, and our interests from hostile acts in cyberspace. Hostile acts may include significant cyber attacks directed against the U.S. economy, government or military. As directed by the President, response options may include using cyber and/or kinetic capabilities provided by DoD.

Further in, the document states, "should the “deny objectives” element of deterrence not prove adequate, DoD maintains, and is further developing, the ability to respond militarily in cyberspace and in other domains" which alludes to defense, attribution and counter-attack. Development and application may not be as far off as some think given the revelation by WikiLeaks of contracted cyber-warfare tools, hardware and malware in use by governments around the world. Some didn't feel a legal framework was necessary as commented by Air Force General Robert Kehler, "I do not believe that we need new explicit authorities to conduct offensive operations of any kind ... I do not think there is any issue about authority to conduct operations."