Raised Stakes in State Sponsored Cyber Activity
The stakes are always changing in the state sponsored CNO (computer network operations) field. China has recently admitted to having built a dedicated military unit known as the Blue Army for defensive operations. A retired PLA general spoke to their skills by allusion, "It is just like ping-pong. We have more people playing it, so we are very good at it." Despite the claims on defense, it is generally assumed to be related to their offensive operations which continue to be less and less clandestine (pdf). Symantec research indicates that nearly 30% of malware cases originate from within China.
On the homefront, the Obama Adminstration recently unveiled the White House's International Strategy For Cyberspace (pdf). The paper outlines a vision of state interaction and protections on the Internet in accordance with the Budapest Convention on Cybercrime followed by a loose warning the United States reserves the right to kick ass.
When warranted, the United States will respond to hostile acts in cyberspace as we would to any other threat to our country. All states possess an inherent right to self-defense, and we recognize that certain hostile acts conducted through cyberspace could compel actions under the commitments we have with our military treaty partners. We reserve the right to use all necessary means -- diplomatic, informational, military, and economic -- as appropriate and consistent with applicable international law, in order to defend our Nation, our allies, our partners, and our interests. In so doing, we will exhaust all options before military force whenever we can; will carefully weigh the costs and risks of action against the costs of inaction; and will act in a way that reflects our values and strengthens our legitimacy, seeking broad international support whenever possible.
The Pentagon is formalizing its own stance on attacks and intrusions against its own assets in addition to nationally protected assets as equivalent to acts of war. Naturally such a decree would require overwhelming evidence of attribution. The running consensus is solidifying that when the effect of a cyber attack on American assets is equal to a kinetic attack, then its not a stretch to apply equivalent counter-measures.