A report on a talk given by Ed Skoudis at the Hack-In-The-Box conference in Kuala Lumpur.
There's been talk that some countries are leaning towards viewing cyber attacks as being on par with a traditional kinetic attack (i.e., involving nukes, guns and blood), and possibly requiring appropriate military responses.
Yet, there is no consensus on what constitutes a significant attack – one power grid control station taken down? A town’s Internet access shut down? Or, as one of our Analysts put in, "what would *really* constitute a digital 9/11?"
One of Skoudis's contentions is that an attack that takes down an entire country's Internet access is fundamentally similar to a blockade, which is historically accepted as an act of war. The 2007 attacks on Estonia spring to mind. Is that really an accurate, legally acceptable premise though? Can an online attack really cause significant damage to an entire nation's trade/economy/social structure?
There's also a PDF file here which goes into much greater detail.