A think tank of 40 experts headed by Richard Clarke, former national security adviser to the US president, has warned that international protocols that distinguish between electronic spying and attacks on computing infrastructure are so blurred they now risk setting off unintentional cyber conflicts. In a scathing appraisal of military and political secrecy surrounding the use of the internet as a weapon, the paper, titled "Virtually here, the age of cyber warfare", claims that commercial organisations have in effect become cannon fodder in the equivalent of a cold war in cyberspace.
Too much of the debate on policies related to cyber war is happening behind closed doors, the report says. If a major cyber conflict between nation states were to erupt, it is very likely that the private sector would get caught in the crossfire.
Commissioned by security systems vendor McAfee, the report indicates mounting tension between the commercial and government internet security interests as hacking raids of systems become a regular occurrence.
One controversial finding is that the legal classification of organised, third-party hacking against specific targets as a criminal activity has become largely defunct because many governments now use criminal interests to prosecute political or military agendas.
The line between cyber crime and cyber war is blurred today in large part because some nation states see criminal organisations as useful allies, the report says.
Nation states have already demonstrated that they are willing to tolerate, encourage or even direct criminal organisations and private citizens to attack enemy targets.
One question raised by the paper is whether a new international treaty to govern the use of cyber weapons is necessary to define what an appropriate response to an attack on behalf of a nation state may be.
Some legal experts have suggested that substantial updating to the laws of armed conflict may be necessary, the report says, citing the experience of Estonian authorities whose national infrastructure was besieged with cyber attacks during a political row with Russia.
Answering the question of when to use force in response to a cyber attack needs its own framework, Eneken Tikk, a legal adviser for the Estonian Co-operative Cyber Defence Centre of Excellence, says in the report.
Companies faced with being electronically raided for information or crippled by cyber assaults have been handed a bleak assessment of how they legally repel attacks.
The problem is that government organisations are not always forthcoming about detailed threat information on attacks and without the detail it is not always possible to respond to the threat, former deputy director of the US National Security Agency, William Crowell, says in the report.
Mr Crowell claims there have been cases where the US government told companies that they might be under attack yet did not provide any detail on the specifics of the attacks.
The New York Stock Exchange and the Nasdaq are both listed as the targets of cyber attacks in the report. However, possible perpetrators are not identified.
Apart from the NSA's Mr Crowell, the report also lists Mike Jacobs, a former information assurance director at the US eavesdropping agency as a contributor.
Australian government interests have also provided input to the report. Fairfax Business Media
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.