I recently wrote a post entitled, “Is the US Already Engaged in Cyber War?” This was published on Fox News early in the week before the NY Times article appeared stated the US and Israel collaborated on Stuxnet under a different code name and disrupted the Iranian nuclear program. My speculation was that if one nation had attacked the critical infrastructure of another nation using cyber weapons, this would certainly constitute and “act of war,” or properly termed an “act of aggression” allowing the attacked nation to respond in self-defense under Article 51 of the UN Charter. I still believe this is the case, but, not so much in this particular case. Why, because of Iran’s apparent lack of any response, except in the media. So, why is this? Many articles and reports have already claimed we have seen the first cyber war with attacks like the one’s on Estonia and Georgia, and some even claim that the hacking by China against the US is cyber war. There are two problems with this: first of all, Estonia and Georgia never retaliated. You need two parties to engage to have a war. Second, what China has done, along with many other countries and various groups from terrorists, to organized crime, to common thieves, is engage in electronic/economic espionage, cyber theft, or just plain spying using computers. Are these “acts of war?” No, not until one nation declares, “enough is enough,” and launches a significant cyber-attack in response or better yet a kinetic attack. If a so-called attack does not generate a significant response then it probably was not so bad to begin with. Granted, every nation must consider the political and survivability issues, e.g. “don’t start something you can’t finish.” But, in the absence of a clear cyber-attack and either cyber or kinetic response I would argue no cyber war has yet occurred. We are still in the “cat and mouse,” “electronic espionage,” game of spying. It’s just that now the game has moved to the Net!