But Harding told CSO he does not think this means the U.S. has started a cyberwar. "There will never be a pure cyberwar in my opinion," he said. "There will be operations in cyberspace but they will always be in support of other actions. By itself warfare in cyberspace cannot conquer an enemy. The effects will normally be temporary and probably not physical in nature."
Still, he said the admission taints the U.S. in the eyes of the rest of the world. "It is a challenge to maintain a high moral position if we are the first to acknowledge the use of such a weapon," he said.
Other security experts also say that "war" is the wrong term. Bruce Schneier, chief security technology officer at BT and an author, said that "throughout history, the definition of a 'major war' has involved casualties in the hundreds of thousands. That means dead people."
Marc Zwillinger, of the Washington, D.C. law firm ZwillGen and a specialist in cyber conflict calls them "cyberattacks," and said he doubts the U.S. was the first nation to use them. "Our government, government contractors, and ISPs have been pummeled for years," he said.
Whatever the semantics, there is unanimous agreement that the attacks are doing enormous damage.
"Cybercrime is a really big deal," Schneier said. "Much bigger than al Qaeda, which has basically been a fairy scare story since 9/11."
Zwillinger said: "It's something to take very seriously. It's not that hard to undermine our economy and cause lasting effects. How long was the Facebook trading glitch that is being blamed for a lot of uncertainty and panic in the trading of one stock?"
"United States corporations lose billions of dollars in research to cybercrime and espionage every year," Harding said. "Now imagine these efforts [aimed at] national security products. Not only do we lose intellectual property and de facto our investment dollars, but we may have a national security problem."
Another problem with cyberweapons, as a number of articles have pointed out since the discovery of the Flame virus in the Middle East (an espionage tool mainly targeting Iran) and the revelations about Stuxnet, is that they can boomerang, unlike bullets or bombs. Richard Lardner reports for The Associated PressÃ'Â that "a cyberweapon that spreads across the Internet may circle back accidentally to infect computers it was never supposed to target. It's one of the unusual challenges facing the programmers who build such weapons, and presidents who must decide when to launch them."
Finally, whether it is cybercrime, cyberattacks or cyberwar, the U.S. seems woefully unprepared for it at some levels. The Washington Post's Robert O'Harrow wrote earlier this week of stunning vulnerabilities U.S. infrastructure. He profiled programmer John Matherly, now 28, who as a teen developed a search engine he called Shodan, and by 2009 discovered "an astonishing fact: Uncounted numbers of industrial control computers, the systems that automate such things as water plants and power grids, were linked in, and in some cases they were wide open to exploitation by even moderately talented hackers."
Sign up for MIS Asia eNewsletters.