Today at RSA, during a keynote session, Sec. Michael Chertoff, Bruce Schneier, and ADM Mike McConnell discussed “cyber war.” The consensus appeared to be that the term cyber war is over used.

I would take it a step further and say many make too big a deal over the term and constantly claim a cyber 911 or cyber Pearl Harbor is coming.

Also today at RSA during a round table with Dorothy Denning and others the audience was asked how many believed we have already had a cyber war. Despite the media’s claims, apparently to sensationalize the news, very few if anyone in the audience was willing to agree a cyber war has already occurred.

So, why all the discussion and uncertainty about cyber war? One word: attribution!

How do you know who is actually attacking you? Should a nation go to war against a 14 year old sitting at home using his parents computer and Internet connection?

Let’s face it, for now cyber war is what will happen between nations when prepping the battlefield prior to a kinetic offensive. Right now, in my opinion, the biggest threat is cyber espionage.

I want to throw around some theories.

Cyberwar, a term used widely in the news lately appears to be applied to attacks on nation-states, and very appropriately so.

Not spoken of very often are the attacks on and silent war by cyber criminals against corporations around the world.

Case in point is Friday’s Wall Street Journal front page article entitled “Accounts Raided In Global Bank Hack.” The main reason this war is not widely spoken about is that most attacks on private business go unreported. News of a security breach is potentially devastating to most private businesses. When the police are called in or get involved, it gets reported.

Despite the fact that statistically breaches on large corporations, like TJ Max, do not necessarily harm the corporation, who wants to take the chance of a damaged reputation they can’t recover from? But this is merely stating the obvious. As the potential for cyberwar increases nation-states continue to develop tools or weapons and strategies. So, what can corporations do besides detect, clean up, and re-secure their networks? Determine attribution? Huge problem. Comments, thoughts? Watch for some more thoughts on this topic and others.