Hmmm...
I thought Mubarak had found the answer. Just switch off the internet.
No Internet = No Cyber War.
But I guess that'd be cheating.
Rules of engagement for the deployment of cyber-weapons need to be developed, an international security conference is due to be told later today. The influential EastWest Institute is due to present proposals for the cyberspace equivalent of the Geneva convention at the Munich Security Conference, which has included a debate …
You'll have to excuse me for saying so, but this Geneva convention for Cyberspace is total BS. The vast majority of security incidents such as DDOS and 'Stuxnet worm' are enabled by hijacked Windows desktops computers. Critical systems such SCADA units or hospital systems should of course be locked down on embedded hardware running on a VPN. That they are still running such systems directly connected to the Internet beggars belief.
I would like to posit that very few are intellectually equipped to be anywhere near qualified or effective in being able to thwart a smart cyber attack/assault/incursion/experience/call it what you will, and as for rules of engagement, well ....... good manners and the thought that there might be children reading El Reg prevents me from expressing an adult opinion on that admission of defeat even before any real virtual battles have begun. Indeed, such is the nature of the virtual theatre of operations, that all meaningful engagements are won before they are even suspected and then acknowledged as being of great concern and an attack vector being exploited. There will though be other lesser skirmishes by others into rogue mercenary campaigns of a selfish indulgent nature which can be easily blocked and countered, with prosecution and/or persecution of the perpetrators being a most popular attraction and distraction for news and views/media.
"How strongly should a state respond to an attack when you do not know who did it, where they did it from or what the intention was? etc."
It'd be like fighting real war with just cluster bombs to play with. By all means soup up your defensive capabilities (or at least detection capabilities), but don't delude yourself that you can actually have a proper fight with rules and no colateral damage.
And not just the M.B.A. blah-blah combined with some Excel beancounting is going to fix the problem.
Engineers are nowadays looked down upon, while the law types are highly respected. A lawyer will not defend your blueprints from being stolen, a capable security engineer does stand a chance. If you Mista MBA, would care to listen.