Andrew Storms, director of security operations for nCircle, suggests a fitting and helpful analogy. "Remove the prefix from 'cyber crime' and apply the same judgment used in other contexts. Does stealing some cereal from the corner market constitute a crime or an act of war against the market owner? This analogy holds true even at larger scales; does a data breach at a Fortune 500 company call for the FBI or the Marines?
Storms also draws a parallel between the naval blockade during the Cuban Missile Crisis, and a denial-of-service (DoS) attack against a nation's infrastructure. The point being that its possible to have state-sponsored hostilities or acts of aggression that don't cross the line to become an "act of war".
Stiennon points out, though, that even tracing an attack to its source may not clarify the matter. "The difficulty is that the attacker could be a lone wolf like the Comodo Hacker, a street gang like the Nashi, or an organized terrorist cell--none of which fall into a Clausewitzian definition of war."
Does It Really Matter?
At a panel discussion on cyber war at a recent media event hosted by Kaspersky, Alex Seger, head of the Economic Crime Division of the European Council, expressed his opinion that the semantics of defining cybercrime vs. cyberwar are largely irrelevant. Seger says that rather than focus on definitions we should focus on the attacks: methodologies, targets, and consequences--regardless of attribution.
This is true depending on your perspective. At the level where PCs are compromised, and sensitive data is exposed, it is somewhat irrelevant why it happened. What matters is that it did happen, and the focus should be on mitigating damage from the incident and implementing defenses to prevent it from happening again.
Unless you happen to be (or work for) a defense contractor handling top secret information, or a part of the critical infrastructure managing things like water treatment facilities, natural gas pipelines, or air traffic control, the odds are probably slim that a given cyber attack will qualify as cyberwar.