The document, The 'Korean' Cyber Attacks and Their Implications for Cyber Conflict, was written by James A. Lewis of the Center for Strategic and International Studies. Lewis also headed up the committee that produced a set of cybersecurity recommendations for the 44th presidency at the end of last year, before Melissa Hathaway's officially sanctioned cybersecurity audit.
Lewis described cyberwarfare as a new and complicated strategic problem fraught with uncertainty, and argued that factors such as the scope of collateral damage, attack identity, and deterrence must still be locked down.
The US is currently at the same stage of thinking about cyberwarfare as it was during the early days of the nuclear arms race, Lewis added, with the caveat that cyberwarfare carries far less destructive potential.
"The alternative to the conclusion that terrorist groups currently lack the capability to launch a site attack is that they have these capabilities but have chosen not to use them", the report said. "This alternative is nonsensical."
As an example, he lists the cyberattack mounted from South Korea against the US in July, when government websites were arguing that it was "more like a noisy demonstration" than a serious attack.
The document follows another report issued by the RAND Corporation earlier this month, which advised the US not to make strategic cyberwarfare a priority. "Offensive cyberwarfare is more useful in bothering, but not disarming, an adversary", said a statement from RAND, which played a leading role in Cold War defense strategy.
Military cyberattacks are more effective as part of a broader physical campaign, rather than as a core element, the report suggested, essentially casting cyber warfare as a means rather than an end.