Alexander Mack writes:

Expanding on Ian Wallace’s question of:

...how should governments deal with cyber acts that have a national security impact (espionage, sabotage and subversion, if you will) but which fall below the threshold of ‘war’, especially when the perpetrators are based overseas and often beyond the reach of law enforcement?

I feel that the question necessitates an understanding of why we consider a particular cyber act to be deemed a ‘threat’, since threats are always directed against something, hence Arnold Wolfers' remark of ‘security for whom and for which values?’

The four types of threat within cyberspace (cybercrime, cyberterror, cyberespionage and cyberwar) share very similar characteristics. Their difference is ultimately found in the intent of the action. Cybercrime is driven by the desire to profit financially from an illicit activity. Cyberterror is about causing fear (whether through the threat of violence or the projection of words and images) in the pursuit of a political goal. Cyberespionage is the collection of information for either military or financial advantage in the long term, while cyberwar is an action where a state intentionally seeks to inflict harm on the information systems of another state.

Establishing intent is the first step in determining an adequate course of action in response to a malicious cyber act.