Thomas Wright of the Chicago Council on Global Affairs warns that Obama cannot have it both ways on cyberattacks: "It cannot on the one hand treat cyber-destruction by others as an act of war but then say that US cyber-destruction is a routine covert action":
While it has several advantages, treating American cyber-destruction as a covert operation will severely undermine the new cyber-strategy. Suspicion that the US uses cyberweapons whenever convenient will hamper its attempts to press other states to be transparent about their intentions. In particular, it takes the pressure off China, widely believed to be the leading state source of cyberattacks. It may also dissuade the US from developing the technology to trace the source of an attack.Does this belong in the category of handing a sword to a potential major rival in the interests of quashing an ultimately minor one? For ten years, the U.S. has obsessed itself with radical Islam -- an ultimately powerless rearguard action against modernity -- while sapping its future strength to engage (peacefully or not-so) with the emerging superpower. Was Stuxnet an escalation of that expense of spirit?
Wright offers one of those eminently reasonable policy recommendations that you feel in your bones will never happen:
There is an alternative. America must demonstrate that it regards all destructive cyberattacks, including its own, as acts of war. If the country was party to the use of Stuxnet, Mr Obama should address the nation and make the case for his decision, just as previous presidents have done after conventional attacks on adversaries outside of wartime....The U.S. "cannot, on the one hand".... but we will, we will. Because we can, for now. And we will sustain, at some point, a serious cyberattack. A fearsome weapon has been unleashed on the world. And it's no monopoly.
[The U.S.] also has to tackle the problem of attribution, and reach a non-aggression accord with other nations. It cannot on the one hand treat cyber-destruction by others as an act of war but then say that US cyber-destruction is a routine covert action. It must demonstrate that its use of cyber-weapons will be extremely rare and subject to the same rules and standards as the conventional use of force. Stuxnet must be the exception, not the norm.