The US this week revealed its "International Strategy for Cyberspace" with the subtitle of "Prosperity, Security, and Openness in a Networked World" (via Ars Technica). The 30-page PDF document praises cyberspace and generally says nothing too exciting. It does, however, mention how the US government could respond to cyber-attacks, especially if someone were to pull off a serious cyberspace hack against the US, its allies, its partners, or in a way to threaten its interests.

In fact, the document says that military force is now an option. It's thus possible that the US will one day start a war in response to corporate or governmental computer systems being breached. If that sounds scary to you, that's because it is, especially if a hack isn't attributed to the correct party. Here's a relevant excerpt:

When warranted, the United States will respond to hostile acts in cyberspace as we would to any other threat to our country. All states possess an inherent right to self-defense, and we recognize that certain hostile acts conducted through cyberspace could compel actions under the commitments we have with our military treaty partners.

That being said, this is a last resort, and other policies will be attempted before such an attack is even considered. These alternative means include diplomatic, informational, and economic. The US makes three more related declarations: it will exhaust all options before military force whenever it can, it will carefully weigh the costs and risks of action against the costs of inaction, and it will act in a way that reflects its values and strengthens the country's legitimacy, seeking broad international support whenever possible.

It's also worth noting that the US is focusing on dissuading hackers from their motives. In other words, the cyberspace security strategy is more based on defense rather than offense. That's great to hear, because in this case we don't think the best defense is a good offense.