wiredmikey writes "Deciding when malware becomes a weapon of war that warrants a response in the physical world – for example, a missile – has become a necessary part of the discussion of military doctrine. The Pentagon recently outlined (PDF) its working definition of what constitutes cyber-war and when subsequent military strikes against physical targets may be justified as result. The main issue is attribution of cyber attacks. The Department of Defense is working to develop new ways to trace the physical source of an attack and the capability to identify an attacker using behavior-based algorithms. 'If a country is going to fire a missile at someone, it better be sure it has the right target,' said one expert. A widely held misconception in the U.S. government is our offensive capabilities provide defensive advantage by identifying attacker toolkits and methods in foreign networks prior to them hitting our networks. So when do malware and cyber attacks become a weapon or act of war that warrant a real-world military response?"