In attacks such as those on Iran and South Korea, the hard part is determining who to launch a forceful response against.
"Authentication is an essential part of the right to self-defense," David Bodenheimer, who heads the homeland security practice at Crowell & Moring in Washington, D.C., said in an interview. "You can't attack another country for a cyberattack if you can't identify, with some specificity, the country behind the attack."
Even in what's considered a textbook case of cyber warfare launched by one nation state against others -- Russia's cyberattacks on the Republic of Georgia and Estonia -- bulletproof evidence of who was behind the assaults can be lacking.
"There was support for it being connected to Russians or Russian citizens, but at the end of the day, the investigations were unable to show that the attacks were instigated by the Russian government," Bodenheimer explained.
The Tallinn Manual couldn't have come at a better time, according to former U.S. Navy Rear Admiral James Barnett, who heads the cybersecurity practice at Venable, a law firm in Washington, D.C.
"Cyber warfare is very much part of the mainstream in warfare," he said. "Military objectives that can be achieved by ones and zeroes are going to be done ..., because they can be a more effective way of doing things than blowing things up."
Although the manual is meant to guide nations through the intricacies of international law and cyber warfare, it could contribute to conflict, said Richard Stiennon, chief research analyst with IT-Harvest in Birmingham, Mich.
"We don't need any more reasons for countries to go to war and engage in armed conflict with each other," he said. "This introduces more of those ways."
Sign up for CIO Asia eNewsletters.