Part of the problem with retaliating against other nations for a cyberattack is that it's still difficult to pinpoint where an attack came from, Giesler said. In some cases, compromised companies may attribute an attack to another nation when it's really a case of industrial espionage, he said. In other cases, attacks may come from so-called "patriotic" hackers who are acting on their own initiative, he said.
Even in attacks on DOD networks, "attribution still remains foggy," Giesler said.
Asked about attacks on DOD networks by another country, the panelists said the U.S. should respond, but in most cases, in a limited way. Only if major damage was done should the U.S. consider responding with force, said Judith Miller, former general counsel at the DOD.
"You're not going to start a war over something like this," added Robert Deitz, former senior councilor to the director of the U.S. Central Intelligence Agency.
The response would change in the case of an attack causing major damage or killing U.S. residents, the panelists said. An attack that takes down a large portion of the U.S. electric grid or the banking system would likely require significant retaliation, Franklin Miller said.
Recent news reports have suggested that China and Russia have probed the U.S. electric grid for weaknesses. Panelists suggested that attacking the grid was a step up from probing it.
"This is the kind of message that needs to be put out by the United States government publicly, that inference with the grid constitutes an extremely serious act ... which would be subject to very serious retaliation," Franklin Miller said. "If you lose the ability to generate or distribute power to an entire region of this country, we are going to be in very serious trouble as a country."
Sign up for CIO Asia eNewsletters.