Yes

A cyber attack is a cyber operation, whether offensive or defensive, that is reasonably expected to cause injury or death to persons or damage or destruction to objects.

Michael Schmitt et al; Tallinn Manual 1.0, pp 92
  • Cyber Operation?
  • Expected to cause death or injury to people or objects?
The German Steel Mill Incident matches this definition. Here's and why this matters.

What happened?

A report issued by Germany’s Federal Office for Information Security reveals a German steel mill became the second recorded victim of a cyberattack causing physical destruction. The attack disrupted control systems so severely that a blast furnace could not be properly shut down. The report did not name the steel mill or detail the severity of the damage.