A cyber attack is a cyber operation, whether offensive or defensive, that is reasonably expected to cause injury or death to persons or damage or destruction to objects.

Michael Schmitt et al; Tallinn Manual 1.0, pp 92

The Hyperbole Problem

The language in the press and policy conversations around cyber security incidents has gotten hyperbolic. Everything is "an attack", things go up from there to "cyber pearl harbor" or "cyber 9/11".

While it may seem like nitpicking, the major powers of the world are investing heavily into cyber warefare capabilities and have developed doctrine and policy on when and how those capabilities will be used. Militaries all over the world are planning for cyberattacks. When incidents that do not meet the level of an attack, are called an attack, there is political pressure to respond and retaliate.

September 11th, provides a good example of why we need to use less extreme language. We do not call every airline hijacking an act of war, only when an airplane is hijacked and then used as a weapon does it cross the threshold of an attack.

Likewise, we have terms for high-seas piracy, "holding hostage", "demanding ransom", "held captive" that allows for a spectrum of activity between nuisance, severe, and an attack.

If we call everything from a password being stolen or website defacement an attack, how do we discuss malicious behavior that raises to the level of needing a military response?


Instead of cybersecurity events "attacks", instead consider using:

  • security incident
  • compromise
  • malicious activity
  • servers held ransom
  • ransomware incident
  • data leak
  • espionage operation
  • intelligence collection operation