In the real world it\u2019s easy to tell when a war starts. One side makes a violent attack against another and, whether or not there are casualties, everyone knows what\u2019s what. But the virtual doesn\u2019t have any such thing. So the Defense Department is now struggling with the odd question of how to tell when a war starts.\n\tAs Gen. C. Robert Kehler, commander of the U.S. Strategic Command, said at a conference last week:\n\tThe battle space from our perspective has expanded beyond traditional geographic boundaries as our world becomes increasingly interconnected through space and cyberspace. Potential adversaries can wield hybrid combinations of strategies, tactics, and capabilities and will operate in the shadows to present us with ambiguous indications and situations.\n\t\u00a0\n\tThe recent attacks against water utilities in Illinois and Texas are perfect examples of this.\n\tIn Illinois, the Statewide Terrorism and Intelligence Center initially said hackers broke a pump which supplies water to thousands of home by accessing it remotely and then repeatedly and rapidly turning it on and off. The agency said the hackers obtained access using stolen login names and passwords taken from a company which writes control software for industrial systems. Tuesday, the FBI and Department of Homeland Security said they \u201cfound no evidence of a cyber intrusion\u201d into the Illinois utility\u2019s supervisory control and data acquisition (SCADA) systems. \u00a0\n\tHowever, the Naked Security blog \u2013 a very reliable source, has an interview with a hacker named \u201cPr0f\u201d who claims to have done the Illinois attack and a subsequent one at utility in South Houston, Texas. Pr0f says he took the action in order to highlight the weak-to-non-existent security around public utilities.[*]\u00a0(Operator error: Pr0f didn't claim responsibility for the Illinois attack.\u00a0Thanks to Jeffrey Carr, CEO of Taia Global for spotting my mistake!)\n\tIf we are to believe him \u2013 and I don\u2019t have any reason not to \u2013 he did the second hack when DHS denied the first incident was a hack. The blog Threatpost (another great source) quotes Pr0f as saying: \u201cI dislike, immensely, how the DHS tend to downplay how absolutely (expletive) the state of national infrastructure is. I've also seen various people doubt the possibility an attack like this could be done.\u201d\n\tPrior to Pr0f\u2019s coming forward there were reports of the Illinois attack having been routed through a Russian web address. Of course, it turned out that it wasn't a hack at all. However, even if it had been and it had been routed via a Russian address that wouldn't prove the Russians had anything to do with it. The inability to determine who is attacking you points to one more difficulty in establishing the casus belli for cyber war.\n\tEven if we assume that the level of cyber \u201cinterference\u201d from say China and Russia is no more than what is the government publicly admits (and if you believe that I have a beautiful bridge I\u2019d like to discuss selling to you) then we are already at the \u201cshots fired across the border\u201d stage of activities.\n\tThe truth is that cyber wars will likely be able to reach a pretty intense level before officially being classified as war. It might even be that shootings wars will be required for this to happen. Until then the battles will take place anyway. They will likely have a greater intensity \u2013 and certainly more secrecy \u2013 then any of the old KGB vs. CIA clandestine activities. The goal now may in fact be seeing how close to crippling a nation one side can get without being blamed for it.\n\t* Naked Security\u2019s Chester Wisniewski wrote a wonderful piece about that \u201csecurity\u201d:\n\t\n\t\tReading about this my spidey-sense was tingling... What? They have SCADA control systems hooked up to the public internet? And they are running phpMyAdmin!?!?\n\t\n\t\tI run a reasonably low profile, small website for myself and some friends and at one point had installed phpMyAdmin to assist them with daily SQL management chores.\n\t\n\t\tI removed it four years ago after a never ending stream of severe vulnerabilities made it too risky for my *play* site.