Over the weekend, US military contractor Lockheed Martin admitted that it was the target of a hacking incident over the weekend of May 21.  From the Wall Street Journal:

Hacking incidents at defense contractor Lockheed Martin Corp. and broadcaster PBS that surfaced over the past few days show how widespread corporate breaches have become and underline how any organization can become a victim.

The incident followed a recent breach at Lockheed, which said Saturday evening that it had detected a "significant and tenacious attack" against its computer networks on May 21. The company said it stopped the attack before data could be stolen.

The incident followed a recent breach at Lockheed, which said Saturday evening that it had detected a "significant and tenacious attack" against its computer networks on May 21. The company said it stopped the attack before data could be stolen.

The reference to RSA comes after RSA suffered a cyber attack claiming that hackers managed to compromise their SecureID product, possibly the algorithm and/or the seed.

This raises an interesting question for the military.  Does an attack against one of its defense contractor constitute an act of war?  It doesn’t… yet.  However, the Pentagon recently concluded a cyber attack that comes from another country does constitute an act of war if the amount of damage is significant.  Again from the Wall Street Journal:

The Pentagon has concluded that computer sabotage coming from another country can constitute an act of war, a finding that for the first time opens the door for the U.S. to respond using traditional military force.

The Pentagon's first formal cyber strategy, unclassified portions of which are expected to become public next month, represents an early attempt to grapple with a changing world in which a hacker could pose as significant a threat to U.S. nuclear reactors, subways or pipelines as a hostile country's military.

In part, the Pentagon intends its plan as a warning to potential adversaries of the consequences of attacking the U.S. in this way. "If you shut down our power grid, maybe we will put a missile down one of your smokestacks," said a military official.

One idea gaining momentum at the Pentagon is the notion of "equivalence." If a cyber attack produces the death, damage, destruction or high-level disruption that a traditional military attack would cause, then it would be a candidate for a "use of force" consideration, which could merit retaliation.

About a year ago I wrote that the US military has the right to return fire when it comes to cyber attacks.   They might not know the identity of the attacker but that wouldn’t stop them from returning fire.

In this assertion, the military is saying that an attack on the country’s infrastructure is the same whether it is done by cyber espionage or physical weapons.

Yet in neither of these two articles does it say that the military considers hackers attempting to steal secrets an act of war.  This goes back many decades during the Cold War.  Foreign policy for most countries was to avoid overt warfare and instead resort to covert warfare.  So while the military might not consider hacktivism an act of war, it is common for other security agencies to use resources at their disposal to fight back similar to the way the CIA or NSA, for decades, attempted to penetrate governments of its enemies without actually declaring war on another country.

Does this mean the military fights back and is equally involved in trying to steal secrets from other countries?  I don’t know, but I wouldn’t be surprised if there was a dedicated team of individuals within any government who was trying to do it, and the US government was throwing a smokescreen by downplaying their own capabilities.