IF PHILOSOPHER Thomas Hobbes lived today, he would say man's cyber-life is nasty, brutish, and if you are not careful, short. The world of cyber-crime, cyber-terrorism, and cyber-warfare is truly a wild, unruly, and ungoverned place.
In 2008, the US government reported almost 5,500 attacks and penetrations into its systems; the numbers in 2009 will be higher. Estonia and Georgia suffered cyber-blitzkriegs. The private sector lost an estimated $1 trillion globally to attacks in 2008, according to computer security company McAfee.
In short, we are in bloody, digital trench warfare. Industry and governments struggle to build technical defenses against anarchists, criminals, competitors, spies, and terrorists. Moreover, attackers routinely go through many countries before hitting their target, so distinctions such as "domestic" or "international" are meaningless. Many say a cyber world war has begun.
The Obama administration's recently-released Cyberspace Policy Review offers an exhaustive list of policy initiatives to defend America's cyberspace. But defense alone is a losing strategy. Prevention is the long-term solution. Deterrence is a key to prevention; but deterrence only works with a credible threat of counterattack.
The United States should declare a right to cyber self-defense - that it will promptly counter-attack as accurately and as proportionally as technology allows. Moreover, the policy should extend to US corporations, shielding them from liability for striking back at those who hound them daily.
Of course, the result would be ugly and perhaps catastrophic in ways that make officials cringe and anarchists and lawyers giddy with anticipation. Cyber-vigilantes? Network administrators carrying letters of marquee? Innocent computers mowed down in the cyber-cross fire? A free-for-all? How could this possibly be good, let alone necessary?
It is necessary because we do not know enough to build an effective and durable international legal framework . . . yet.
Today's cyber world is akin to medieval Europe. International law grew out of fear of endless retribution and the need for order. Later in the Cold War, treaties and hot lines emerged from the Berlin and Cuban missile crises. Again, frightful experience led to deterrence and restraint. Current efforts to build sweeping cyber-policy will fail because the sequence is wrong. Leaping to a legal framework is futile without first understanding the realpolitik cyber-rules, definitions, and various red lines. It is simply too early to build a global consensus for the problem.
We do not know because we don't have sufficient precedents. We don't strike back. We don't impose a direct and immediate cost on those we believe are attacking us. Instead, we gnash teeth over possible unintended consequences, collateral damage, escalations, and violations of treaties with dubious and unclear applicability to the cyber-world.
Applying "real world" law by analogy is inherently inadequate.
Is cyber-espionage acceptable or an act of war? Is crashing an electrical grid a "use of force?" Is disabling a firewall trespassing espionage, or an attack? The technical differences are almost indistinguishable.
Moreover, proving attribution to a legal standard takes months, if ever. Are governments responsible for what individuals do from - or through - their territory? Technologists offer little hope of resolving these problems any time soon. States will not join a legal framework with so much ambiguity.
A right to cyber self-defense may be the first step in ordering this brave new world. It forces action and creates incentives to define the real scope of the problem. Nations and network providers would better harden their networks from illicit use. Innocents caught in the crossfire would be driven to gain control of their systems with better software and security. States would discover the real risks associated with sponsoring, or simply tolerating, nefarious activities.
Experts contend that the United States would have the most to lose in unconstrained cyber war. That may be true, but ongoing efforts are haphazard and underfunded at best. Nothing clarifies priorities and focuses attention like a direct and imminent threat.
How many cyber Cuban missile crises would the world have to endure to motivate a real solution? One would think not many. The ensuing collateral damage and responses would build a body of practical experience and precedents. We would learn how brinksmanship and power works in the cyber-world. And finally, we would build the international consensus necessary to govern this strange new world.
David Tohn, a national security fellow at the Harvard Kennedy School of Government, is an army officer and coauthor of "On Point, the United States Army in Operation Iraqi Freedom." 
