When Google's security was breached in China last week, many were quick to point the finger at the People's Republic. But in cyber warfare, identifying the true adversary can be impossible. Intelligence expert Jeffrey Carr explains why

When Google found its operations in China breached by a "sophisticated and targeted" cyber attack originating from the country, it did not directly accuse Beijing. We do know they targeted Chinese human rights activists, and that as a result Google.cn would no longer censor search results, as required under Chinese law. In a blog, the search giant's chief legal officer David Drummond also referred to the 2009 GhostNet report, well-known for its description of another Chinese espionage attack against the supporters of Tibet's independence. Like Google, however, the authors of the GhostNet report stopped short of placing the blame on the People's Republic of China.

When sensitive or classified data faces cyber attack, why can't governments – or organisations – identify the culprits with any conclusivity?

A state cannot respond to concerted assaults by hackers with anything more potent than a diplomatic protest – which will be met with a firm denial by the accused government or body. There isn't even agreement on what constitutes "cyber warfare". As an expert in cyber warfare intelligence, I have researched the legal complexities and multiple strains of conflict, with the aim of trying to identify which acts qualify as cyber war.

What is undeniable is that politically-motivated attacks are becoming more frequent and sustained. Amazingly, none of the assaults on security shown (right), all of which have occurred in the last 18 months, qualify as an act of "cyber war". The only issue that has been defined by international agreement is a nation's right to self-defence when attacked, which, for the moment at least, applies only to the traditional manner of attack, ie, "armed" attack. From some adversaries' point of view, this makes the internet an ideal battleground.

The eight events described opposite have all been characterized by various media sources as acts of cyber war. But definitive "attribution" – the smoking gun – was rarely achieved. The problem is that the internet was not built to be a secure platform. Its architecture inherently supports anonymity. As a result, a purely technical analysis of cyber attacks has almost never been successful at producing definitive proof, the cyber equivalent of DNA evidence.

For 18 months I and my colleagues in the Grey Goose Project have investigated Russian cyber attacks on Georgia in 2008, and we believe governments must adopt a new method of determining attribution, taking into account the policy of a state, regional events and intelligence. In addition, we apply the tried and trusted criminal investigation test of means, motive, and opportunity. I hope the attack on Google and its inevitable departure from China's internet will trigger a broader awakening about the need to define what we call cyber warfare.

Click here for Cyber carnage: A new kind of war

Inside Cyber Warfare: Mapping the Cyber Underworld by Jeffrey Carr (O'Reilly Media) is out now.