In un recente seminario presso il Center for 21st Century Security and Intelligence della Brookings Institution di Washington il Capo di Stato Maggiore della Difesa, Dempsey, ha fornito alcuni dettagli sulle regole di ingaggio statunitensi in caso di attacchi ad infrastrutture critiche provenienti dal cyberspazio.
Il generale ha affermato:

The standing rules of engagement are currently in draft, they have not yet been approached, we’ve run several excursions and exercises. But, fundamentally, I’ll just give you a vignette, if you’d like, if part of our critical infrastructure were under attack from a botnet, let’s say, located external to the United States, our first line of defense would be, first of all, to know about it. And we would either know about it because we saw it coming, or because we had this information sharing agreement when we could be told that a particular part of the critical infrastructure was under attack.
Our first instinct would be to pull up the drawbridge and prevent the attack, that is to say either block or defend. If that was unsuccessful, then the play book might call for us to, in the act of active defense, if you will, proportionally, to go out and disabilities the botnet, the particular botnet that was attacking us, active defense. And then, if it became something more widespread and we needed to do something beyond that, it would require interagency consultation and authorities at a higher level in order to do it.