That's a new report from the Computer Science and Telecommunications Board of the National Academies (which includes the National Academy of Science and the National Academy of Engineering). I read the report in its earlier stages, and found it very interesting. (I was a coordinator on the project, which basically means that I was an outsider who was asked to review the Board's responses to the independent reviewers, and make sure that the responses were indeed responsive.) If you're interested in cyberattack law and policy, both as to cyberattacks by the U.S. government and by private entities defending themselves against cyberattacks, you should check it out. Here's a brief sense of the topic, from the Executive Summary:
Cyberattack refers to deliberate actions to alter, disrupt, deceive, degrade, or destroy computer systems or networks or the information and/or programs resident in or transiting these systems or networks. The U.S. armed forces are actively preparing to engage in cyberattacks, perhaps in concert with other information warfare means and/or with kinetic attacks, and may have done so in the past. Domestic law enforcement agencies also engage in cyberattack when they jam cell phone networks in order to prevent the detonation of improvised explosive devices.
Such matters pose some very important issues that relate to technology, policy, law, and ethics. This report provides an intellectual framework for thinking about cyberattack and understanding these issues.