But even more alarming is an attack that happened two months ago when a very sophisticated virus called Shamoon infected computers in the Saudi Arabian State Oil Company Aramco. Shamoon included a routine called a ‘wiper’, coded to self-execute. This routine replaced crucial systems files with an image of a burning U.S. flag. But it also put additional garbage data that overwrote all the real data on the machine. More than 30,000 computers that it infected were rendered useless and had to be replaced. It virtually destroyed 30,000 computers.
For example, the reason the Iranians named their module "wiper" is to reflect the name against their attackers, who had previously destroyed some Iranian oil refinery computers (http://news.techworld.com/security/3379060/mystery-wiper-malware-linked-to-duqu-says-security-firm/) .
Over the last two years, DoD has made significant investments in forensics to address this problem of attribution and we're seeing the returns on that investment. Potential aggressors should be aware that the United States has the capacity to locate them and to hold them accountable for their actions that may try to harm America.
Likewise, offensive operations are how you do attribution, although defensive tools (such as forensics) typically have a small role as well (IMHO).
A big question here is the meaning of "Hold them accountable." Does this mean targeted assassination, the way it does with Iranian nuclear scientists? Is that how far we've come?